Mac App Store Apps Already Hacked 148
Stoobalou writes "The Mac App Store has only been open for 24 hours but methods for circumventing Apple's DRM are already hitting the Web."
"Hello again, Peabody here..." -- Mister Peabody
Sweet (Score:1, Funny)
Re:Sweet (Score:5, Insightful)
Not PC guys, windows users. Linux and BSD users are quite happy with their PCs.
BSD? PC? (Score:3, Informative)
Well, The Mac is just an expensive PCs and OS X is based on BSD. So, what's your point?
Re: (Score:2)
How is this flamebait? How are current Intel Macs any different from other PCs? And OS X is based on BSD.
Re: (Score:2)
How are they different?
On a hardware level: the Embedded Controller chip which stores the OSX encryption keys.
On a software level: the pretty GUI, covered in chrome :)
But seriously, I borrowed one (via VNC) the other day, and I'm starting to want a Mac.. and I'm a dyed-in-the-wool PC user (Linux, thankfully).
Re: (Score:2)
On a hardware level: the Embedded Controller chip which stores the OSX encryption keys.
So it's a laptop with a TPM chip? That's not really Mac specific, is it?
On a software level: the pretty GUI, covered in chrome :)
That doesn't change that fact that it's a PC, that happens to come with a specific OS. Technically, you could install it on any other PC.
Re: (Score:2)
LOL!
Actually, I'm looking into buying a basic Mac Mini for development work -- someone asked me to port a bit of my code to OSX, which I can't really do without a Mac of some description...
Re: (Score:2)
Although I agree there is quite a bit of windows-based nastiness around, do you honestly think that no such thing exists on Mac ? Or will you switch to a new "niche" OS each time the amount of viruses has reached a certain threshold ?
(and please don't give me the "OS-X" is safe by design line; the little time needed to own "locked down" OS-X machines in public contests is simply testimony that there is plenty of "options" for the bad guys to use, they simply can't be bothered and/or haven't been caught yet)
Re: (Score:2)
How are current Intel Macs any different from other PCs?
Traditionally, "PC" is short for IBM PC compatible, meaning not just x86, but also BIOS.
Granted nowadays PC is used as a colloquialism for "Windows computer", so maybe as EFI becomes more popular the original definition will cease to be true.
Re: (Score:2)
Reality Distortion Field. Duh.
Re: (Score:2)
Re: (Score:2)
They have a proprietary power management system which allows you to schedule power on and off
My BIOS can do that.
Macs use EFI for everything.
Macs weren't the first to use it. The HP Itanium 2 could boot Windows and Linux in 2002, before Mac OS X. It may be much less common, but it's not Mac exclusive by any means.
There are also some performance tweaks on the motherboard and that is one of the reasons why macs were a bit faster running windows than an equivalent spec PC. The other reason for the speed increase was that the video bios is emulated by the bios compatibility model so any code that access the video bios will be faster accessing the in memory bios rather than bios on the gfx card.
It has some tweaks and a bios emulated code. So do some other PCs. Doesn't mean they're not PCs.
Finally, OS X is not based on BSD alone. It has a XNU kernel which is a hybrid of Mach microkernel code and some BSD kernel code. It also has some BSD userland, GNU userland, System V Unix and proprietary stuff written in house.
Yeah, alright, it's based on other stuff too. How does that make it flamebait?
Re: (Score:2)
Macs use EFI for everything.
Macs weren't the first to use it. The HP Itanium 2 could boot Windows and Linux in 2002, before Mac OS X. It may be much less common, but it's not Mac exclusive by any means.
I'm not sure what your point is. An Itanium is not a PC, unless PPC Macs are also PCs.
Re: (Score:2)
we dont have "linux PCs", you insentive clod. we have a linux BOXES.
Re: (Score:2)
AHEM.
We call them Linux boxen because that's what it's akin to hurding!
Re: (Score:2, Funny)
I thought we called them boxen to prevent the spread of virii
Re: (Score:1)
He's also been known to be a write-in candidate for various political offices.
Re: (Score:2)
Re: (Score:2, Funny)
Exactly, Apple does not make 'personal' computers. The machines are actually owned by Steve Jobs for all eternity, along with your soul if you ever decide to buy one. :P
Re: (Score:3)
...because Apple doesn't make personal computers?
Blame Apple marketing... "I'm a PC"
Re: (Score:3)
Pfft, you use Personal Computers?
I prefer impersonal computers. My computer won't allow me to even use my name as a logon. I have to use user names like "Guy" or "Bloke", and themes are disabled.
Re:Sweet (Score:5, Informative)
Don't worry, the article just has an inflamatory headline. It's not not apple's security that's been broken, it's the security of apps that haven't followed apple's documented method of verifying that they're installed in a valid way.
Re: (Score:1)
Inflammatory headlines? In my /. ?
It's more likely than you think.
Re: (Score:2)
Re: (Score:3)
Providing a service to sell applications and games in a convenient way?
Re: (Score:2)
And neither have you.
Re: (Score:1)
Apple is apparently trying to flog the same sort of crapware that telcos tend to load up on our phones. I have a (free second-hand) MacBook that I inherited from my wife when she upgraded her machine. Since I'm an ancient Unix hacker, I can coexist perfectly well with the hardware, but really hate Apple's business model. So, with the exception of the software that comes out of the box, I run OSS apps pretty much exclusively.
The briefest glance at the "App Store" offeri
Re: (Score:2)
Maybe the apps aren't your thing, but a hand-waving "they're all crap" simply shows that you didn't spend even a second looking at what's available.
Among the top 30 purchased apps so far, there are plenty of games; there's also all kinds of "useless crapware" like:
#3 - iPhoto
#5 - Aperture
#8 - iMovie
#9 - Pixelmator
#10 - Pages
#12 - iHomework (students' tool for tracking homework, assignments, etc.)
#13 - Sketchbook Pro
#15 - Garage Band
#16 - Compartments (a home inventory application)
#20 - Courier (a utility f
Re: (Score:2)
Among the top 30 purchased apps so far, there are plenty of games; there's also all kinds of "useless crapware" like:
Ahh, but non of these programs are available for ancient Unix, so they must be crap.
Re: (Score:2)
Troll, really?? So, those with modpoints think that my remark that Apple is taking control of the application and then failing to secure them in any way is a troll?
Seems macboys got few mod points today.
Re:Sweet (Score:5, Informative)
Troll? Nah, uninformed and bombastic. If you knew what you were talking about you would know that this kerfuffle is about developers who did not bother to use the security measures provided by Apple. In the widely noted case Angry Birds just checked for a valid receipt without checking to see if it was a receipt for their app. It isn't just a matter of having an opinion, it helps to actually know something when you decide to comment.
Re: (Score:2)
And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen. If they are not doing it(as you are claiming), then the only thing I can think of is they are just controlling what kind of apps go in there - and hence enforcing their moral judgement onto their users - similar to what they have done so many times on the iphone app store. Hence my original remarks (about keeping porn out).
Hope this gets to yo
Re: (Score:2)
And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen.
Wrong, if only because you've ignored the case where a developer may specifically want to permit users to copy their apps to multiple systems (that belong to them or not). If you're releasing a free app, why on earth would you care whether or not the receipt is valid? Wouldn't you want as many people to be able to easily share and run it as possible, thus making checking the registration status moot?
If anything, Apple is doing the opposite of what you're accusing them of. They appear to be taking a hand
Re: (Score:2)
And if you go beyond the Apple hype, you would see that by being in control of what goes in the app store, Apple is responsible too to make sure this does not happen.
Exactly! How else can we claim that Apple is forcing developers to use their evil DRM!
Re: (Score:2)
Two items for for the slower learners. First, developers are not required to use Apple's DRM. Apple tests for buggy software, use of private API's, etc. Second, the webkit browser gives you access to all the porn you could desire. Sorry if your favorite site is flash based, but that would be an issue of efficiency rather than morality.
Re: (Score:2)
>> Sorry if your favorite site is flash based, but that would be an issue of efficiency
Then probably Apple needs to figure it out with Adobe, because for 90% of the world, it's not a problem at all.
Re: (Score:2)
>> Sorry if your favorite site is flash based, but that would be an issue of efficiency
Then probably Apple needs to figure it out with Adobe, because for 90% of the world, it's not a problem at all.
They told them they would considere it if they delivered something usable. 5 years on Apple is still waiting for Adobe. Want to blame them for not being more threatening?
Re: (Score:2)
Until I actually see their supposed crack, I don't believe it at all ;)
slightly better article (Score:5, Interesting)
Hate to link to the reg but their article is actually a bit more detailed:
http://www.theregister.co.uk/2011/01/07/app_store_receipt_fail/ [theregister.co.uk]
Note that this only works if developers ignored Apple's recommendations on validating receipts.
Re: (Score:2)
Exactly. Partly, I'm sure, that's because Apple's recommendations involve writing decidely non-Cocoa-ish code that's a little hard to understand if you've never done any crypto before, and they don't (for obvious reasons of security) provide sample "here it's all done for you, just copy and paste" code but describe the process and tell you to do it yourself in your own unique way. My guess, having looked at the quality of some of the apps on there, that a bunch of these apps were either a) written in a hu
Re: (Score:2)
Partly, I'm sure, that's because Apple's recommendations involve writing decidely non-Cocoa-ish code that's a little hard to understand if you've never done any crypto before, and they don't (for obvious reasons of security) provide sample "here it's all done for you, just copy and paste" code
You mean, the obvious reason that they believe that obscurity adds significantly to security in spite of the massive evidence to the contrary?
Re: (Score:2)
You mean, the obvious reason that they believe that obscurity adds significantly to security in spite of the massive evidence to the contrary?
Since it's a form of DRM, doing it "right" doesn't work, since there is no right way.
btw, I'm someone who actually has implemented the recommended way of verifying those receipts. It took only four days and probably chopped off a few years until my first heart attack, so I can't really blame the devs who chose to skip the work.
This Is Completely Misleading (Score:5, Informative)
The Mac App Store wasn't hacked. Developers aren't properly checking licenses when the app is run, so of course using any arbitrary license file will work. Complete FUD.
Re:This Is Completely Misleading (Score:5, Informative)
Re:This Is Completely Misleading (Score:5, Interesting)
It's all relative (Score:5, Funny)
Re: (Score:3)
Re: (Score:1)
To be fair .... the headline isn't "All Mac App Store Apps Already Hacked"
You were the one who assumed a totality. Which rarely exists [ notice I didn't say never ;-) ]
Re: (Score:1)
But it implies that all apps can be hacked, which is clearly misleading. Saying "Some Mac App Store Apps Already Hacked" would be more accurate, but much less sensational.
The way you are reading it, it should say "All Mac App Store Apps Already Hacked" but they never said all. The way it is written only implies that Mac apps in the store have been hacked, which is correct.
Re: (Score:3)
It doesn't say 'Mac App Store Hacked'... it says 'Mac App Store *APPS* Hacked', which is quite clear in my book.
They're not even hacked! Since when does not implementing something count as being hacked?
Re: (Score:2)
The terms "hacking" and "hacker" have been carelessly misused for a very long time. When something as blatantly simple as manipulating a file in a package is considered to be an act of hacking, it makes me twitch, too. Kind of like the way that all the script kiddies in the world are referred to and feared as "hackers."
Re: (Score:2)
This reminds of a few days ago I saw on Sourceforge that stupid DDOS script kiddy program made for and by channers and half the comments were about 0wnz1ng people and the other half were people saying "it has a virus!" because mommys computer's Norton install started to freak out when it checked the signature of a known hacker utility
Re:This Is Completely Misleading (Score:5, Informative)
But the summary says Apple's DRM has been circumvented.
DRM isn't mentioned in the article, and it is clear from reading TFA that this has nothing to do with Apple's DRM scheme (that is not mentioned in the article), but a way to trick the Rovio app.
Complete waste-of-time non-issue FUD.
Re: (Score:2)
They must have forgotten that a real Mac is a general purpose computer and not a walled garden like the iThings are.
Re: (Score:2)
Not for long. The iOS app store is a runaway success and has now been adapted for the desktop.
It would surprise me Apple staff were not beavering away to retrofit most of the OS X APIs to their iOS counterparts, supplementing the new platform where necessary. Any obscure 'legacy' NeXTSTEP/OSX API will become deprecated. One API, one platform for iPod, iPhone, iPad, iMac.
Want to run apps outside the walled garden? Install iOS Professional through their developer program or volume license iOS Enterprise.
Details on how app devs can update their binaries (Score:5, Informative)
Fix for mac developers (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
horrible title (Score:4, Informative)
Did the poster read the article? Angry Birds can be copied freely by switching out a file used for Twitter because Angry Birds didn't use Apple's recommended security.
I love to take jabs at Apple and the Cult of Steve, but this is a completely inappropriately titled article.
Re: (Score:1)
Re:horrible title (Score:5, Insightful)
If that is what's passing for hacking these days, oh how far we have fallen.
More accurate, but less sensational, would be "developers ignore security suggestion from Apple and are bitten by weak receipt checking". It's less catchy too, as a title.
Re: (Score:3)
It's entirely possible that the revelant developers simply don't care that much.
DRM is an end user annoyance that ultimately doesn't stop piracy. Perhaps someone decided it would be good to be less annoying.
Or perhaps they just aren't that fixated.
Re: (Score:2)
Re: (Score:2)
Quite possibly - Rovio are already probably annoyed from all the paper cuts on their tongues from using forks made of money, so losing a little revenue to people copying the desktop version of Angry Birds is unlikely to worry them unduly. They're probably more focused with fixing the crash bug. The app is crashing on launch for a non-trivial number of users, resulting in a flurry of 1 star posts in their review section. Their priority will be to fix that.
In general serial numbers and licences on the Mac pla
Re: (Score:2)
DRM is an end user annoyance that ultimately doesn't stop piracy. Perhaps someone decided it would be good to be less annoying.
Here's what Apple does: If you download app X onto Macintosh Y then it comes with an unforgeable receipt that says "app X is allowed to run on Macintosh Y". Free apps do nothing if they don't care about being copied. If you care, you check: 1. Is there a receipt. 2. Is it a valid receipt. 3. Is it a valid receipt for this Macintosh. 4. Is it a valid receipt for this application. If one of these four steps fails then the app should exit.
If an app ignores step 3. then obviously the app with the receipt can
Re: (Score:2)
Re: (Score:2)
Read the title again...
"Mac App Store Apps Already Hacked"
So far, only one has. But the title suggests many, and as if it were a Mac App Store problem.
Re: (Score:2)
I think it's a trivially accessed exploit rather than actual hacking. I'm not trying to downplay the error, just accurately categorise it.
I'm sure it's the first thing that the actual hacker tried - what happens when you drop a certificate from a free app into a paid one and try to hit the server for a licence key.
Everyone else doing it is hardly hacking though.
It would be hacking if they reverse engineered the certificate algorithm and made a certificate generator, but that's not what they did - they just
Re: (Score:2)
Since when was taking advantage of gaping exploits in software not hacking...
Since when is not implementing strict DRM an exploit? Quick OS X has a huge exploit and doesn't check for a valid serial number! Quick OpenOffice has a huge exploit, you can copy it without paying anyone!
The level of DRM a developer wants to implement is up to them. If they decide not to check or to check only for any valid account, that's up to them. They might make such a decision because they want to get to market faster and don't want to code and test it or because they actually don't mind people copyi
Re:horrible title (Score:4, Interesting)
Steam works this way too. Any store with a centralised system that handles the user accounts and requires third parties to access them if they want to have a serial number. The store happens to work that way, and selling an app through it doesn't necessarily require a licence check (eg, free apps) but if you want to sell your app, the method for linking a licence key to an iTunes account is documented.
Re: (Score:2)
Movies (Score:2)
Apps cracked and yet there is still no way to remove the DRM from iTunes Movies....
Re: (Score:3)
Only clueless moron would buy ANYTHING from itunes. The fresh fruit is free (of the hardware and software), the rotten fruit is to bind yourself to one manufacturer.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Only clueless moron would buy ANYTHING from itunes.
Meh... the DRM-free music is not bad and quite quick, especially when not in front of your computer. The $0.99 games for my kid won't kill me, either. Really it is no different than buying a game for any other platform... And renting a movie for $0.99 is no different than checking one out on a RedBox, except that you don't have to move your large ass over to the grocery store.
Why one would PURCHASE a movie on iTunes, I cannot say.
Who is surprised? (Score:5, Interesting)
I don't think the goal of the App Store was to provide an impervious DRM store solution. We have known for years (and many vendors will tell you) that is an unrealistic expectation. Apple simply wants a revenue stream where people can easily purchase and install licensed versions of software. As a store, they should try to disrupt all illegal sharing to the best of their ability. Don't be surprised if the 1.1 version of all the software requires a license check. I'm of the opinion that they are going to use the same "we'll annoy them to death" method they have used for the iTunes store which has proven to be a good business model. Sure, you can usually find cracked free stuff, but you must be willing to hack your system or jump through hoops to make it work normally... but it's always one update away from not working.
The older I get, the less I like to jump.
Re: (Score:2)
They already do - and the developers who have been burned by this simply didn't follow Apple's recommendation to have more rigorous checking in place.
Re: (Score:2)
The older I get, the less I like to jump.
Sadly, I've found this true IRL as well.
Re: (Score:2)
Apple simply wants a revenue stream where people can easily purchase and install licensed versions of software.
