Hi Guys,
I will post Here some of the paying apps that I hacked from the app store.
theses apps need to be sideloaded on an unlocked WP7 device, the objective here is to get paying apps for free !!
I will make later a detailled and complete tutorial on how to crack .xap files but shortly I will point out the most important things.
Every (Non obfuscated) .xap file could be cracked as far as it has been downloaded on the device, thus, if a paying app is available for trial mode, we can make it available for free by unlocking the non trial contents.
1. The first step will be the installation of the paying app that offer trial mode from the app store on the device.
2. We need then to copy the contents of the xap file from the phone to the PC, every WP7 app will be installed on the /Applications/Install/App Guid/Install/*.*, we will need the touchXplore app and the WebServer app (You can find both of them here in the forums).
To send the files to the PC, we copy all the file contents of the installation folder to the Isolated Storage Folder of the WebServer app (/Applications/Data/WebBrowser APP Guid/Data/IsolatedStore) using the touchXplore app.
the contents are will be exposed by the WebServer app to the PC.
3. Then we ask the web browser app using a regular http request from the PC's browser, we indicate the IsolatedStorage as the source to be exposed (169.254.140.xx/IsolatedStore), all the contents of the Isolated Storage will be available on the PC, just download them to a regular folder
4. once we're done, we need to unsign the assemblies, I will explain this later but for short, framework assemblies that are bundled with the app (like Microsoft.Phone.Controls.dll) should be replaced by the same regular copy used in the development process which is not signed.
The remaining assemblies will be unsigned using ILDasm/ ILasm tools (Deassembling using ILDasm then reassembling using ILASM without any intermediate steps)
5. once all the assemblies have been unsigned, we have to remove the trial mode from the app.
First we'll need Reflector to search for the portion of code that makes use of the Microsoft.Phone.Marketplace.LicenseInformation.IsT rial() class service.
usually, this is an implemented method on a class that returns the value returned by this method say
public static void IsTrialMode()
{
return Microsoft.Phone.Marketplace.LicenseInformation.IsT rial();
}
all we have to do is to edit the IL code of the corresponding method body by making it return always false like so
public static void IsTrialMode()
{
return false;
}
the replacement should be done directly inside the .IL file generated by ILDasm and using Intermediate Language Code (if you can't write in IL, just write the method in C# or VB.NET and let the compiler emits the IL code for you then copy it using Reflector),
6. After updating the IL source file, we recompile it back to an assembly using the ILAsm tool.
7. now we have to package all the contents of the folder into a xap file.
xap files are regular zip files that were compressed using deflate zip compression algo, usually using the System.IO.Compression Api. so don't rely on winzip or win rar or other tools, the signature of the xap will be wrong and it won't be deployed to the device.
there is cool tool that make the compression process easier and using the .NET Api, this tool is called DotNetZip, and it's available freely on codeplex.
after the contents have been packaged into the zip, rename it to a .xap file. you should have an unsigned xap file that could be deployed to the device using the Application Deployment utility.
I'm attaching one app that I was playing with. it's available on the market place.
this is just a try to explore the road, now we have all the required knowledge to hack some paying games
.
Merry Christmas
