A Nokia engineer has published a series of simple steps that allow users to hack Windows 8 games for free in-app purchases.
Justin Angel says his intention isn’t to help users get illegal freebies, but to help Microsoft by exposing security flaws. However, the fact that his website is currently offline may be due to high traffic – implying that not all of his readers are Microsoft security engineers.
Using his technique, says Angel, it’s possible to get free in-app purchases by modifying encrypted IsoStore files, get rid of in-game advertisements, unlock for-pay levels within games for free using script-injection techniques and extend free trial periods indefinitely.
“Trial apps will likely be adopted by around 50% of Windows 8 games. We’ve seen how the Trial licenses are stored in the Tokens.dat file and how easy it is to edit it,” he says.
“The real problem here is that Trial apps are downloaded to the client machine with the full unlocked logic embedded in them.”
Angel says he was able to nab himself a million in gold in Soulcraft THD – worth over $1,000 – for free and extend a free trial of Meteor Madness indefinitely. He was also able to eliminate ads from Microsoft’s Minesweeper game by editing XAML data files.
The problem, according to Angel, is that the Windows 8 operating system stores encrypted data locally, along with the algorithm – “and the algorithm key/hash is a recipe for security incidents,” he says.
And as Angel points out, this could represent a big problem for developers, with games accounting for over half of mobile developer revenue.
“We’ve seen a myriad of issues and offered potential fixes to them all,” he concludes.
“Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.”