Like iTunes and the iPhone App Store, I suspect this is about selling hardware. Taking a 30% cut of app sales while providing the hosting and the credit card processing and while taking on the burden of hosting the lion's share of all the freeware in existence is unlikely to be a significant money maker. It certainly has not been on the IPhone. Rather, this is a way to make more people think Macs are easy to use by making getting apps easier, reducing crashes, and slightly mitigating security risks. The sto
Marketing trick (Score:2)
Re: (Score:2)
Stupid Summary (Score:1)
DRM isn't mentioned in the article, nor is it even inferred.
But hey, what better way to get a bunch of hyper-sensitive DRM haters to click a link!?
Re: (Score:2)
DRM isn't mentioned in the article, nor is it even inferred.
But hey, what better way to get a bunch of hyper-sensitive DRM haters to click a link!?
Line one of the article, in case you missed it (easy to do, it's in 15px and bold):
The Mac App Store has only been open for 24 hours but methods for circumventing Apple's DRM are already hitting the Web.
I agree this actually has nothing to do with DRM amd DRM is not mentioned in the original tutorial, but it's definitely mentioned in the article linked from the summary.
Re: (Score:2)
Oh yes, indeed, there it is. Proof that, in making everything BOLD, nothing stands out (page layout 101).
Then it's not a bad slashdot summary, it's a bad article summary.
Re: (Score:2)
To click on a link? No, not in Slashdot.
-dZ.
Protection not worth the effort (Score:2)
That's why I personally did not even bother trying for my own brick game Colibricks. I just hope enough honest people are going to download it. If they can dig into an application bundle to replace a file, they will certainly be able to download the l
Re: (Score:2)
Pirate software, much? (Score:2)
Is this really any different from any other way of obtaining pirate commercial software? Sure there are extra steps app store developers could take to make it more difficult but there's plenty of commercial software that installs quite happily with just a serial number, and at any rate you can use all the DRM and copy protection in the world but all it takes is one hacker to post a cracked version on bittorrent and anyone can get hold of it just as easily.
Apps Don't Use DRM - Everyone Panic! (Score:2)
Seriously, the whole story is that some apps aren't checking to see if the Mac in question has a receipt for that app. Most apps on OS X don't bother checking registration now. Heck, OS X doesn't even check to see if the user has a valid key. First, how is this news? Second, why the hell is apps not using DRM being spun on Slashdot as a BAD thing? Seriously, when did Slashdot become pro-DRM? Oh no apps are freely copyable and users can share them without DRM getting in the way, if the app developer made th
Re: (Score:3)
Apparently, it's the developers (Score:2)
Re: (Score:2)
It may be the right one, but I still don't understand how "42" is supposed to help me.
Re: (Score:2)
I always thought something was fundamentally wrong with the universe.
Re: (Score:2)
Re: (Score:2)
And just by using Macs, they are daring to defy both Overlord Bill and Master Linus.
Don't be so conceited: computer users all bow to someone.
I have a hard time identifying who I am bowing to, when I use Free Software... Not Linus, nor Stallman, is telling me what to do with my machine.
But you are right that we cannot blame Apple for non-documented usage that leads to problems. Unless of course there is a good reason ('refusing to bow' if you will) for non-compliance (I have no clue whether this is the case, but I could think of some possible ones) - in that case, they are suffering problems for which Apple is to blame. Any comparable harm on a F
Re: (Score:1)
Don't be so conceited: computer users all bow to someone. It is only a matter of changing the names and the nuances of the bow.
The bow (before it became associated with totalitarian/monarchial government) is shown as a sign of respect. And I only bow in that context - if someone does something I respect, I bow. In that vein, if someone makes a program (or even an OS) I like, I bow.
So stop trying to change the definition to "On one's knees, moving their torso towards the ground and back with hands straight up repeatedly."
Re: (Score:2)
No, first time you run the mac app store, applications installed via other means (installer,copy,whatever) are detected and marked as already installed.
Marked installed? What does that mean? How is Apple identifying apps they've never even seen?
There are reports that applications are detected even when copied to other volumes.
What reports and how are people claiming to know this? Citation?
Until there is evidence to the contrary or apple explicitly denies it, assume that your apple id is associated with whatever you had in your hard drive.
Now that would be quite a trick since the App Store app doesn't autodetect your AppleID from iTunes and asks you to enter one. So how are they associating the ID with the apps on the first run, when the application doing the detecting does not yet know the ID?
All I've seen so far is some fairly spurious guessing on your part. Perhaps you're confused bec