toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Mac App Store receipt management already cracked [U]

updated 07:50 pm EST, Thu January 6, 2011

Could lead to changes from Apple

(Updated with further information and clarification) Mere hours after the opening of the Mac App Store, software crackers have already found a method that could lead to pirating of Mac App Store software. The method involves copying some package resources from a free app and implanting them into a copy of a paid app obtained from some other source (such as the developer's own web site) where the app does not do any receipt checking.

"Cracking" or creating an unlicensed copy of a restricted app is nothing new, but developers who didn't implement Apple's suggested method of ensuring that only authorized machines run purchased apps may suffer as unethical users help themselves to "free" versions of normally-paid applications that have no other license-checking schema. The specific technique is detailed in a post on Pastebin.com (specific post not linked), and Apple is aware of the breach.

MacNN strongly condemns software piracy as illegal and damaging to the entire Mac community.

Update: Developer Sean Christmann has explained the flaw and how to correct it in more detail. He calls it a "massive failure in the implementation of Apple's receipt system," but suggests the problem is limited in scope (falling mainly on apps that did not fully implement Apple's suggested receipt checking) and that other apps would prove less vulnerable to the technique.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

    Comment buried. Show
  1. rodvera

    Joined: Dec 1969

    -30

    I Love Apple But....

    HAHAHAHAHAHA

  1. Eccent

    Joined: Dec 1969

    +20

    2 things

    Why can't you link to the specific post on pastebin?

    You're the only one of four sites I've read that say the DRM is cracked.

    From what I gathered, the others say it was up to the developers to implement whether they wanted receipt checking/matching. If the dev's didn't put it in, then the app had less or no DRM. So, I don't know that it's DRM that has been cracked so much as that the dev's didn't put it in their app.

  1. facebook_Sean

    Via Facebook

    Joined: Jan 2011

    +16

    How devs can fix this

    I've just added a blog post on how devs can fix this for themselves.

    http://www.craftymind.com/2011/01/06/mac-app-store-hacked-how-developers-can-better-protect-themselves/

  1. aristotles

    Joined: Dec 1969

    +3

    Why even provide any details on how?

    Seriously, you guys were serious about not condoning piracy, why go into such detail?

  1. davedelong

    Joined: Dec 1969

    +9

    This is totally inaccurate

    The DRM was not cracked. This is entirely the developer's fault: the program is not doing any receipt validation, and as such can be used with an invalid receipt. All that's required is that *a receipt* be in place.

  1. ScottG

    Joined: Dec 1969

    -2

    Who Cares Really?

    Almost anyone can do this with a little reading and playing around with the package contents.

  1. Feathers

    Joined: Dec 1969

    +5

    Content Creation

    This is getting so totally out of hand! Over Christmas I met a plumber who had bought a new Samsung TV with a USB socket for the specific purpose of playing all the movies he had pirated off the web. As someone who earns a living from content creation, I was infuriated. I'm starting to think that designers, film-makers, programmers and everyone else who creates content needs to start doing a little plumbing, painting and carpentry on the side for free and see how they like it.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented