Getting a more secure Windows Phone 7 app

Hi all,

FORWORD: Currently I do not have an application on the marketplace I can test the code with. I do NOT know if a real windows phone 7 will remove the WMAppPRHeader.xml file.

UPDATE1:
Looks like the WMAppPRHeader.xml file does not get removed on the phone (confirmed with Windows\FileBrowser.exe on a real phone). Therefore this technique should work (30-Dec-2010 6:22PM).

UPDATE2:
There is an ongoing discussion concerning this and other counter measures, please make sure that you see the discussion over at the app hub forum. (31-Dec 2010 0:50AM)

UPDATE3: The idea below is be no means a fix for the drm problem marketplace is facing. It is one idea out of many on how developers could make “pirating” less easy with the currently available toolset. (31-Dec 2010 0:56AM)

IDEA FOR POSSIBLE SOLUTION:

After the dust of the Proof-of-Concept (PoC) I’d provided to Daniel concerning the overall security of Microsoft’s WP7 Marketplace has settled a bit I want to follow up with an idea for a little code snippet which would make your app -in my opinion- a lot more secure:

safeapplication-microsoft-visual-studio.png

What does the code do

Based on the conditional compile switch, it will always return true while you compile your application in DEBUG mode (default for new applications in Visual Studio 2010). As soon as you switch to RELEASE mode, which you should always do before you post your code to the marketplace, additional code will kick in.

This additional code will try to load a XML file called “WMAppPRHeader.xml” from the XAP file in which your application was deployed to the phone. If the file is found and can be loaded, true will be returned in the case any exception is thrown, e.g. the file was not found, false will be returned.

Why does this code work

While writing the PoC for Daniel I had to overcome the DRM system. Actually it wasn’t that hard but one part of the system is the WMAppPRHeader.xml file. By now, anyone knows that you have to remove this file, as it is not included in the XAP until it is distributed via Marketplace.

The trick here is: You cannot deploy any XAP which contains a file called “WMAppPRHeader.xml”, even if it is zero (0) bytes in size, only marketplace can. Not with XAPDeploy, not with the SmartDevice.dll, not with anything publically available. This security measure is triggered on the actual phone, so you would need a custom, cracked rom to overcome this mechanism. But if you have a custom, cracked rom, anything is possible.

How to use this code

1.) Use code obfuscation. If you use this type of code, you have to use code obfuscation. As always, code obfuscation doesn’t make your code more secure but it does take care of your code, so that your IsHackedMarketplaceApp() method will have a different name to the IsHackedMarketplaceApp() from anybody else. This is important, as it prohibits removal of the code in an automated fashion.

2.) Use this code inline. Do not create one function and reuse if everywhere. Based on statistic analysis I will be able to replace this method with “return true;” in an automated way.

3.) Use duplicated code. Whenever you want to check if your code is legally installed, copy&paste the code to that position. You’ll end up with having the same code-check (5 lines in total) in a lot of different places, but it is worth the hassles if you want a secured application.

4.) Use encryption. Do not use the string “WMAppPRHeader.xml” in your file. Use some type of encryption. Even the weakest one will conquer any reasonable attempt to remove your security in an automated fashion.

What are the effects of this code

A more secure application, and also a little debugging problem ;)  You can no longer test your application in RELEASE mode neither on the device nor the emulator. But that’s what DEBUG mode is for anyway.

Final words

The code and the guides I gave you here will not stop piracy. Anyone with the corresponding skills can still startup reflector, go through your code, remove any checkes, remove DRM and install it on a device. YES, but it got a lot more difficult to do it in an automated fashion. So, there might be one or two who can still break your security measures by hand but the masses won’t be able as there is no generic tool available.

As always, feel free to contact me.

Best regards,
- tobias

About Tobias Mueller

The next best geek...
This entry was posted in .net, Windows Phone 7. Bookmark the permalink.

16 Responses to Getting a more secure Windows Phone 7 app

  1. Pingback: Fixing DRM in the Windows Phone Marketplace – a follow up [Developers] | Best Smartphone Blogging

  2. Pingback: WP7 Marketplace hacker provides some palliation for developers

  3. Pingback: Twitter Trackbacks for A solution for more secure #wp7 applications: ? #wp7dev what do you think? might be of interest for you. [nextbestgeek.com] on Topsy.com

  4. Pingback: 不等微软 开发者公布WP7商店漏洞应对措施

  5. Pingback: 5 Rules Purchasing Online | Ezineboy

  6. Pingback: Attempting a better secured app in the Windows Phone Marketplace – a follow up [Developers] | Unlocked Smartphone Deals

  7. Pingback: SevenPhone.it | Migliorare la sicurezza delle proprie applicazioni sul Marketplace

  8. Pingback: FreeMarketplace Cracks Windows Phone 7 Marketplace Apps | Geeky Gadgets

  9. Pingback: Gap FreeMarketplace 7 Phone Apps Windows Marketplace | advante.org

  10. Pingback: Attempting a better secured app in the Windows Phone Marketplace – a follow up [Developers] | Smartphone Review

  11. Pingback: Potential fix for Windows Phone DRM hack detailed

  12. Pingback: 50pips » Blog Archive » FreeMarketplace Cracks Windows Phone 7 Marketplace Apps

  13. Pingback: Avis aux développeurs : sécurisez vos applications ! | WindowsPhoneFR.com – Windows Phone 7

  14. Pingback: Hacker Windows Phone 7 dà consigli per evitare il download gratuito da Marketplace | Windows Phone 7 Blog

  15. Pingback: 不等微软 开发者公布WP7商店漏洞应对措施 | 软饭网

  16. Pingback: Windows Phone 7 アプリを不正コピーから守るプロテクト技法 - ななふぉ