CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 31st, 2010

Windows Phone Marketplace Protection, PlayStation3 Code Signing Cracked

A whitehat hacker has cracked the digital rights management system enforced by Microsoft on Windows Phone 7 and demonstrated a simple method which allows users to install any application from the Windows Phone Marketplace for free. Hardware hackers also claim to have uncovered the private key used by Sony to authorize code to run on PlayStation 3 systems. Sony’s weak implementation of cryptography was exploited by fail0verflow to pull off the hack.

The Windows Phone Marketplace is Microsoft’s online store for Windows Phone 7 applications and allows users to browse, try and install free or commercial apps. A few days ago, a user posted on the XDA forums a guide with what is needed to crack the protection of the Windows Phone Marketplace.

Most of the steps in that guide were already doable to some extent except one – removing the XAP (app installer format) signature. However, it wasn’t long until someone took it up as a challenge. WPCentral reports that a developer created a simple application, which allow people to download and crack any XAP file from the official marketplace.

The tool was demoed in a video, but has not been publicly released. Also, no information about how it actually achieves the signature stripping was provided. Instead, WPCentral and the whitehat hacker contacted Microsoft and give them the details so they can start working on a fix.

The issue is pretty serious, because if one developer can do it, then sooner or later others will figure out too and not all of them might be adepts of responsible disclosure. In the end, DRM systems will always be prone to hacking. Someone will eventually figure out a way to bypass them.

The Windows Phone 7 community, which is still fairly limited, will probably end up having access to alternative marketplaces like Cydia for people with jailbroken iPhones.

Different hackers recently uncovered the hack in order to run Linux or PS3 consoles, irrespective of the version of firmware the games console was running. By knowing the private key used by Sony the hackers are able to sign code so that a console can boot directly into Linux. Previous approaches to running the open source OS on a games console were firmware specific and involved messing around with USB sticks.

The same code signing technique might also be used to run pirated or counterfeit games on a console. That isn’t the intention of the hackers even though it might turn out to be the main practical effect of the hack.

The group, fail0verflow, who also run the Wii’s Homebrew Channel, gave more information about the crack and a demo during the annual Chaos Communication Conference hacker congress in Berlin.

Share this item with others:

More on CyberInsecure:
  • Rogue Phishing App Spread Through Android Marketplace
  • Blu-Ray Protection Has Finally Been Cracked
  • Hackers Have Cracked N-Gage Application, Alowing It To Run Pirated Games On Other Devices
  • Red Hat Releases Critical OpenSSH Update After Detection Of Server Intrusion
  • iPhone 2.0 Unlocked Before The Release

    • Posted in Cryptography, Hardware, Microsoft, Mobile, Software | Print This Post Print This Post

    This entry was posted on Friday, December 31st, 2010 at 6:24 am and is filed under Cryptography, Hardware, Microsoft, Mobile, Software. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Windows Phone Marketplace Protection, PlayStation3 Code Signing Cracked

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »