So, what's the consensus on this? Does this really prevent piracy, or is it just wasted effort? If it only slows down the pirates by a few minutes, what's the point?
Is it really true that all pirated apps have to have a "signer identity"?
More generally, do the pirates HAVE to modify the info.plist in some way to pirate the app?
this piracy method is better than nothing, but very weak. this method has been used way too many times for it to be effective, and a half-skilled pirate could get around this in minutes. pirates need not touch the info.plist to crack an app. of course the info.plist tweak is much easier, but still.
a better, but still weak method is to compare md5 checksums of the info.plist.
So, what's the consensus on this? Does this really prevent piracy, or is it just wasted effort? If it only slows down the pirates by a few minutes, what's the point?
Is it really true that all pirated apps have to have a "signer identity"?
More generally, do the pirates HAVE to modify the info.plist in some way to pirate the app?
Any method of anti-piracy can be cracked, no matter how hard you try. But for smaller iPhone developers/companies, I believe piracy protection to be crucial. The majority of crackers are newbs when it comes to cracking, almost every cracker uses Crackulous or another cracking program that can be downloaded from Cydia. So by eliminating automated cracking attempts, you can easily cut down on the majority of cracking attempts, and by using some of the methods used in this tutorial, you can prevent even more of the would be crackers. But don't get me wrong, if a dedicated "Hacker" wants to crack your application you stand little chance of beating them at their own game. By being a smaller iPhone developer/company, and by using some basic anti-piracy code in your apps, chances are good that you won't have your application cracked which can save you some money. Good luck!
So what is the method used in Crackulous? Anybody knows?
You can check out the source code online, or you can read this excerpt from Hackulo.com written by KYEK:
Quote:
So here's the scoop on how the App Store works
Apple has every application available in the app store on their servers. You already know that -- it's pretty obvious. You can download it, therefore it's coming from them. But what most people DON'T know is that every app on Apple's servers is already cracked. It's not encrypted. It's not signed. It will work on anyone's phone.
When you download an app from the store, though, Apple doesn't give you one of those programs right away. First, they take the program, and they pick out a chunk of it that the program needs to launch. And then they encrypt it -- turning that section into a code that can only be broken with YOUR iTunes account. Apple keeps the key that breaks it on file -- you don't even get to see it, but it is unique to you. Like a password you're never allowed to know.
Then Apple flips a switch on the program to let the iPhone know that it's been encrypted, Apple "signs" it (like a real signature on it that only Apple can make) so the iPhone knows it's a for-real Apple program, and then they send it to you. All of that happens instantly. You end up with a program that only you can run, since only you have access to your key.
Ok, that makes sense. So how do we crack it?
Before we get into that, you should know that the iPhone (I keep saying phone, but iPod Touch is the same thing) can run any code whether it's encrypted with your key or not -- it just has to be signed. So if you could get the unencrypted copy Apple has on their server, you could run it with no problem. You just have to sign the sucker.
So here's what we do. The iPhone can't actually run encrypted code. No computer can. The computer has to DEcrypt it (using your iTunes account key) as soon as you run it, store that decrypted section in memory, and then run that.
It's a weird concept, I know, but think about it for a second and it makes sense. The phone can't read Apple's code directly, so it decodes it, writes down the decoded version, and runs that. Easy-peasey. And the iPhone holds on to that decoded section the whole time the app is running, because it might need it again. It just stores it in the phone's memory.
What we do to crack it is freeze the phone when the program we want to crack is running, and we dump out all the memory from it. Actually, it's even better than that. We do a few simple calculations and figure out EXACTLY where in memory the decoded stuff is, and we dump JUST that out. We just save it to a file. The iPhone did all the decrypting work FOR us -- we just take what it came up with, and we write it down.
Finally, to crack the app itself, we take advantage of something really cool: The code that Apple sent us is the EXACT same size encrypted as it is decrypted! So all we need to do is take the decrypted stuff we just got from the iPhone's memory, open up the application file Apple sent us, and replace the encrypted stuff with it. The idea is dead easy, right? That's because it is This concept of taking decrypted code from memory and replacing encrypted stuff with it would be on the first page of Hacking for Dummies, if that book existed. EVERY hacker knows it. Most run-of-the-mill developers are fully aware that this is possible. It is not some profound secret that we came up with. To finish the cracking process, all we need to do is turn off that little switch that tells the phone it's encrypted -- because it's not any more. Ta-da!
Cool, but what about the signing?
