OK, ok. So I wasn’t actually attacked by pirates but it makes for an exciting headline! I did how ever find a few of my apps listed on Appulous. If you don’t know Appulous is a website where you can download free cracked copies of pay iPhone Apps. Accroding to Appulous the site “is merely a collection of user-submitted links, and Appulous takes no responsibility for what users submit to this site or use this site for.” Well, whatever helps them sleep at night.
Here’s another gem from their website . . . “Apple has chosen to allow a multitude of ridiculous, worthless, poorly-represented applications through its “strict” screening process, nearly all written by mediocre programmers with a dream of getting rich quick.”
So what does Appulous do with these ridiculous, worthless, poorly-represented applications? They distribute them to anyone who wants them for free. Wait, what?
I guess piracy is the greatest form of flattery ?!?!
I also found a torrent for this same app ( damn, it must be popular!) . . .
First I will answer the question that probably will pop into most of your minds. Why on earth , as an iPhone Developer, would I post information that could be used to circumvent copy protection in my own apps as well as those of fellow developers?
Foremost I believe in the fact that information in and of itself is not dangerous and whenever possible should be freely available. It is the way you decide to use the information presented that determines whether or not you are in a grey or black area.
Also, I believe this particular information can be extremely valuable to fellow developers because in order to properly defend our applications from piracy we need to understand the methods that the pirates use to defeat copy protection. As developers on the iPhone platform we have very meager means of protecting the apps we spend days and months pouring our hard work into. So it is to our benefit to study the practices of those who mean to thwart our efforts.
Now that we have gotten the philosophical argument out of the way we can get to the meat and potatoes. The article/information presented was written by Reily of ARTeam. ARTeam is a group dedicated to “facilitate the sharing of knowledge about Reverse Engineering.” Their motto is “I HEAR and I Forget, I SEE and I Remember, I DO and I Understand.” I can’t say that I disagree with that.
This information only surfaced about 10 days ago and has for the most part managed to stay fairly well hidden from the general public. The article describes in extreme detail the methods used by “Hex-Hackers” Application crackers that use hex level editing to unlock protected binary files. They remove Apple’s DRM to allow unauthorized distribution of our apps. This is one of the most difficult forms of cracking to defend against and has been declared by most to be an un-winnable fight.
Here is the article description quoted directly from the ARTeam website:
“Since Apple opened the AppStore tens of thousands of application are available for the iPhone and the iPod Touch and it keeps growing. All available apps are protected by Apple’s own DRM system called Fairplay. The binaries are encrypted. From the jailbreak of the iPhone it only took a short time till Fairplay was broken. An iPhone port of GDB made it easy to crack those apps by dumping the decrypted binary from the iPhones RAM. The process, thanks to Crackulous is now even simpler. Of course the developers are aware of this and some of them are trying to protect their applications with their own methods. They check for the modifications done to the package because they are not allowed to use serials or other methods to protect their work. This tutorial focuses on finding and disabling these checks.”
Without further ado here is the link to Patching Applications from Apple’s AppStore with additional protection
Feel free to leave comments if you feel strongly for or against this subject.