According to WPcentral:
Sounds like an innocent blog that reviews apps right? Well the concerns from the Twitter posts is that not only does the site review apps but it also contains download links for the .xap file that is residing on Microsoft's servers.
Even if you download the .xap file, it's going to take some effort to get it installed to your Windows Phone 7.
You will need the developer tools and device that is unlocked for development. While the developer tools are free, you have to be a registered developer to get an unlocked device. You CAN however download the .xap and rename it as a .zip and look at the structure of the app, though we're 99% sure that the real "code" of the app is compiled/encoded/encrypted.
Not many will be able to do much with this downloadable file. That is unless you're a developer looking to download free apps from other developers. Still, one has to wonder why it's so easy for a third party site to provide download links to Marketplace apps.
Click to expand...
Click to collapse
They are talking about the website: http://winmobile7.apphab.com/
Kind of a strange site. They are offering free downloads of paid marketplace applications. Unless you are a developer, you can't do anything with it. But it's still strange...
This sounds like a good way to get in a lot of trouble. I would bet Microsoft can see what apps are installed when the phone checks for marketplace app updates even if you side load it as a developer.
And its still live and offering files to download. Shoddy MS security on display, extremely troubling for devs.
Hopefully Microsoft will look into that site and any similar sites.
We cant have developers loosing money because of these people.
I can't see where you download apps - if its real why not post a link on http://social.answers.microsoft.com/Forums/en-US/windowsphone7/threads ?
It says it's for free and trial versions. Isn't it pointless to provide download files anyway since you can only install apps via the Marketplace?
****, they have my app on there, not happy
my app does support trial, I'm not seeing anything about xap downloads, hopefully this means the breach has been fixed and not that I'm looking in the wrong place
I don't mind free publicity, but I put many hours into that and don't want it spread around in such a way (free, unauthorized downloads, raw code)
Definitely not cool for developers. One issue is that all the apps are silverlight and are only compiled to MSIL. Pop open the binaries with Reflector and you've basically got the source code. All devs should utilize Dotfuscator to at least help with this.
http://windowsteamblog.com/windows_...-with-preemptive-solutions-for-analytics.aspx
ckacey said:
my app does support trial, I'm not seeing anything about xap downloads, hopefully this means the breach has been fixed and not that I'm looking in the wrong place
I don't mind free publicity, but I put many hours into that and don't want it spread around in such a way (free, unauthorized downloads, raw code)
Click to expand...
Click to collapse
It looks like the site that had the links (http://winmobile7.apphab.com) took down the link to the XAPs but I bet the issue is still there. It was a pretty simple URL to the Microsoft server. You just had to know the application's GUID and you could download the XAP.
I don't see how this makes them free... you can easily see you need a registered dev device, I doubt it makes the app "free" because there is a fee you must pay.
efjay said:
And its still live and offering files to download. Shoddy MS security on display, extremely troubling for devs.
Click to expand...
Click to collapse
Microsoft can check your device and see if you have pirated software on it, just like they do for XBox live. They already have the infrastructure in place and if you pirate be prepared to have your phone banned from Marketplace, Zune, XBox Live, etc.
RustyGrom said:
Definitely not cool for developers. One issue is that all the apps are silverlight and are only compiled to MSIL. Pop open the binaries with Reflector and you've basically got the source code. All devs should utilize Dotfuscator to at least help with this.
http://windowsteamblog.com/windows_...-with-preemptive-solutions-for-analytics.aspx
Click to expand...
Click to collapse
Any decent develper will Obfuscate the code. If they didn't, they were kind of asking for it since it's hot hard to intercept data being downloaded over WiFi, etc. The fact that it can only come from the market was never enough to stop people from getting their hands on the files downloaded from said market.
It's no different than any other platform that uses a VM architecture (Android, WP7, WM 6.x .NET CF, Java ME, etc.).
I found my own app there. I don't however see a download link?
--edit: Nvm, should've read the thread to its end.
What is the URL? To replace with GUID or XAP filename? Could always use archive.org.
i guys!i have a mega pack xap installers with games and apps.
i poste for everyone previous.
sorry bad english...
cmpts
is a method to decrypt files xap
http://forum.xda-developers.com/showpost.php?p=34246750&postcount=3
Related
I've gone to a couple WP7 training courses and whenever the developers ask about having access to parts of the OS and things of that nature, the microsoft rep mentions theres a OEM SDK. That SDK is unavailble to normal developers and only available to OEMs. If any very resourceful xda members got ahold of that SDK and leaked it, we would see some very interesting apps! It would be a great start to a jailbroken/rooted app store or something of that nature. Just offer all the great apps that wouldn't normally get approved by MSFT. ie wifi tethering, emulators....
Unless you can magically make sideloading happen, this will not work.
Skatingn330 said:
[...] It would be a great start to a jailbroken/rooted app store or something of that nature. Just offer all the great apps that wouldn't normally get approved by MSFT. ie wifi tethering, emulators....
Click to expand...
Click to collapse
I think that the OP is counting on some kind of "jailbreak" will solve that problem
(and so am I)
Actually if you have your phone registered as a dev phone, you kind of have a jailbroken one. Because you have the freedom to put any xap on you want.
It's just going to be the standard WindowsCE dev environment, right? All the WinCE libraries are on the phone, anyway. If you have Visual Studio, I think you can download the WindowsCE version from Microsoft, at least the trial version. Look around, you'll find it.
There's still a limit on the number of apps you can load. I believe it's 10 apps.
Skatingn330 said:
Actually if you have your phone registered as a dev phone, you kind of have a jailbroken one. Because you have the freedom to put any xap on you want.
Click to expand...
Click to collapse
Iridox said:
Unless you can magically make sideloading happen, this will not work.
Click to expand...
Click to collapse
Wait, but it will still require you to stay in the silverlight/XNA jailbox, right?
Hi
I thought this may be useful to our gurus in development. I am sorry if it is wrong place to post.
Is this a way to unlock CE 6.0 of Windows Phone 7? This I have seen in endgadget. This brings the native CE explorer in Zune. can we use this to bring file explorer in WP7?
Links:
http://www.zuneboards.com/forums/download-openzdk-applications/54495-liberate-explorer-zune-hd.html
http://www.engadget.com/2010/11/01/liberate-for-the-zune-hd-unlocks-hidden-windows-ce-potential/
Thanks,
Ravi
I can't find the source for that exact project (if you have a link, please post it), but I've spent a lot of time looking at the OpenZDK exploit source code, trying to adapt it to WP7.
There are a couple problems. The first is that you need to be able to install an app on the phone in order to get the exploit to work. Zune already allows you to install third-party apps, so the only problem they had was how to break out of the XNA/managed/C# jail. Then they can distribute the breakout as an executable, and anyone can run it. That won't work on WP7 because the only way to install a third-party app is if you have a developer license and the sourcecode. Or you can download it from the app store, but obviously Microsoft isn't going to allow exploits onto the store (they even have automated checking for the kind of exploit they have over at Zuneboards).
The second problem is even if you were able to run random apps on WP7, the exploit still wouldn't work. Microsoft has gotten a lot more serious about security on WP7, and they've closed off all the easy hacks like that (as far as I can tell, of course I'll keep looking). They didn't take security so seriously on WP7, and accidentally gave developers access to an unsafe memcpy(). In WP7 they have a much more robust security model, and closed that off. Which is sad.
I haven't been able to get pInvoke to work on WP7, or even use pointers. You can get the compiler to generate unsafe code, but the runtime on the phone crashes when it comes to any pointer. pInvoke might theoretically work, it's possible I've just been using it wrong, but I've tried a lot of different things and haven't gotten it to work.
Oh yeah, I found the announcement here:
http://www.zuneboards.com/forums/zu...-your-zune-new-version-includes-keyboard.html
Says it's built on openZDK, which means it is using the memcpy() exploit, and my last post wasn't completely off
athompson said:
Oh yeah, I found the announcement here:
http://www.zuneboards.com/forums/zu...-your-zune-new-version-includes-keyboard.html
Says it's built on openZDK, which means it is using the memcpy() exploit, and my last post wasn't completely off
Click to expand...
Click to collapse
I am really sorry, because most of the things you said, i'm not understanding, because I am not a professional developer or for that not even near to that area of coding (am a Pharmacist... my highest knoweldge is little HTML coding).
I am wondering is this will help in any way to access file system in WP7 and build an file explorer kind of app or can we install Totalchrom or resco file explorer kind of app??? using this can we enable bluetooth ftp or internet file download kind of options?
Thanks
lol ya, I guess I should have started with the executive summary. In short, my assessment is no, it doesn't help, because Windows Phone 7 is too different. I really wish it did help.
athompson said:
lol ya, I guess I should have started with the executive summary. In short, my assessment is no, it doesn't help, because Windows Phone 7 is too different. I really wish it did help.
Click to expand...
Click to collapse
+1, unfortunately this won't help us at all.
now the wp7 is jailbrocken we are able to install apps but where can we get some ...and how do we install apps ?
well i've found out that you can deploy apps from visual basic express for windows phone directly to your phone when it's unlocked.
so if some of the app developers can upload their apps as a visual basic project you can deploy it to your phone.
Yesterday i've downloaded some apps from the apps hub of MS and deployed it to my phone.
Just for testing purpose but they work
Now it's time for me to learn to create programs, but i don't know what to create
i''ve made the standard apps from visual basic express, but they aren't very usefull...
The chevronwp7 tool has 2 purposes and not the third...
1. For developers to test their apps without needing to pay the developer fee, this is more beneficial for those regions that don't yet have a way to pay for a developer account, but want to start working on it anyways
2. For apps that may use native code which won't get into market place, and in this case they can provide the xap which you can deploy.
In these two and all other cases, no developer in their right mind would hand out their intellectual property (their source code) unless they were doing it for others to learn from. Especially with a paid application, why would they give the source code out when it is in the market place?
The creators of chevronwp7 have already stated that this will not help in loading paid apps from market place either.
Hope this clears things up for you.
I have no intention to "steal" apps from their developers.
I just want to create my own programs, and learn from others.
There are dozens of free apps in the marketplace, and there were plenty of developers in the time of wm 6.5 which were programming for fun, and release their apps here on XDA so others can benefit from.
I think when time goes by these developers will release their apps here, because of the fee MS charges for developers to release the apps on marketplace.
So if your app is free, why not release the xap? No hassle with marketplace and native codes, and people who aren't interested in the code won't even think to look at the code.
I hope I made my point clear, it's not to install paid apps for free, but to help the developers who don't have acces to marketplace.
yea, which was it's original intent which is good. though given that chevronWP7 has now been taken down by it's creators we have to wait and see as to what they're doing with MS. MS has started negotiations with them to try and encourage the homebrew. lets see what happens of it all.
mtem1985 said:
well i've found out that you can deploy apps from visual basic express for windows phone directly to your phone when it's unlocked.
so if some of the app developers can upload their apps as a visual basic project you can deploy it to your phone.
Yesterday i've downloaded some apps from the apps hub of MS and deployed it to my phone.
Just for testing purpose but they work
Now it's time for me to learn to create programs, but i don't know what to create
i''ve made the standard apps from visual basic express, but they aren't very usefull...
Click to expand...
Click to collapse
I'm sure developers will release commercial apps in source form Even *most* free app developers won't do it, because of the way others like to copy code and create redundant apps. That has never been a popular trend on any mobile OS, and I don't see it becoming such.
@ OP: The unlock that came out for WP7 is not a jailbreak. It does nothing but allow you to use you device to test and deploy applications, instead of the emulator.
Hi all,
I was wondering if it's possible to inject into zune app and make it install another app instead of the one you choose using zune.
Using fillder, I briefly tried to look what requests are made by zune but I could not see anything which looks like downloading the app.
Just sideload its a whole lot easier and I don't think something like that exists otherwise it would be on Android and iPhone.
Sent from my GT-I5800 using XDA App
andreiuc said:
I was wondering if it's possible to inject into zune app and make it install another app instead of the one you choose using zune.
Click to expand...
Click to collapse
Hmm, I can say - interesting idea! But I am afraid it's a very difficult to implement. You need to emulate whole MS store server...
I think all requests go via secure connection and checked by trusted certificates on device.
same with dev unlock.
Cotulla said:
I think all requests go via secure connection and checked by trusted certificates on device.
same with dev unlock.
Click to expand...
Click to collapse
Not at all, some requests are non-secure. I'm able (with WireShark) to catch xap requests, store/app info etc. Actually, we have a lot of marketplace replacements (even I have my own implementation ).
sensboston said:
Not at all, some requests are non-secure. I'm able (with WireShark) to catch xap requests, store/app info etc. Actually, we have a lot of marketplace replacements (even I have my own implementation ).
Click to expand...
Click to collapse
I tried with Fiddler to catch xap requests but I was not able to see any.
My idea is to to write an app which injects code in Zune to hijack calls to download a XAP from zune and download from my location instead(or get it from local disk).
it's good to hear this. but marketplace XAP files are signed and it also makes a problem. unsigned will not work. (it's not deploy, it's installation!)
Cotulla said:
it's good to hear this. but marketplace XAP files are signed and it also makes a problem. unsigned will not work. (it's not deploy, it's installation!)
Click to expand...
Click to collapse
Right. They are signed with developer key.
Not sure if WP7 OS checks this and how would it know if it's the real app?
I mean, I can sign my own XAP which I make Zune to get it and deliver it to WP7.
andreiuc said:
Right. They are signed with developer key.
Not sure if WP7 OS checks this and how would it know if it's the real app?
I mean, I can sign my own XAP which I make Zune to get it and deliver it to WP7.
Click to expand...
Click to collapse
Looking to the requests responses when you select to install an app, I was able to see this response XML:
Code:
<a:entry>
<a:updated>2011-09-08T18:03:25.3198784Z</a:updated>
<a:title type="text">3D Paperball 1.3.0.0</a:title>
<a:id>urn:uuid:1ea47c77-79c1-4c5a-b441-549b4e93dcea</a:id>
<version>1.3.0.0</version>
<url>http://apps.marketplace.windowsphone.com/E0C15284-972B-41D3-B245-8C16AAF73A66/CurrentBinary.xap</url>
<packageSize>9235456</packageSize>
<installSize>19616768</installSize>
<clientTypes>
<clientType>WinMobile 7.0</clientType>
<clientType>WinMobile 7.1</clientType>
</clientTypes>
<supportedLanguages>
<supportedLanguage>English</supportedLanguage>
</supportedLanguages>
<deviceCapabilities><capability><id>ID_CAP_NETWORKING</id><string>data services</string><disclosure>Disclose</disclosure></capability><capability><id>ID_CAP_SENSORS</id><string>movement and directional sensor</string><disclosure>Disclose</disclosure></capability><capability><id>ID_CAP_IDENTITY_USER</id><string>owner identity</string><disclosure>Disclose</disclosure></capability><capability><id>ID_CAP_IDENTITY_DEVICE</id><string>phone identity</string><disclosure>Disclose</disclosure></capability></deviceCapabilities>
<averageLastInstanceUserRating>0</averageLastInstanceUserRating>
<lastInstanceUserRatingCount>0</lastInstanceUserRatingCount>
</a:entry>
<a:author>
<a:name>Microsoft Corporation</a:name>
</a:author>
As you can see, the XAP URL is right there.
However, with Fiddler, I am not able to see any requests to this URL.
Maybe someone can share some info using more advanced tools like WireShark.
LOL, my hunch is it's actually the WP7 OS which is doing the download of the file
yeah. but it seems signed with own MS certificate ?
so developers push app to MS and they verify and sign it? (I don't know much about market space publishing)
andreiuc said:
LOL, my hunch is it's actually the WP7 OS which is doing the download of the file
Click to expand...
Click to collapse
I believe you are right as it's been discovered already that it's pacmaninstaller.exe (I think that's the spelling) on device that prevents the sideloading of homebrew apps with INTEROPSERVICES.
andreiuc said:
However, with Fiddler, I am not able to see any requests to this URL.
Maybe someone can share some info using more advanced tools like WireShark.
Click to expand...
Click to collapse
Did you "reverse tether" your phone to PC? I believe, handset is responsible to download and install xap...
BTW, all these talks is about "warez" I don't see any other reasons to do that kind of hack (or may be, for research purposes only).
To get a "prove of concept", we need:
- download MS signed xap;
- using some kind of filtering proxy, replace request to http://apps.marketplace.windowsphone.com/{GUID}/CurrentBinary.xap to the local server;
If phone will be able to download and install that xap (what is impossible by using MS or third-party deployers), we'll get a solution or at least prove of solution
Cotulla said:
yeah. but it seems signed with own MS certificate ?
so developers push app to MS and they verify and sign it? (I don't know much about market space publishing)
Click to expand...
Click to collapse
Yep, "Ed Zachary" (c) Dave Barry, "Big Trouble"
I am trying to see if anybody in this thread would like to start developing a beginning to a Windows Phone "Jailbreak App store" meaning that the whole cummunity of homebrew apps could all be in one place. As I am aware to jailbreak ios and install "Cydia" you must hold the power and home button in a certain order. Since all Windows phones have the power button, unlock, and volume I think that this could work if a similar process like what is done in ios will be done with windows phone since they are both closed source operating systems. I am not a developer I truely dont know all the details of how something like this could work. I am asking if the whole Windows phone cummunity could work together and get this going.
Thanks
Maybe XDA-DEV could manage the server so it would grow fastly if every dev who post his app in the thread automaticly to the appstore but only final realeases or only apps who cant brick the device. Cool idea but to let a server work cost money and who pays it ?
dstyl said:
Maybe XDA-DEV could manage the server so it would grow fastly if every dev who post his app in the thread automaticly to the appstore but only final realeases or only apps who cant brick the device. Cool idea but to let a server work cost money and who pays it ?
Click to expand...
Click to collapse
The whole Windows Phone cummunity could pay for the servers together. Maybe there could be some awesome paid homebrew apps in there that could supply money for the server.
Xda doesn't support piracy.
Sent from my Touch-IT HD7 using XDA Windows Phone 7 App
I don't support the "crack paid apps" either.
My ideas for these "alternative marketplace" is for those developers/hobbies to make their apps and allow others to use it.
I don't mind the "homebrew" apps is chargable, coz if you look at some apps in Cydia, it also have some apps which chargable due to that app is rejected by Apple.
Same thing goes here. M$ need developer to pay USD99 to get an account, with each FREE apps posted charge for USD25! This will highly PUSH away the developers.
Further more, NOT all regions/countries are supported by M$ marketplace (like my country are not).
So this is a good alternative for developers to post their app.
hardik_hrc said:
Xda doesn't support piracy.
Sent from my Touch-IT HD7 using XDA Windows Phone 7 App
Click to expand...
Click to collapse
he ment a WP7 Version of CYDIA
liamhere said:
he ment a WP7 Version of CYDIA
Click to expand...
Click to collapse
Thanks this is to be a WP7 cydia no piracy involved at all. I am trying to get this started and hoping that we start somewhere.
shawchyn said:
I don't support the "crack paid apps" either.
My ideas for these "alternative marketplace" is for those developers/hobbies to make their apps and allow others to use it.
I don't mind the "homebrew" apps is chargable, coz if you look at some apps in Cydia, it also have some apps which chargable due to that app is rejected by Apple.
Same thing goes here. M$ need developer to pay USD99 to get an account, with each FREE apps posted charge for USD25! This will highly PUSH away the developers.
Further more, NOT all regions/countries are supported by M$ marketplace (like my country are not).
So this is a good alternative for developers to post their app.
Click to expand...
Click to collapse
Since i want this to be cummunity thing and want to push this forward and i forgot to mention these advantages with an alternative marketplace also.
actuly we have one in develpment alredy!
actuly we have one in develpment alredy!
we are curently making it only for cab updates but i dont see why we couldent impement this
as me and winco are alredy working on wcabsender and he has alredy made beta version of W.I.N.C.O.'s XapAssistant v.0.5.0
we have to make web server for cab files and such anyway i dont see why xaps would be any diffrent why pay more than one server when we could just have one and let it self make money!??
i gess pm me with detales if you like i will look them over!
seams like a nice alternitive
jackrabbit72380 said:
actuly we have one in develpment alredy!
we are curently making it only for cab updates but i dont see why we couldent impement this
as me and winco are alredy working on wcabsender and he has alredy made beta version of W.I.N.C.O.'s XapAssistant v.0.5.0
we have to make web server for cab files and such anyway i dont see why xaps would be any diffrent why pay more than one server when we could just have one and let it self make money!??
i gess pm me with detales if you like i will look them over!
seams like a nice alternitive
Click to expand...