We can't fake Apple's signature. I could get into how signatures work and why they're so secure, but that doesn't even matter at this point because we just can't do it. But what we CAN do is alter the part of the iPhone's operating system that makes it CHECK for Apple's signature, and make it so that it works with ANY signature -- not just Apple's. If your phone is Jailbroken, you've already done this. This is a small part of what Jailbreaking actually is -- letting your phone run code signed by anyone.
So all we need to do in order to run a cracked program on an iPhone is just sign it ourselves -- and that is the final step of cracking a program. Sign it, and now that no one's phone needs to decrypt the program, anyone with a jailbroken phone can run it!
Forgive me if this is a silly question, but I just released my first app and it was cracked. So if i implement this anti pirate code in my next app update will it affect previously downloaded pirated versions of my app?
You can check out the source code online, or you can read this excerpt from Hackulo.com written by KYEK:
Thanks for the post..
So why Apple let a way exist to jailbreak the iphone? I mean, jailbreak maybe ok for certain ppl who use it just to do something extra, but why make it one of the step to getting pirated app? Can't Apple separate these two?
Why not make the decrypting of the code resides in hardware (ie the chips in iPhone)? Make it such that if you want to get pirated apps, u need to change the chips. This surely would reduce the amount of piracy available - bcos one wont be so jumpy in letting anyone opening up their iphone and changing some chips.
And so the answer is only one: Apple, PERHAPS, WANTS apps to be pirated, thus in a way promote their hardware - coz that is what Apple is selling. That is also why their Leopard OS is dirt cheap compared to Microsoft Winblows.
And so the answer is only one: Apple, PERHAPS, WANTS apps to be pirated, thus in a way promote their hardware - coz that is what Apple is selling.
If you really think this is the case, go develop for another platform.
Conspiracy theories are rarely even remotely accurate.
Apple does not see the piracy issue as one they need to address before other problems or issues in their business model, but that's the nature of all businesses.
Everyone who is really in business prioritizes their expenses and efforts to support their business.
If Apple felt an impact of the pirating of iPhone Apps, you can believe they would address it.
Since Apple is not feeling an impact - developers are still flocking to the platform in record numbers - they see no need to address the problem.
The only way to get their attention is for developers to speak with a common voice and demand a solution to the problem or WE WILL GO SOMEWHERE ELSE.
The reality is with 50,000,000 iPhones in circulation, the platform is simply too interesting to abandon, so we stay in spite of the activities of the pirates.
Apple has not created a platform with the intent that pirates can steal our Apps. That's simply silly.
Well, i was just speculating. Blindly at that too. LOL!
Yeah, it is true, the number of developers are increasing everyday. And many who are frustrated only says "I'm quitting developing for iPhone!!!", but next day comes back with different account. LOL!
But to be honest, Apple will NEVER feel any impact. Because there are already a good amount of high quality and very very interesting apps in the store that showcases the iPhone's capability. And because of that, since Apple is targeting profits mostly from the hardware, no amount of piracy will give impact to Apple at this point.
Even so, I just cannot believe that Apple did not anticipate the pirates even before iPhone was launched. Take the PlayStation for example. It has a piracy prevention chip. So if one wanted to play a pirated game, one need to change the chip to a hacked one.
So, this suppresses the number of people who will get the pirated games.
Or maybe Apple HAS INDEED FORESEEN the future, that the piracy will NEVER give big impact to their profits, hence, do not bother to take a higher level of piracy deterrant methods?? *clap2x Apple*
Forgive me if this is a silly question, but I just released my first app and it was cracked. So if i implement this anti pirate code in my next app update will it affect previously downloaded pirated versions of my app?
No. The best you could hope for is that a pirate might update his copy of the app, then perhaps discover that it doesn't work because of the piracy protection, so then he'll just roll back to the old version until someone cracks your latest version and posts it to all the pirate sites.
No. The best you could hope for is that a pirate might update his copy of the app, then perhaps discover that it doesn't work because of the piracy protection, so then he'll just roll back to the old version until someone cracks your latest version and posts it to all the pirate sites.
Ah ok, Thanks gonk. Actually I was suprised that my app was even pirated since it has such little sales and you would have to search for it to find, I think he must have grabbed a promo code that I posted here.
Is the signer identity stuff the only way they could use to crack an app?
I mean do you know if there are several other ways to make an application run cracked even without adding the SignerIdentity key into the plist?
I was looking for a workaround because someone just cracked my app (probably via crackulous) and I would like to know if I have to focus just on the SignerIdentity or to take care even of something else.
