A Nokia engineer who has previously pointed out security holes in Microsoft’s Windows 8 has now posted a detailed step-by-step explanation of how to hack Windows 8 games.
Unfortunately for those who want free games, his site is down.
Justin Angel posted the instructions on his personal site yesterday. Today, the page is displaying a “server offline” message … either because it’s too busy or because he’s been shut down.
However, there is such a thing as Google cache. And I did find the instructions.
Angel shows how to hack Windows 8 in not one, not two, but five different ways, showing users how to:
- get free in-app purchases by modifying encrypted IsoStore files
- crack trial apps and get paid versions for free
- remove in-app ads from free games
- reduce the cost of in-game paid items
- unlock paid levels by script-injection techniques
In the first case, he proof-of-concepts the hack by giving himself a million free gold in Soulcraft THD — worth over $1,000 at in-app purchase prices. To demonstrate the second hack, Angel cracks Meteor Madness, a $1.50 game with a free trial. For the third, he edits XAML data files to remove ads from Microsoft’s own Minesweeper game.
The purpose of all this cracking? Angel, who says he wants developers to get paid for their hard work, claims he’s doing this to help developers by exposing weaknesses in Windows 8:
“We were able to show that the majority of ways games and apps developers would make money aren’t secure by default on Windows 8,” he writes in his post.
“The games appearing in this article are awesome and you should buy them and give them money,” he adds. The games he featured in the security tests included Soulcraft, Meteor Madness, Minesweeper, Ultraviolet, Dawn, and Cut The Rope.
The kicker for Angel?
We’ve seen a myriad of issues and offered potential fixes to them all. Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.
Here are the instructions Angel provided: