14 DAY TRIAL // Kenneth Ballenegger, a Mac and iOS developer who likes to refer to himself as “not a skilled hacker” has demonstrated that cracking Mac apps is unacceptably easy, and went ahead to demonstrate this using a few command line utilities.
Earlier this month, Softpedia reported that cracking applications downloaded from the Mac App Store was easily achieved by replacing the receipt and signature files in some paid apps with the receipt from a free one allows the app to run in full mode (read full article).
This information had emerged in a mere day since the debut of the Mac App Store on January 6th.
While the methods posed by Kenneth are easy enough for the average Mac developer to employ for cracking an app, the Mac & iOS programmer admits that it cannot be done by the average Joe.
Nonetheless, “I do not believe that obscurity and ignoring the problem is an acceptable solution,” he claims.
“It’s too easy to crack Mac apps,” he writes on his blog. “Way too easy.”
“By walking through how I can hack your app with only one Terminal shell, I hope to shed some light on how this is most commonly done, and hopefully convince you to protect yourself against me,” he continues.
Before delving into the specifics of cracking a Mac app, Kenneth posts a disclaimer outlining that he is “fervently against software piracy,” and that he does not participate in piracy.
He also assures readers that he does not endorse piracy, even though his article may give that impression.
Kenneth proceeds with his synopsis by enumerating some of the tools a “hacker” needs to carry out the task of cracking a Mac app. These include Apple’s own Xcode tools.
The dev used one of his own programs (called Exces) for the example.
We skip over the geeky stuff (which curious Softpedia readers can go through by visiting Kenneth’s actual post), to note some of the developer's tips to prevent this kind of hack.
These tips are obviously aimed at developers whose applications are prone to getting cracked.
The most important piece of advice Kenneth has for programmers is: “Try to program the licensing mechanism for your app in pure C,” rather than in Objective-C, which, according to Ballenegger, “makes it really easy to mess with an app’s internals.”
Other valuable tips include stripping debug symbols, using PT_DENY_ATTACH, and doing a checksum of the binary.
Note: for clarification, Kenneth's post does not strictly refer to applications downloaded from the Mac App Store, but to all Mac applications coded in Objective-C.