Author Archives: J. ΞPSTΞÏN

[iPhone] Developer strikes back against Cracking

Leave a reply

The developer of Full Screen Web Browser strikes back against cracked copies. Instead of just punishing the users for downloading cracked copies, he included a rather intelligent strategy: Full Screen Web Browser runs for 10 times but then ceases to work.

Full Screen Web Browser obviously has a protection included that checks for validity on their own servers and then submits the unique iPhone ID. Thus making reinstalling of this cracked copy impossible.

Although we feel this is a very good strategy and we really liked to have other devs followed this example, we also know that there will be some crackers who will circumvent this part of the protection easily aswell. The next cracked versions will likely not call any servers or show nags. For moral reasons that hopefully some crackers will have, this may also not happen.

Anyway for really making people addictive we would recommend to let the application run  for 50 times. In the meantime people will get used to it and will buy it. 10 times is too seldom for people to adapt.

This picture is courtesy of benchatelain.com. Find more information there…

fsw.png

[iPhone] iBluetooth available

Leave a reply

Eventually a Bluetooth application has become available for the iPhone. As this is not approved by Apple it can be downloaded only via Cydia on jailbroken iPhones.

iBluetooth costs 4US$ and can be downloaded from the iSpazio repository. The purpose of the shareware fee is buying a complete Bluetooth stack to make it available to all customers. Currently iBluetooth comes with a seven days trial period.

The pictures are courtesy of iSpazio. See more pictures here…

img_00083.png
12909.png

[News] UltraEdit for MacOS and Linux in Alpha Testing

Leave a reply

Many Windows users say this is the best editor in the world. Mac Switchers always said they were desperately searching for something like it, but we did not find it. As we are long time UltraEdit users this is good news, as we will not need to run UltraEdit in Codeweaver’s Crossover anymore. Anyway there is no information about the release date for Linux or MacOS. Only the Windows version 15 will be released April 15th, 2009.

As you can see from the screenshot, it looks like UltraEdit for windows, but it is the Windows version. We expect this to be a commercial Crossover/Wine porting. Rewriting of the whole code would simply be too expensive.

The picture is courtesy of IDM Computer Solutions. Find more pictures on their site…

uexsplash.jpg

[News] iTunes Gift Card Algorithm Cracked

Leave a reply

On auction sites worldwide chinese faked iTunes gift card serials are getting sold for a lot less money than their iTunes value. Currently 200US$ gift cards cost about 3-5US$ in China. In Europe prices vary between 40-60€ per 200US$ gift card.

This issue reveals that Apple seems to have at least one problem: either they don’t have a database of valid gift card keys at all, but is only using checksum algorithms to test for validity of these cards – or their database of valid gift cards has backdoors that have been found by some chinese guys. Although – as always – Apple did not comment on this yet, they are most likely working on this problem.

We strongly recommend to not buy iTunes gift cards currently via auction sites. It is fraud and by knowingly buying those faked codes you are accountable. Moreover technically will Apple block these codes.

Always remember: if it’s too cheap to be true, it is fake.

[News] Pirate Bay Court Hearing Ends

Leave a reply

With the final speech of the defense the court hearing ended today. The Pirate Bay guys have the public opinion on their side. As expected the defence negated responsibility for copyright infringement and continued to argue that Pirate Bay is basically a search engine, that provides torrent index files. The court is expected to take several weeks to rule in this highly complicated case.

According to the german newspaper TAZ, seven in eight newspaper articles in Sweden reporting in a positive or neutral style. A PR counsel for the music industry is quoted to be saying “We lost the fight for public opinion”.

In the meantime the media industry is trying to make the European Parliament push governments to persecute web services providing indexes of copyrighted material.

Because of the unknown illegal status here in Germany we cannot link directly to the trial page, that has been set up by the PirateBay team. You may use google.com to find it. It is linked from their main site.

[iPhone] Kali DRM Protection Layer on sale

2 Replies

Protect the Devs

The well known RipDev has announced to offer a sophisticated protection addition to limit software piracy. It is called Kali. As copying of iPhone apps has become sort of simple by using “Crackulous” some developers are confronted with decreasing sales.

RipDev says their own products like iPref, Kate and Installer are already protected using Kali. And they still seem to have not been cracked (properly).

What does Kali do?

Too make a long story short: it does nothing new. It simply uses runtime encryption and server sided authentication for decryption. Whenever parts of the program have been decrypted properly they can be executed otherwise the CPU tries to execute the still encrypted code and thus a program just crashs. Disabled error handling and code design beyond the standards is a must.

History Lessons

Runtime encryption has a long history. From the middle to the end of the 1990’s some talented protection defeaters like fravia (all the power to you bro’) organized annual cracking competitions within the Higher Cracking University (HCU+). In the 1980’s people were printing deadlistings of assembly code and were studying protections to find ways to circumvent them. the motivation was: interoperability and fun. Cracking protections is said is like playing chess. Easy games (thus easy protections) are not interesting. Complicated games are challenging.

