Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Reverse Engineering and Modifying Windows 8 appsAngelJustinHi folks,In this article I’ll share the results of ad-hoc secur...
And here’s the hidden folder backing it up:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/Reverse...
Gaining Access to C:Program FilesApplicationsIn essence you’ll need to navigate to that folder, hit “Security Tab” and set...
3. After hitting “Continue”, you’ll be confronted by the following dialogue:Do not hit “close”, instead click the “securit...
5. Click the “change” link in the owner security field.6. Add in your live ID or windows 8 user name to the “select user o...
7. Click “OK”, Click “OK”, Click “Ok”.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngin...
8. Type in “C:Program FilesApplications” in the Windows Explorer address bar and hitenter. You now have access to the Appl...
What’s in C:Program FilesApplications?For HTML apps the folder contains all of their source code and it can modified.For C...
Intellectual Property of anyone choosing to write any HTML & JS & CSS only app for anyplatform under risk.For example, her...
Modifying HTML & Javscript & CSS Win8 appsPart of the problem with interpreted languages is that they don’t compile until ...
Let’s modify the HTML, Javascript and CSS for this application: (for the sake of brevitywe’ll only walkthrough a simple HT...
By modifying the HTML & CSS & Javascript source code we can change the visualdesign to something a bit more visually pleas...
picture of the logged in user as the background. We have the power to completelychange both the visual design and the exec...
It would be a trivial endavour to manually edit this Javascript file and remove the“licenseInformation.isTrial” check. And...
in KaXaml (http://kaxaml.com/) and see the XAML source code:Using JetBrains dotPeek (http://www.jetbrains.com/decompiler/)...
Modifying C# + XAML Win8 appsThe XAML for Win8 apps is stored in plain-text and can be edited from any text editingtool. T...
Editing the XAML is fairly trivial since it’s stored as a plain text file:Reverse Engineering and Modifying Windows 8 apps...
Editing C# can be done using Reflector’s Reflxil MSIL Editor:Reverse Engineering and Modifying Windows 8 apps http://justi...
With some light modifications to the XAML and C# code we can change the display andbehaviour of the app:Reverse Engineerin...
Reverse Engineering C++ Win8 appsI’ll confess to not being a strong C++ developer (gasp!) so I’ll keep this brief by showi...
notepad and searching for “https” addresses reveals the following URL:Following the http://go.microsoft.com/fwlink/?LinkId...
couple of disturbing things:It is possible to reverse engineer and modify HTML, JavaScript and CSS codeshipped in Win8 app...
Here are few suggestions for what some of those potential aforementioned hardshipsmight be:Obfuscate C#/VB.Net projects by...
The alternate location for Visual Studio app deployment and all other app deploymentare controlled by the registry folder ...
(http://creativecommons.org/licenses/by/3.0/).CommentsJeremy Says:Very nice article Justin, thanks for sharing. I started ...
How does one sign HTML files? You stick a signature in a fileand put it alongside the rest. You know, the same way that yo...
Whats the problem the site beeing in silverlight?-.-Michael Crump Says:Excellent blog post Justin! I have also heard that ...
Philippe Da Silva Says:With every new OS comes new security threats especially when youreadding something new that hasnt b...
piers7 Says:As an aside, in the keynote Sinofsky claimed the Apps app was writtenin Javascript/HTML, whereas you seem to s...
OS. On an open system like a PC, its impossible to stop this.Its just the reality of software development. If you make goo...
anyone can see it is an idiot. Almost all the code that ACTUALLYMATTERS is server side. On Windows 8 all the important cod...
How you think hackers crack Adobe products one release after other,just few days or hour before program availability? one ...
Upcoming SlideShare
Loading in …5
×

Reverse engineering and modifying windows 8 apps

7,406 views

Published on

Published in: Technology
  • Be the first to comment

Reverse engineering and modifying windows 8 apps

  1. 1. Reverse Engineering and Modifying Windows 8 appsAngelJustinHi folks,In this article I’ll share the results of ad-hoc security vulnerabilities research I’ve done onwindows 8 apps deployment. Specifically, we’ll discuss fundamental design flaws thatallow to Reverse Engineer Win8 apps, modification of installed apps and the negativeimplications on Intellectual Property rights protection, Licensing models and overall PCsecurity. Finally we’ll discuss some creative ideas on how to mitigate these securityissues.Meet the mother-load: C:Program FilesApplicationsAll Windows 8 applications in the developer preview are installed under the clandestineC:Program FilesApplications location. I will hazard a guess and say that once theWindows App Store goes online it will install all apps under that folder. Currently thefolder is an invisible one and cannot be accessed from Windows Explorer user interfaceon a new Win8 developer preview install.Here’s an example of some of the 29 apps Win8 apps installed on the Win8 developerpreview:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps1 of 32 21-Dec-12 12:36 PM
  2. 2. And here’s the hidden folder backing it up:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps2 of 32 21-Dec-12 12:36 PM
  3. 3. Gaining Access to C:Program FilesApplicationsIn essence you’ll need to navigate to that folder, hit “Security Tab” and set yourself up asthe owner. Let me walk you through that process step-by-step.1. Type in “C:Program FilesApplications” in the Windows Explorer address bar and hitenter.2. Observe in shock and dismay the system dialogue saying you don’t own a folder onyour own machine. Hit “Continue”.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps3 of 32 21-Dec-12 12:36 PM
  4. 4. 3. After hitting “Continue”, you’ll be confronted by the following dialogue:Do not hit “close”, instead click the “security tab” link.4. In the following system dialogue click “advanced”.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps4 of 32 21-Dec-12 12:36 PM
  5. 5. 5. Click the “change” link in the owner security field.6. Add in your live ID or windows 8 user name to the “select user or group” systemdialogue.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps5 of 32 21-Dec-12 12:36 PM
  6. 6. 7. Click “OK”, Click “OK”, Click “Ok”.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps6 of 32 21-Dec-12 12:36 PM
  7. 7. 8. Type in “C:Program FilesApplications” in the Windows Explorer address bar and hitenter. You now have access to the Applications folder.What type of apps ship with Windows 8?Looking at this folder it’s fairly easy to determine what type of apps ship with Windows 8developer preview.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps7 of 32 21-Dec-12 12:36 PM
  8. 8. What’s in C:Program FilesApplications?For HTML apps the folder contains all of their source code and it can modified.For C# apps the folder contains the XAML source code and a compiled reverse-engineerable and modifiable version of the C# code.For C++ directX apps the folder contains compiled binaries. Honestly, C++ isn’t myspecialty so I’ll avoid discussing it at any great length.Reverse Engineering HTML & Javscript & CSS Win8appsThere’s a fundamental design flaw in the concept of HTML apps. HTML, Javascript andCSS are all interpreted languages, and not compiled languages. Meaning you have toship the source code for your app instead of shipping compiled binaries. That puts theReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps8 of 32 21-Dec-12 12:36 PM
  9. 9. Intellectual Property of anyone choosing to write any HTML & JS & CSS only app for anyplatform under risk.For example, here’s the HTML source code for the Tweet@rama Win8 app code:And here’s the tweet@rama Javascript code that does the actual posting to Twitter:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps9 of 32 21-Dec-12 12:36 PM
  10. 10. Modifying HTML & Javscript & CSS Win8 appsPart of the problem with interpreted languages is that they don’t compile until the veryinstance they are executed. Which allows evil-doers to edit the code prior to execution.For example, here’s a print screen of the tweet@rama default app;Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps10 of 32 21-Dec-12 12:36 PM
  11. 11. Let’s modify the HTML, Javascript and CSS for this application: (for the sake of brevitywe’ll only walkthrough a simple HTML change)Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps11 of 32 21-Dec-12 12:36 PM
  12. 12. By modifying the HTML & CSS & Javascript source code we can change the visualdesign to something a bit more visually pleasing:Notice that we’ve changed both the design and behaviour of the app by modifying thesource code. The new design has a different title, and the new behaviour is using theReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps12 of 32 21-Dec-12 12:36 PM
  13. 13. picture of the logged in user as the background. We have the power to completelychange both the visual design and the executing source code of HTML & CSS & JSwin8 apps.New breed of viruses?Any unauthorized malware that gains access to C:Program FilesApplications couldpotentially modify source code to execute in malicious ways. Since this is the directionWin8 apps are taking writing this type of viruses is likely to become a growth industry.For example we could look at the tweet@rama app once again. The most valuable assetthat app has is our twitter oauth credentials. A virus would be able to modify thetweet@rama source code so once it executes it retrieves those credentials and sendsthose to a malicious remote endpoint. The following code interjected into the Javascriptcode of tweet@rama would do just that:New breed of cracks?Any unauthorized executable that gains access to C:Program FilesApplications couldpotentially modify source code to workaround Windows Store app purchasing andlicensing logic. The whole concept of Trials and feature purchases are based onJavascript, C# or C++ code invoking Windows 8 RuntimeTime APIs for the WindowsStore. Any change to that code could potentially change the purchasing and licensinglogic for that app.For example, In BUILD conference Microsoft’s Arik Cohen demonstrated(http://channel9.msdn.com/Events/BUILD/BUILD2011/APP-123T) (35:25) the followingcode that performs a Javascript check for isTrial.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps13 of 32 21-Dec-12 12:36 PM
  14. 14. It would be a trivial endavour to manually edit this Javascript file and remove the“licenseInformation.isTrial” check. And by doing so removing Trial restrictions from thissample Win8 app.If this set of problems are not mitigated, app piracy through app modification forWindows Store apps will likely become quite prevalent.Reverse Engineering C# + XAML Win8 appsC# code is shipped in compiled EXE & DLL binaries. XAML is shipped as plain textsource code. That makes both forms of code extremely susceptible to reverseengineering.For example, we could open up the “Memories” (C# WinRT XAML app) MainPage.xamlReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps14 of 32 21-Dec-12 12:36 PM
  15. 15. in KaXaml (http://kaxaml.com/) and see the XAML source code:Using JetBrains dotPeek (http://www.jetbrains.com/decompiler/) it would be possible tosee the C# source code for the Memories app:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps15 of 32 21-Dec-12 12:36 PM
  16. 16. Modifying C# + XAML Win8 appsThe XAML for Win8 apps is stored in plain-text and can be edited from any text editingtool. The .net binaries are unsigned and thus can be edit using the MSIL Weaving toolReflexil (http://reflexil.net/).For example, here’s the “Memories” C# XAML app shipping with Windows 8 developerpreview:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps16 of 32 21-Dec-12 12:36 PM
  17. 17. Editing the XAML is fairly trivial since it’s stored as a plain text file:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps17 of 32 21-Dec-12 12:36 PM
  18. 18. Editing C# can be done using Reflector’s Reflxil MSIL Editor:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps18 of 32 21-Dec-12 12:36 PM
  19. 19. With some light modifications to the XAML and C# code we can change the display andbehaviour of the app:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps19 of 32 21-Dec-12 12:36 PM
  20. 20. Reverse Engineering C++ Win8 appsI’ll confess to not being a strong C++ developer (gasp!) so I’ll keep this brief by showingC++ apps are also susceptible to reverse engineering. It appears that Microsoft’s Storeapp is written in C++. The most important asset that app would have are the endpointsfor the Microsoft store. Opening the C:WindowsSystem32WinStoreWinStoreUI.dll inReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps20 of 32 21-Dec-12 12:36 PM
  21. 21. notepad and searching for “https” addresses reveals the following URL:Following the http://go.microsoft.com/fwlink/?LinkId=195322&clcid=0x409(http://go.microsoft.com/fwlink/?LinkId=195322&clcid=0x409) URL leads to a currentlyinactive URL of https://services.apps.microsoft.com/browse(https://services.apps.microsoft.com/browse). I would hazard a guess that this is theURL currently being used to test the Windows App Store.What have we conclusively proven during this blogpost?Keeping in mind that Windows 8 is only an alpha developer release, we’ve seen aReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps21 of 32 21-Dec-12 12:36 PM
  22. 22. couple of disturbing things:It is possible to reverse engineer and modify HTML, JavaScript and CSS codeshipped in Win8 apps.1.It is possible to reverse engineer and modify C#/VB.Net source code shipping withWin8 apps.2.It is possible to reverse engineer and modify XAML source code shipping withWin8 apps.3.It is possible to (at some limited level?) reverse engineer C++ Win8 apps.4.Can Microsoft completely solve this problem?No. In my opinion, apps shipping as part of all app stores will always be vulnerable atsome limited level to reverse engineering and modification.Can Microsoft mitigate this problem?Yes, Microsoft can make apps significantly more temper-proof and pile a lot of hardshipson those seeking to reverse engineer and modify Win8 apps. Assuming malicious codeand people can’t access C:Program FilesApplications seems naïve at best.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps22 of 32 21-Dec-12 12:36 PM
  23. 23. Here are few suggestions for what some of those potential aforementioned hardshipsmight be:Obfuscate C#/VB.Net projects by default: .net projects default to shipping withunobfuscated source code. If Microsoft is serious about introducing a WindowsApp store obfuscation has to be turned on by default for all .net project, not just anice-to-have addon like it is right now. The VS2011 team should investigate andintegrate an obfuscation solution directly into the product and turn it on for all new.net projects. This would make it harder to reverse engineer .net apps.1.Minify HTML, Javascript and CSS projects by default: With the joys of desktopdeployment web developers will likely forsake Javascript, HTML and CSSminification. Again, a good path forward here is to make sure all HTML, Jacascriptand CSS code is minified by default. This step would make it harder to reverseengineer HTML apps.2.Strongly sign all .net assemblies by default: Strong-signing has been part of the.net framework for 10 years now. Turn it on by default with a unique developerlicense certificate for all Win8 .net apps. Make sure Win8 AppContainers only runsigned apps, don’t even have a hidden registry key to enable unsigned apps (likeWP7 does (http://twitpic.com/6josnn)). That would make it harder to modify .netapps.3.Checksum HTML, Javascript and CSS project before startup: Even if it’sunpreventable that modifying Win8 HTML apps would take place, run a checksumon all files before loading the app into memory. That would make it harder tomodify Win8 HTML apps. It sounds like AppBlockMap.xml is supposed to dosomething similar, but it doesn’t seem to work.4.Don’t store App’s executing files as plain-old files on the user’s hard-drive: Itshouldn’t be possible to even see the files shipping with an app by default usingjust Windows Explorer. A lossless compressed folder with DRM protection wouldbe a good step forward here. This should make it harder to reverse engineer Win8apps.5.tl;dr: If Microsoft doesn’t undertake the aforementioned steps or comparable ones it’snot because it can’t, it’s because it doesn’t want to. If Microsoft chooses to ignore thisproblem for the remaining one year (?) development lifecycle for Windows 8 then it’s notbecause it couldn’t solve these problems.Visual Studio 2011 App DeploymentApps deployed by Visual Studio 2011 do not get deployed to C:ProgramFilesApplications but rather get deployed to C:Users<UserName>AppxLayouts.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps23 of 32 21-Dec-12 12:36 PM
  24. 24. The alternate location for Visual Studio app deployment and all other app deploymentare controlled by the registry folder HKEY_CURRENT_USERSoftwareClassesLocalSettingsSoftwareMicrosoftWindowsCurrentVersionAppModel.FeedbackHave questions about the methodologies used in this article?Have more interesting workarounds you’ve tried and like to share?Have interesting suggestions for the Microsoft folks on how to help mitigate thisproblem?Sound off in the comments!-- Justin Angel(Disclaimer: this article represents research I undertook on my own and is unsanctionedby any organizations or corporations I might be related with.)Published on 9/20/2011 12:00:00 AM by Justin Angel ©2012.This work is licensed under a Creative Commons Attribution 3.0 Unported LicenseReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps24 of 32 21-Dec-12 12:36 PM
  25. 25. (http://creativecommons.org/licenses/by/3.0/).CommentsJeremy Says:Very nice article Justin, thanks for sharing. I started to look at theproportion of HTML vs XAML vs Native apps and I appreciate yourdiagram. Im looking forward seeing what Microsoft will do to mitigatethose issues.pedro Says:You seem to forget a little detail.. Final apps will be signed.Justin Angel Says:Signed apps would be one of the small obstacles Ive mentioned.However, Im not sure what signing apps would mean for HTMLapps. How exactly does one sign HTML files?Also, more importantly, Signing attempts to protect againstModification. It does nothing to solve the Reverse Engineeringissue.pedro Says:Im guessing that app packages will be encripted and signed.And the reverse engineering is a non issue. How do youprotect current apps from being reverse engineered? Evenobfuscating .NET apps doesnt really protect you, it only makesit harder.If signing the apps is enough to prevent tempered code to beexecuted, Im OK with that.DrPizza Says:Can you explain to me which of these is a Windows 8 issue?Consider that the .NET decompilers are for, uh, all .NETprograms, not just Windows 8 ones, and that Web browsers letyou look at both HTML and JavaScript directly.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps25 of 32 21-Dec-12 12:36 PM
  26. 26. How does one sign HTML files? You stick a signature in a fileand put it alongside the rest. You know, the same way that yousign .inf files in driver packages.Justin Angel Says:Windows 8 made the choice to consume interpretedlanguages as offline application development languages. Iam calling out that it there are some issues with that plangoing forward in regards to the aforementioned concerns.How does one sign HTML files? It is possible to sign &encrypt anything. HTTPS for example is an encrypted andsigned HTTP transport layer.Addressing the core point of your argument: I believe thatMicrosoft has people smarter than myself that couldprovide more realistic solutions to the issues Ive raised.IMO This is a set of problems that have potential solutions.Luke Says:On the default user you enter more pc settings (frommetro) and open user.There is an option to switch to Microsoft account.This option is not available by default on the build-inadministrator account.Is it possible to enable this on the build-inadministrator?I can use most of the metro apps on the build-inadministrator account when/if I changethis regkey FilterAdministratorToken from 0 to 1Sarkie Says:When looking for string data in .exes.Use Stringshttp://technet.microsoft.com/en-us/sysinternals/bb897439Aside:Why is this whole site in Silverlight?Alberto Says:Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps26 of 32 21-Dec-12 12:36 PM
  27. 27. Whats the problem the site beeing in silverlight?-.-Michael Crump Says:Excellent blog post Justin! I have also heard that final apps will besigned. But right now you have exposed several flaws that Microsoftneeds to be aware of.Jeremy Brayton Says:Signing happens at the project level, not individual files. I want tospeculate that the dev preview was simply rushed and the DRMprotection were about to see in the Mango store is going to hit AppXtoo. Having to what amounts to unzipping an app before every run isgoing to increase at least that initial load time but you could use atemporary secure location to cache this kind of stuff. They mightvethought this would be sufficient but you proved how easy it was tounlock that jail cell.Regarding checksums against HTML content, I would say just do achecksum against the *entire project* as one motion. Its essentially thesame thing but were really interested in the sum, not so much individualfiles but doing them individually would be a way for us to tell which filehas been tampered with so Im a little on the fence about my ownsuggestion.I think if we start to get to the beta and RC stages and no significantchanges are made in this area that all of us should worry. Im glad theycan address it now and Im glad you figured this out to make sure theydo. Theres still plenty of time to plug these holes but we definitely needto keep a fire up their ass to make sure our apps arent cracked in onefell swoop. If Im relying on your app store and one point of failure is allthat is needed to expose EVERY app, you might want to rethink yourdesign a bit and I hope they at least give us the option to run extralicensing mechanisms on top if we so choose. If they dont plug theseholes AND get heavy handed there, I could never recommenddeveloping for their app store.Fallon Massey Says:Does that mean that C++ is the best language to program in?Because with C++, youll need a disassembler, and that still wont netyou the correct code.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps27 of 32 21-Dec-12 12:36 PM
  28. 28. Philippe Da Silva Says:With every new OS comes new security threats especially when youreadding something new that hasnt been tested accross mainstreamaudience.While I dont care much about seeing people modifying apps I purchasesince it opens the way to application "mods" that us, consumers, willdecide to use or not, Im way more worried about the Win8 Apps being areal system security threat for viruses and other malware that could acton my behalf in my machine.This should definitivelly be the top security priority of Microsoft from mypoint of view.I personally see Win8 Apps as Rich Clients for distributed & cloudcontent or processing. I cant think of any application that would makeuse of the Metro UI and paradigm that dont fall into such userrequirements.For all other user requirements, well stick to our old yet very familiarExplorer environment ;)All in all, Im really glad to see Microsoft finally taking a step backward,looking at the market and sharing with us what they see as the future ofour computer/software usage ;)Ian Griffiths Says:Session PLAT-905C went into quite a lot of detail on applicationpackaging. The signing mechanism covers everything in the package,and is independent of file type. You could even put binary files with aformat of your own devising in there and itd still be able to check theirvalidity. Logically speaking, its pretty similar to how Silverlight supportsit - you sign the container rather than individual files. In Silverlight, youcan apply a digital signature to the ZIP file, and thatll cover everythingin there, no matter what the format of the individual files. The fact thatthe streams happen to be extracted out into files in a folder in Win8 isno obstacle to this - it just requires a scheme for how the wholedirectory should be handled - as long as Win8 knows that (say) the appxmanifest contains a list of signatures for everything (including itself),then it can check everything. IIRC, thats pretty much how ClickOnceworked - it was able to check validity even when each of the resourcesin the app was downloaded separately. So this is not new.Nor is reverse engineering. C++, Xaml, and JavaScript are precisely aseasy to reverse engineer in Win8 as they were before.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps28 of 32 21-Dec-12 12:36 PM
  29. 29. piers7 Says:As an aside, in the keynote Sinofsky claimed the Apps app was writtenin Javascript/HTML, whereas you seem to suggest C++...dsurendra Says:Cool....ZUyq5def Says:Maliscious wont have access to the program filesapplications directory(among other things, such as signing). The steps that Justin goesthrough to access the directory require explicit user action - they cantbe done programmatically (unless the app already has privileges - inwhich case it doesnt really make sense for the app to go messing wother apps, because it can already do whatever the maliscious userwants).Justin Angel Says:Yep, the Program FilesApplications folder is protected the sameway modern-day Program Files directory and Windows directoryare protected.However many viruses, spyware and malware (if not the majority ofthose) currently use those locations to hide, store and modify theirexecutables.Theoretically, youre right to say theres a hurdle here. Practically,youll have to ignore the entire history of modern-day malware toclaim itll matter in the long run.rtruth Says:HTML and javascript are plaintext on the web, I dont see thatpreventing developers from writing code.Second of all, it doesnt matter if the code is plain text, .net, orassembled c code, you can always see the code. Even in c code, youjust disassemble the binary and its right there in front of you. You can dothe same things you are doing now with html.Also,even if the apps are signed, its only trivial to patch the check by theReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps29 of 32 21-Dec-12 12:36 PM
  30. 30. OS. On an open system like a PC, its impossible to stop this.Its just the reality of software development. If you make good software,it will be pirated. And those that pirate will never buy your stuff in thefirst place anyways.Zach Heise Says:Hi Justin, I was curious about this in the Customer Preview releasedyesterday, so I found your blog entry by searching for "windows 8programs file tree location" and got here. It looks as if in this version,c:program filesapplications no longer exists. Where could all of thesenewly-available "store-bought" (free) apps be living now that theyredownloaded?I hate all this handholding Metro does. I have a feeling Im going to beignoring it 90% of the time unless I want a news reader on a bus ridehome with a tablet. For actual work, its useless.Zach Heise Says:Nevermind, found it! CMD, plus dir /a:h in the program files folder,found that its now stored under c:program fileswindowsapps. Youprobably already knew that though!Vamshi Says:Wow thats a great find ! ,now i can at least some code of my favouriteapps ;)niks Says:y i m nt able to use these apps ???i hv devloper preview...Alex Says:Excellent article! Im looking forward to your next article concerningapps.Christian Says:Anybody who argues that people write html+js for the web even thoughReverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps30 of 32 21-Dec-12 12:36 PM
  31. 31. anyone can see it is an idiot. Almost all the code that ACTUALLYMATTERS is server side. On Windows 8 all the important code will beright there for people to steal. Think before you post next time.Kapil Says:Now folder name is WindowsApps.......Rufus Pearce Says:I have the RTM version of Windows 8 Pro, and the folder ProgramFiles/Applications does not exist. It has been moved somewhere else.Any idea where these apps can now be found?Brandon Says:How can one change the default install path for apps? I really dont wantall these apps eating up my small SSD drive!Alex Says:Seeing that you can change certain thing in the folder, is there any wayto launch desktop applications, while preserving image subway tile, onlyshifting toward openness. Exe or link?JuanK Says:This is not a microsoft problem, is allsoftware engineering problem.Decompile managed code is more dificult than just edit a javascript, butstill being an easy task. Decompile or extract/modify logic from nativebinaries is more dificult , but not impossible.Kept in moder times. Times when you assume that compile aan app willsecure your code is far far away in the past.If somebody wants to get the algoritms or logic in your aasemblies ,even native assemblies, just need to hire a young 19 years old guy withpassion for technology to reconstruct the algorithm based onopcodes/assembly, this is not trivial but not impossible, just the kid withfree time could do it.If you want to modify any application behavior, just need to known whatplatform is and make the changes.Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps31 of 32 21-Dec-12 12:36 PM
  32. 32. How you think hackers crack Adobe products one release after other,just few days or hour before program availability? one or two guys withfree time knowing assembly, change the opcodes or object linkg foranother and .... pufff ... the program think you have an original copy.Current world is not easy. You want to protect your algorithms or logic?--> get patents for those you really need to protect.Even thinks like connection string to db connections are in risk, youcould encript a connection string to avoid direct code/config filesattacks, but in some time, even for little bit of time, the string will bedecrypted in memory and then a young guy with lot of free time couldget the string after hours of patience and retries.Legal terms, agreements etc are the final protections.Sure, you need to protect your application in any way, obfusctate code,use in memory secure strings for sensitive data, encription in anycomplexity levels etc, thats necesary because for more protections youuse, less young people with lots of free time will success breaking yoursecure barriers.JuanK Says:btw, take a llook at this important notes: http://stackoverflow.com/questions/12754265/is-there-any-prevention-methods-for-removing-istrial-and-trivially-cracking-wiScott Says:LOL..once again youre breaking into jail with this one ;)Oh man.. that just makes me sad to see the above and how simple itwas to hax0r it (not that I knew, but now we do know).Thessaly Says:How can I gain access to your article "reverse engineering for Win8games"?Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps32 of 32 21-Dec-12 12:36 PM

×