The document discusses security vulnerabilities in Windows 8 apps that allow for reverse engineering and modification. It describes how apps' source code is stored openly on users' machines, allowing easy access and editing of HTML, JavaScript, CSS, XAML, and .NET code. This could enable new viruses, app piracy through modification, and extraction of intellectual property. The author provides steps to access and modify sample apps as proofs of concept and suggests mitigation strategies for Microsoft.
Bruh! Do you even diff?—Diffing Microsoft Patches to Find VulnerabilitiesPriyanka Aash
Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.
(Source: RSA USA 2016-San Francisco)
Bruh! Do you even diff?—Diffing Microsoft Patches to Find VulnerabilitiesPriyanka Aash
Ever wondered how to find bug fixes residing in Microsoft patches? In this presentation we will take a look at the tools and techniques used to reverse engineer Microsoft security patches. Many organizations take weeks to push out patches to their domains. If an attacker can locate the fix and get a working exploit going, they can use it to compromise your organization.
(Source: RSA USA 2016-San Francisco)
In this article, we discuss the design of an iframe injector used to infect web-hosting software such as cPanel in an automated manner. Several different iframe injector designs exist, but we look at one of the most basic: NiFramer.
This Presentation (Android) is prepared by me for Education Purpose. And be careful for Hyperlinks. There are so many Hyperlinks. Just click on them.
Thank You
Mr. SOM
This white paper addresses the new challenges in software protection for the .NET Framework in addition to providing a variety means for protecting your applications.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Presentation describing the best practices concerning Android Offline Storage.
Examples included on manual encryption of files, SQLCipher, and tamper detection
This presentation gives detailed overview of Android, Android Architecture, Software Stack, Platform, Database Support, Licensing, File System, Network Connectivity, Security and Permissions, IDE and Tools, Other IDEs Overview, Development Evaluation, Singing your application, Versioning your application, Preparing to publish your application, Publish your App on Android Market. This presentation also includes links to sample exampled.
Note: Few slides from this presentation are taken from internet or slideshare.com as it is or modified little bit. I have no intention of saying someone’s else work as mine. I prepared this presentation to just educate co-workers about android. So I want the best material from internet and slideshare.com.
This December Patch Tuesday attackers have added a smattering of coal to the gifts in our holiday stockings. You don’t want the Flash exploits slipping down the chimney while your back is turned, so make sure Adobe is on your list for maintenance goodies. Attackers could also turn the lights out on your holiday festivities via a Microsoft zero day and public disclosure, so prioritize those CVEs—and make sure you’ve checked off the other updates before shutting off the lights on 2018. Happy patching and happy holidays!
In this article, we discuss the design of an iframe injector used to infect web-hosting software such as cPanel in an automated manner. Several different iframe injector designs exist, but we look at one of the most basic: NiFramer.
This Presentation (Android) is prepared by me for Education Purpose. And be careful for Hyperlinks. There are so many Hyperlinks. Just click on them.
Thank You
Mr. SOM
This white paper addresses the new challenges in software protection for the .NET Framework in addition to providing a variety means for protecting your applications.
ToorCon 14 : Malandroid : The Crux of Android InfectionsAditya K Sood
The Android platform has been plagued by malware for the past several years. Despite all attempts to detect and mitigate malicious applications on Android, malware is still flying under our radar and getting on our devices and causing millions of users financial and data loss every year. Additionally, the malware analysis community is at a large disagreement on how Android malware should be classified. In this talk, we’ll dive into the tactics, tools and procedures used by Android malware today, including several case studies of exceptional malware samples. By analyzing real code used by malware in the wild, we’ll be able to show the advancements in Android malware from a design perspective.
Presentation describing the best practices concerning Android Offline Storage.
Examples included on manual encryption of files, SQLCipher, and tamper detection
This presentation gives detailed overview of Android, Android Architecture, Software Stack, Platform, Database Support, Licensing, File System, Network Connectivity, Security and Permissions, IDE and Tools, Other IDEs Overview, Development Evaluation, Singing your application, Versioning your application, Preparing to publish your application, Publish your App on Android Market. This presentation also includes links to sample exampled.
Note: Few slides from this presentation are taken from internet or slideshare.com as it is or modified little bit. I have no intention of saying someone’s else work as mine. I prepared this presentation to just educate co-workers about android. So I want the best material from internet and slideshare.com.
This December Patch Tuesday attackers have added a smattering of coal to the gifts in our holiday stockings. You don’t want the Flash exploits slipping down the chimney while your back is turned, so make sure Adobe is on your list for maintenance goodies. Attackers could also turn the lights out on your holiday festivities via a Microsoft zero day and public disclosure, so prioritize those CVEs—and make sure you’ve checked off the other updates before shutting off the lights on 2018. Happy patching and happy holidays!
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Installation of PC-Lint and its using in Visual Studio 2005PVS-Studio
The article is devoted to the first acquaintance with the PC-Lint 8.0 static analyzer of C++ code. The process of the tool installation and its initial setting is described.
“April showers bring May flowers”—but did you know May flowers bring June bugs? A less known line from that poem for sure, but quite apt for a Patch Tuesday synopsis where software updates are the name of the game. This June there’s more grist for the mill, though there are fewer patches than we’ve seen of late. Take note of the fix for a new zero day targeting a Flash bug. And use this relative downtime to make sure your patch processes are in good working order. Remember: Meltdown and Spectre are back with all new bugs to banish from your IT environment.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
Join us this month as we recap the Microsoft and 3rd Party security patches released on Patch Tuesday. We will discuss things to watch out for, products to be sure to test adequately, and which patches should be highest priority to roll out.
windows 11 bugs errors issues problemsssuser1eca7d
What bugs, errors, issues, or problems have you encountered while using Windows 11? How do you fix them? Do you ever come across these Windows 11 bugs?
Comparing static analysis in Visual Studio 2012 (Visual C++ 2012) and PVS-StudioPVS-Studio
After Visual Studio 2012 was released with a new static analysis unit included in all of the product's editions, a natural question arises: "Is PVS-Studio still relevant as a static analysis tool or can it be replaced by the tool integrated into VS?". A detailed answer with examples is given in this article. We have performed interface and usability comparison as well as a comparison of error diagnosis strength in real software code. The comparison was carried out on the source code of three open-source projects by id Software: Doom 3, Quake 3: Arena, Wolfenstein: Enemy Territory.
Windows 8: Touchable, Portable and CompatibleIntergen
Touchable, portable, and compatible: Microsoft has announced Windows 8. Come along to learn about some of the key changes that are coming in this next version of Microsoft’s operating system.
Ben Gracewood, Intergen's Solution Architect and Windows Phone MVP will go over the key new features inside Windows 8, and how they might affect your enterprise, your developers and your users.
Similar to Reverse engineering and modifying windows 8 apps (20)
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Reverse engineering and modifying windows 8 apps
1. Reverse Engineering and Modifying Windows 8 apps
Angel
Justin
Hi folks,
In this article I’ll share the results of ad-hoc security vulnerabilities research I’ve done on
windows 8 apps deployment. Specifically, we’ll discuss fundamental design flaws that
allow to Reverse Engineer Win8 apps, modification of installed apps and the negative
implications on Intellectual Property rights protection, Licensing models and overall PC
security. Finally we’ll discuss some creative ideas on how to mitigate these security
issues.
Meet the mother-load: C:Program FilesApplications
All Windows 8 applications in the developer preview are installed under the clandestine
C:Program FilesApplications location. I will hazard a guess and say that once the
Windows App Store goes online it will install all apps under that folder. Currently the
folder is an invisible one and cannot be accessed from Windows Explorer user interface
on a new Win8 developer preview install.
Here’s an example of some of the 29 apps Win8 apps installed on the Win8 developer
preview:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
1 of 32 21-Dec-12 12:36 PM
2. And here’s the hidden folder backing it up:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
2 of 32 21-Dec-12 12:36 PM
3. Gaining Access to C:Program FilesApplications
In essence you’ll need to navigate to that folder, hit “Security Tab” and set yourself up as
the owner. Let me walk you through that process step-by-step.
1. Type in “C:Program FilesApplications” in the Windows Explorer address bar and hit
enter.
2. Observe in shock and dismay the system dialogue saying you don’t own a folder on
your own machine. Hit “Continue”.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
3 of 32 21-Dec-12 12:36 PM
4. 3. After hitting “Continue”, you’ll be confronted by the following dialogue:
Do not hit “close”, instead click the “security tab” link.
4. In the following system dialogue click “advanced”.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
4 of 32 21-Dec-12 12:36 PM
5. 5. Click the “change” link in the owner security field.
6. Add in your live ID or windows 8 user name to the “select user or group” system
dialogue.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
5 of 32 21-Dec-12 12:36 PM
6. 7. Click “OK”, Click “OK”, Click “Ok”.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
6 of 32 21-Dec-12 12:36 PM
7. 8. Type in “C:Program FilesApplications” in the Windows Explorer address bar and hit
enter. You now have access to the Applications folder.
What type of apps ship with Windows 8?
Looking at this folder it’s fairly easy to determine what type of apps ship with Windows 8
developer preview.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
7 of 32 21-Dec-12 12:36 PM
8. What’s in C:Program FilesApplications?
For HTML apps the folder contains all of their source code and it can modified.
For C# apps the folder contains the XAML source code and a compiled reverse-
engineerable and modifiable version of the C# code.
For C++ directX apps the folder contains compiled binaries. Honestly, C++ isn’t my
specialty so I’ll avoid discussing it at any great length.
Reverse Engineering HTML & Javscript & CSS Win8
apps
There’s a fundamental design flaw in the concept of HTML apps. HTML, Javascript and
CSS are all interpreted languages, and not compiled languages. Meaning you have to
ship the source code for your app instead of shipping compiled binaries. That puts the
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
8 of 32 21-Dec-12 12:36 PM
9. Intellectual Property of anyone choosing to write any HTML & JS & CSS only app for any
platform under risk.
For example, here’s the HTML source code for the Tweet@rama Win8 app code:
And here’s the tweet@rama Javascript code that does the actual posting to Twitter:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
9 of 32 21-Dec-12 12:36 PM
10. Modifying HTML & Javscript & CSS Win8 apps
Part of the problem with interpreted languages is that they don’t compile until the very
instance they are executed. Which allows evil-doers to edit the code prior to execution.
For example, here’s a print screen of the tweet@rama default app;
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
10 of 32 21-Dec-12 12:36 PM
11. Let’s modify the HTML, Javascript and CSS for this application: (for the sake of brevity
we’ll only walkthrough a simple HTML change)
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
11 of 32 21-Dec-12 12:36 PM
12. By modifying the HTML & CSS & Javascript source code we can change the visual
design to something a bit more visually pleasing:
Notice that we’ve changed both the design and behaviour of the app by modifying the
source code. The new design has a different title, and the new behaviour is using the
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
12 of 32 21-Dec-12 12:36 PM
13. picture of the logged in user as the background. We have the power to completely
change both the visual design and the executing source code of HTML & CSS & JS
win8 apps.
New breed of viruses?
Any unauthorized malware that gains access to C:Program FilesApplications could
potentially modify source code to execute in malicious ways. Since this is the direction
Win8 apps are taking writing this type of viruses is likely to become a growth industry.
For example we could look at the tweet@rama app once again. The most valuable asset
that app has is our twitter oauth credentials. A virus would be able to modify the
tweet@rama source code so once it executes it retrieves those credentials and sends
those to a malicious remote endpoint. The following code interjected into the Javascript
code of tweet@rama would do just that:
New breed of cracks?
Any unauthorized executable that gains access to C:Program FilesApplications could
potentially modify source code to workaround Windows Store app purchasing and
licensing logic. The whole concept of Trials and feature purchases are based on
Javascript, C# or C++ code invoking Windows 8 RuntimeTime APIs for the Windows
Store. Any change to that code could potentially change the purchasing and licensing
logic for that app.
For example, In BUILD conference Microsoft’s Arik Cohen demonstrated
(http://channel9.msdn.com/Events/BUILD/BUILD2011/APP-123T) (35:25) the following
code that performs a Javascript check for isTrial.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
13 of 32 21-Dec-12 12:36 PM
14. It would be a trivial endavour to manually edit this Javascript file and remove the
“licenseInformation.isTrial” check. And by doing so removing Trial restrictions from this
sample Win8 app.
If this set of problems are not mitigated, app piracy through app modification for
Windows Store apps will likely become quite prevalent.
Reverse Engineering C# + XAML Win8 apps
C# code is shipped in compiled EXE & DLL binaries. XAML is shipped as plain text
source code. That makes both forms of code extremely susceptible to reverse
engineering.