Anti-Debugging checks are well known to Win32 experts for years. Also automized cracking programs are not new. Some people may still remember the masterpiece ProcDump. ProcDump allowed automized dumping of runtime encrypted programs (by also fixing the headers with import tables and so on).

Nowadays tons of automizer scripts that allow convenient unpacking of generic runtime encrypted Windows programs are available for assembly debuggers like Olly Debug. Generic protection wrappers don’t live long until getting defeated. On the other hand it seems specific protections (like the one used in Ableton’s Live Mac version) are very challenging to be cracked, since they are designed to be used in only one single program and not in tons of programs.

What do we learn from this? Decide for yourself.

101 of Digital Economy

There are people who say that an operating system like Windows 95 or 98 could only reach such a high societal penetration and thus make Microsoft dominating the market because it was so easy to copy. And nowadays? Almost every user who had an illegal Windows 95 back in the days nowadays uses legally bought Windows XP or Windows Vista. The consumers are trained to use Windows. In the long run this strategy has proved to be successful. Almost the same applies to Adobe’s Photoshop: almost every computer user knows how to use the basic functions, but almost nobody has ever bought it. But Photoshop has become the standard. There is no real competitor. In the long run Adobe’s strategy has proved to be successful aswell. Anyway we really doubt companies’ officials would admit those strategies.

And Apple? Apple knows about the concept of (religion and) market penetration. They are interested in selling their devices. It’s additional business for them to sell software for the iPhone, but their primary intention in the ongoing stage is to extend market penetration. Easily available software for their devices makes the device even more attractive to consumers. They will not be too interested in prosecuting teenage crackers.

What devs can also do

There are many options.

  1. Design an own protection layer.
  2. Bug the crackers with updates. As every update needs to be unpacked again this will be boring for half a millions apps every month.
  3. Check the price for your app. What’s better: earning 100 x 15USD or 500 x 4USD? What did we say about market penetration?
  4. Think about introductory offers (for every new version)
  5. Think about free demos with limited functionality

The time is over when developers sold 200,000 apps in one week. This was only possible in the beginning of Apple’s AppStore. Now it is usual software business.

Final Words

Kali is a good idea for the average developer with no knowledge of protections. Anyway as history shows it will have a limited degree of efficiency. As crackers like challenges a lot, they will really like to defeat Kali (I bed they are right now sitting analyzing RipDev’s Kali protected apps). Another thing might be unforeseeably: some developers are also crackers. They might apply for the Kali offer just for fun to get a better understanding.

Moreover although RipDev’s programs seem to have not been cracked until now this does not imply that this comes from the protection. The market’s demand for his programs might also be just too little.

[e-Biz] Steve Jobs in Hospital

Leave a reply

Yesterday january 14th, 2008 Steve Jobs sent an eMail to his employees explaining that his health-related issues seem to be more complex than expected last week. He will take a medical leave of absence until the end of June. In the meantime Tim Cook will be responsible for Apple’s day to day operations.

Stock exchanges suspended trading Apple shares after they went down 10%.

» Read Apple’s Media Advisory here

[iPhone] Jailbird for Windows to Replace WinPwn

1 Reply

There seems to be a new kid on the block called Jailbird. Jailbird is an independent implementation of exploits the iPhone Dev Team found in order to

  • activate,
  • jailbreak and
  • sim-unlock
  • all firmware revisions 2.x

As WinPwn has not been updated for a while this is amazing news for the Windows users among us.

See Jailbird’s Website for further information…

jailbirdss31.png

[iPhone] iPhone Dev Team’s lecture on the CCC in Berlin

Leave a reply

As recently reported the iPhone Dev Team held a lecture about the security systems in both the iPhone 2G and the new iPhone 3G here in Berlin at the Chaos Communication Congress 2008.

The lecture is very interesting and comprises known and some unknown facts about vulnerabilities of the iPhone.

Downloads:

» Video for iPhone
» Video for all other devices

In case the download is too slow. You may pick your own mirror from this list.

[MacOS] Parallels Desktop 4.0 released

Leave a reply

As of january 4th, 2008 Parallels released Parallels Desktop 4.0 . It now comes with a bunch of new functions like:

  • Experimental support for Mac OS X 10.6 Snow Leopard as host operating system
  • Experimental support for Microsoft Windows 7 as guest operating system
  • DirectX 9 + shader model 2 supported
  • faster suspending and resuming of virtual machines
  • virtual mounting of CD/DVD drives from remote Mac computers thus allowing to install Microsoft Windows on a Mac Book Air by having the Windows CD inserted on an iMac
  • improved CPU usage thus longer battery running time

Parallels Desktop also includes Parallels Internet Security (which is in fact Kaspersky Internet Security) and Acronis True Image Home – both for Microsoft Windows.

» Parallels Desktop