Click to collapse
This is a GOOD NEWS!
I wish to see it work soon.
jackrabbit72380 said:
actuly we have one in develpment alredy!
we are curently making it only for cab updates but i dont see why we couldent impement this
as me and winco are alredy working on wcabsender and he has alredy made beta version of W.I.N.C.O.'s XapAssistant v.0.5.0
we have to make web server for cab files and such anyway i dont see why xaps would be any diffrent why pay more than one server when we could just have one and let it self make money!??
i gess pm me with detales if you like i will look them over!
seams like a nice alternitive
Click to expand...
Click to collapse
This is great news I would like for some of the developers to take over this.
anyone want to just start and alternative marketplace for homebrew and everything else?
Sounds like an amazing idea. Microsoft don't allow apps that promote voice plans, would be nice to have an alternative store to list a full version of my app (it allows you to buy and remove value packs for 2° of which some are voice packs)
I am / was working on a homebrew Marketplace aswell. The listing and downloading of XAPs is not the problem. You just Need a small search algorithm and a database to search and find the apps but the big Problem is installing them. Unless you have the DFT (I guess it was them) ROM that allows XAPs installed directly from the web, you wont be able to install any XAP on the device.
Cool thats my 111th post
Ludacris said:
I am / was working on a homebrew Marketplace aswell. The listing and downloading of XAPs is not the problem. You just Need a small search algorithm and a database to search and find the apps but the big Problem is installing them. Unless you have the DFT (I guess it was them) ROM that allows XAPs installed directly from the web, you wont be able to install any XAP on the device.
Click to expand...
Click to collapse
You are right! This the biggest issue!
I guess I could start working on the Store again. I guess it will be done in a few days.
Will allow downloading XAPs, updating them, browsing them. The installing part would have to be made by one of the WP7 hackers - as soon as this is sorted out (as said, it partly is) the store can go online
shawchyn said:
You are right! This the biggest issue!
Click to expand...
Click to collapse
not realy an issue because the wcabsender program we are working on
will have an esaly updateable data base of servers listed for cab files the list will be a file called CabData.xml wich we are curently wrighing
it curently contains links to all of xbmods cab files so the program will download and up date your phone and make the hole process very simple
insted of downloading them one buy one and usein wp7 cab sender,bat file
anyway teh cabs can contain up to 60 .xap files and or other content not just apps but content for custom updates to actuly modify the os it self!
users are alredy able to make custom updates much like a carrer would adding addisional features such as new wallpapers ring tones accent colors and even more!
so say we had a new custom game.cab that would incluude not only the new game .xap but also new ringtones & walpapers and assents from teh game or even custom icons for your default icons so your hole phone could look like the new game you just got sorta like premeum themes for on the xbox360 dashbord!
the store is made up of servers from he list and auto updated and loged with in the program you could tecnicly upload your xap to anyware and simple send me the url to add to the server list right now and the store would be opened at teh time of beta relese of our program! our program is close to beta relese but we still have much work to be done on it if you want to get involved please pm me i have more art to do and winco has more code to wright we do not curently even have all of the online avalible cab urls listed in the CabData.xml thare are curently about 10 just for testing!
we ar the only to people working on this project with the okay from xbmod as he is aware of what weare up to but im in the us and winco is in slovika and dose not speak good english infact has to translate everyhang i send him and he dosent get most of my notes teh hole consept was thought up of teh back to the future rom v2 and winco has never even seen teh move he dosent quite grasp teh consept but has managed to make the program a reality not theamed exactly how i had in mind but never the less my idia is now a reality soon to be relesed we could realy use some help with a couple more members on bord we could surely use the help! to get thangs done and out quicker we both have other projects as well and we are both in difrent time zones wich makes thangs even more diffucult winco dosent have time to browse teh forms or post updates like i do!
hes just to bizzy and to be honist so am i!
the offical wcabsender development thread is in the hd2 section please post thare! or pm me! if you have any talent services or advice to offer!
link: http://forum.xda-developers.com/showthread.php?t=1278511
But that Thing is on the Desktop side, right?
Most (atlease for me) would like to see the xap file direct install thru air to the phone, instead of go thru the desktop.
ofc, but if I got their idea right its a Desktop app that allows sending CABs to the phone