14 DAY TRIAL // A whitehat hacker has cracked the digital rights management system enforced by Microsoft on Windows Phone 7 and demonstrated a simple method which allows users to install any application from the Windows Phone Marketplace for free.
The Windows Phone Marketplace is Microsoft's online store for Windows Phone 7 applications and allows users to browse, try and install free or commercial apps.
A few days ago, a user posted on the XDA forums a guide with what is needed to crack the protection of the Windows Phone Marketplace.
Most of the steps in that guide were already doable to some extent except one - removing the XAP (app installer format) signature.
However, it wasn't long until someone took it up as a challenge. WPCentral reports that a developer created a simple application, which allow people to download and crack any XAP file from the official marketplace.
The tool was demoed in a video, but has not been publicly released. Also, no information about how it actually achieves the signature stripping was provided.
Instead, WPCentral and the whitehat hacker contacted Microsoft and give them the details so they can start working on a fix.
The issue is pretty serious, because if one developer can do it, then sooner or later others will figure out too and not all of them might be adepts of responsible disclosure.
It's woth noting that developers have complained about the insecurity of the DRM system of Windows Phone 7 for months now, but Microsoft did little to improve it.
Instead they recommended the use code obfuscators to protect apps. However, this mitigation solution isn't always practical and the free obfuscation tools currently available are not very good.
In the end, DRM systems will always be prone to hacking. Someone will eventually figure out a way to bypass them.
The Windows Phone 7 community, which is still fairly limited, will probably end up having access to alternative marketplaces like Cydia for people with jailbroken iPhones.