Security

Nokia engineer hacks Windows 8 to get free games (and provides full instructions)

A Nokia engineer who has previously pointed out security holes in Microsoft’s Windows 8 has now posted a detailed step-by-step explanation of how to hack Windows 8 games.

Unfortunately for those who want free games, his site is down.

Justin Angel posted the instructions on his personal site yesterday. Today, the page is displaying a “server offline” message … either because it’s too busy or because he’s been shut down.

However, there is such a thing as Google cache. And I did find the instructions.

Angel shows how to hack Windows 8 in not one, not two, but five different ways, showing users how to:

  1. get free in-app purchases by modifying encrypted IsoStore files
  2. crack trial apps and get paid versions for free
  3. remove in-app ads from free games
  4. reduce the cost of in-game paid items
  5. unlock paid levels by script-injection techniques
Screen Shot 2012-12-11 at 8.38.53 AM

Above: Justin Angel’s website, this morning (December 11)

In the first case, he proof-of-concepts the hack by giving himself a million free gold in Soulcraft THD — worth over $1,000 at in-app purchase prices. To demonstrate the second hack, Angel cracks Meteor Madness, a $1.50 game with a free trial. For the third, he edits XAML data files to remove ads from Microsoft’s own Minesweeper game.

The purpose of all this cracking? Angel, who says he wants developers to get paid for their hard work, claims he’s doing this to help developers by exposing weaknesses in Windows 8:

“We were able to show that the majority of ways games and apps developers would make money aren’t secure by default on Windows 8,” he writes in his post.

“The games appearing in this article are awesome and you should buy them and give them money,” he adds. The games he featured in the security tests included SoulcraftMeteor MadnessMinesweeperUltravioletDawn, and Cut The Rope.

Windows 8 does not have a secure location to store data files, and makes it relatively easy to decrypt trial apps and trivial to edit XAML files to remove ads. It’s also fairly simple to edit game data files, Angel says, and inject Javascript code into the IE10 process for a Windows 8 store app.

The kicker for Angel?

We’ve seen a myriad of issues and offered potential fixes to them all. Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.

Here are the instructions Angel provided:

Hack Windows 8 Games

Image credit: Ultraviolet app on Windows Store; hat tip: The Verge

0 comments