Screenshot.8912.1000000A Nokia engineer who has previously pointed out security holes in Microsoft’s Windows 8 has now posted a detailed step-by-step explanation of how to hack Windows 8 games.

Unfortunately for those who want free games, his site is down.

Justin Angel posted the instructions on his personal site yesterday. Today, the page is displaying a “server offline” message … either because it’s too busy or because he’s been shut down.

However, there is such a thing as Google cache. And I did find the instructions.

Angel shows how to hack Windows 8 in not one, not two, but five different ways, showing users how to:

  1. get free in-app purchases by modifying encrypted IsoStore files
  2. crack trial apps and get paid versions for free
  3. remove in-app ads from free games
  4. reduce the cost of in-game paid items
  5. unlock paid levels by script-injection techniques
Screen Shot 2012-12-11 at 8.38.53 AM

Above: Justin Angel’s website, this morning (December 11)

In the first case, he proof-of-concepts the hack by giving himself a million free gold in Soulcraft THD — worth over $1,000 at in-app purchase prices. To demonstrate the second hack, Angel cracks Meteor Madness, a $1.50 game with a free trial. For the third, he edits XAML data files to remove ads from Microsoft’s own Minesweeper game.

The purpose of all this cracking? Angel, who says he wants developers to get paid for their hard work, claims he’s doing this to help developers by exposing weaknesses in Windows 8:

“We were able to show that the majority of ways games and apps developers would make money aren’t secure by default on Windows 8,” he writes in his post.

“The games appearing in this article are awesome and you should buy them and give them money,” he adds. The games he featured in the security tests included SoulcraftMeteor MadnessMinesweeperUltravioletDawn, and Cut The Rope.

Windows 8 does not have a secure location to store data files, and makes it relatively easy to decrypt trial apps and trivial to edit XAML files to remove ads. It’s also fairly simple to edit game data files, Angel says, and inject Javascript code into the IE10 process for a Windows 8 store app.

The kicker for Angel?

We’ve seen a myriad of issues and offered potential fixes to them all. Any mildly competent developer can productize these security attack vectors into shipping products. If Microsoft doesn’t take it upon itself to fix these security attack vectors it’s not because it couldn’t, it’s because it chooses not to.

Here are the instructions Angel provided:

Hack Windows 8 Games

Image credit: Ultraviolet app on Windows Store; hat tip: The Verge

GamesBeat

GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
  • Newsletters, such as DeanBeat
  • The wonderful, educational, and fun speakers at our events
  • Networking opportunities
  • Special members-only interviews, chats, and "open office" events with GamesBeat staff
  • Chatting with community members, GamesBeat staff, and other guests in our Discord
  • And maybe even a fun prize or two
  • Introductions to like-minded parties
Become a member