I'm considering going with kaliap.com - though I would like to hear from more developers who have experience with them.
It does smell a little funny to me however - since their history is all about jailbreaking phones and writing utility programs to help people with their jailbroken phones...
Is the signer identity stuff the only way they could use to crack an app?
I mean do you know if there are several other ways to make an application run cracked even without adding the SignerIdentity key into the plist?
I was looking for a workaround because someone just cracked my app (probably via crackulous) and I would like to know if I have to focus just on the SignerIdentity or to take care even of something else.
Absolutely not, there is one new method that doesn't require adding SignerIdentity to the plist but they are not widely implemented as of yet. But there are also many other ways of implementing piracy protection. I'm thinking about writing another tutorial on 2-3 new methods that I have been researching. What do you guys think? Should I write another tutorial? Who's up for iPhone Piracy Protection Code Part 2?
I'm of the opinion that the only way we'll beat this problem is with broad dissemination of the problem and more people talking about how to defeat it...
Though the crackers read these threads as well, the ultimate goal of support within the device for an unbreakable protection method may be assisted by elevating the problem in the mind of all developers.
Absolutely not, there is one new method that doesn't require adding SignerIdentity to the plist but they are not widely implemented as of yet. But there are also many other ways of implementing piracy protection. I'm thinking about writing another tutorial on 2-3 new methods that I have been researching. What do you guys think? Should I write another tutorial? Who's up for iPhone Piracy Protection Code Part 2?
of course it'll be useful, my only fear is that sometimes sharing knowledge may cause that it could fall in the wrong hands...and that means that crackers may overcome the walls with new techniques.
I'm thinking about writing another tutorial on 2-3 new methods that I have been researching. What do you guys think? Should I write another tutorial? Who's up for iPhone Piracy Protection Code Part 2?
I'm certainly interested.
__________________
Visit Mr Jack Games for my blog and more about my games
Absolutely not, there is one new method that doesn't require adding SignerIdentity to the plist but they are not widely implemented as of yet. But there are also many other ways of implementing piracy protection. I'm thinking about writing another tutorial on 2-3 new methods that I have been researching. What do you guys think? Should I write another tutorial? Who's up for iPhone Piracy Protection Code Part 2?
I'd love to know what the crackers are doing to crack the apps. It's probably a good idea not to go into too much detail on how to fight the crack, however, because then everyone will use the exact same method, making it too easy for the crackers.
Great tutorial, and I would definitely be interested in a part 2. I was wondering though, is it possible to combine methods (more importantly, will that work better, or will bypassing one bypass them all). For instance:
I'd love to know what the crackers are doing to crack the apps. It's probably a good idea not to go into too much detail on how to fight the crack, however, because then everyone will use the exact same method, making it too easy for the crackers.
At the most basic level they run the app through crackulous to remove apple DRM. If this doesn't work it's because the developer put in some piracy detection. From there the real hacking begins (usually with the script kiddy giving up and posting the app somewhere for real hackers to have a go at it).
A full tutorial on what the hackers will do to circumvent our anti-piracy efforts is available here. This can involve looking for certain strings and changing them (what would happen if your app looks for "SignerIdentitz" instead of "SignerIdentity"?), or looking for the Compare opcode from the if statement in your detection code and changing it.
Great tutorial, and I would definitely be interested in a part 2. I was wondering though, is it possible to combine methods (more importantly, will that work better, or will bypassing one bypass them all). For instance:
Will that work better (or at all ) than the above methods alone? Thanks.
I like the innovation, the code sample you provided is a lot more secure than some of the single methods I posted. With the way you set up the code it appears that the user is guilty until proven innocent, first you check to see if they have messed with the SignerIdentity string, then check to see if the plist is edited, and finally, if none are wrong, you declare them innocent. Excellent strategy, this is definitely a good way to go.
That's easy to pull off. Also, apple would never know that you implemented that, nor could they do anything, as according to them piracy is not a big deal.
That's easy to pull off. Also, apple would never know that you implemented that, nor could they do anything, as according to them piracy is not a big deal.
Haha yea I guess this is true. The ad networks are probably fine with this too, gotta reach everyone right? - including people with jailbroken devices that download pirated apps
Has anyone done such a thing as.. make the game ad-supported with a pirated copy? Can this be done without breaking any rules?
Absolutely, if you read These forums, you'll see that thousands of developers implement anti-piracy code in their applications. All of the code samples posted in this tutorial are 100% compliant with SDK rules and regulations.
) than the above methods alone? Thanks.
Linear Mode