For example, we could open up the “Memories” (C# WinRT XAML app) MainPage.xaml
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
14 of 32 21-Dec-12 12:36 PM
15. in KaXaml (http://kaxaml.com/) and see the XAML source code:
Using JetBrains dotPeek (http://www.jetbrains.com/decompiler/) it would be possible to
see the C# source code for the Memories app:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
15 of 32 21-Dec-12 12:36 PM
16. Modifying C# + XAML Win8 apps
The XAML for Win8 apps is stored in plain-text and can be edited from any text editing
tool. The .net binaries are unsigned and thus can be edit using the MSIL Weaving tool
Reflexil (http://reflexil.net/).
For example, here’s the “Memories” C# XAML app shipping with Windows 8 developer
preview:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
16 of 32 21-Dec-12 12:36 PM
17. Editing the XAML is fairly trivial since it’s stored as a plain text file:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
17 of 32 21-Dec-12 12:36 PM
18. Editing C# can be done using Reflector’s Reflxil MSIL Editor:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
18 of 32 21-Dec-12 12:36 PM
19. With some light modifications to the XAML and C# code we can change the display and
behaviour of the app:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
19 of 32 21-Dec-12 12:36 PM
20. Reverse Engineering C++ Win8 apps
I’ll confess to not being a strong C++ developer (gasp!) so I’ll keep this brief by showing
C++ apps are also susceptible to reverse engineering. It appears that Microsoft’s Store
app is written in C++. The most important asset that app would have are the endpoints
for the Microsoft store. Opening the C:WindowsSystem32WinStoreWinStoreUI.dll in
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
20 of 32 21-Dec-12 12:36 PM
21. notepad and searching for “https” addresses reveals the following URL:
Following the http://go.microsoft.com/fwlink/?LinkId=195322&clcid=0x409
(http://go.microsoft.com/fwlink/?LinkId=195322&clcid=0x409) URL leads to a currently
inactive URL of https://services.apps.microsoft.com/browse
(https://services.apps.microsoft.com/browse). I would hazard a guess that this is the
URL currently being used to test the Windows App Store.
What have we conclusively proven during this blog
post?
Keeping in mind that Windows 8 is only an alpha developer release, we’ve seen a
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
21 of 32 21-Dec-12 12:36 PM
22. couple of disturbing things:
It is possible to reverse engineer and modify HTML, JavaScript and CSS code
shipped in Win8 apps.
1.
It is possible to reverse engineer and modify C#/VB.Net source code shipping with
Win8 apps.
2.
It is possible to reverse engineer and modify XAML source code shipping with
Win8 apps.
3.
It is possible to (at some limited level?) reverse engineer C++ Win8 apps.4.
Can Microsoft completely solve this problem?
No. In my opinion, apps shipping as part of all app stores will always be vulnerable at
some limited level to reverse engineering and modification.
Can Microsoft mitigate this problem?
Yes, Microsoft can make apps significantly more temper-proof and pile a lot of hardships
on those seeking to reverse engineer and modify Win8 apps. Assuming malicious code
and people can’t access C:Program FilesApplications seems naïve at best.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
22 of 32 21-Dec-12 12:36 PM
23. Here are few suggestions for what some of those potential aforementioned hardships
might be:
Obfuscate C#/VB.Net projects by default: .net projects default to shipping with
unobfuscated source code. If Microsoft is serious about introducing a Windows
App store obfuscation has to be turned on by default for all .net project, not just a
nice-to-have addon like it is right now. The VS2011 team should investigate and
integrate an obfuscation solution directly into the product and turn it on for all new
.net projects. This would make it harder to reverse engineer .net apps.
1.
Minify HTML, Javascript and CSS projects by default: With the joys of desktop
deployment web developers will likely forsake Javascript, HTML and CSS
minification. Again, a good path forward here is to make sure all HTML, Jacascript
and CSS code is minified by default. This step would make it harder to reverse
engineer HTML apps.
2.
Strongly sign all .net assemblies by default: Strong-signing has been part of the
.net framework for 10 years now. Turn it on by default with a unique developer
license certificate for all Win8 .net apps. Make sure Win8 AppContainers only run
signed apps, don’t even have a hidden registry key to enable unsigned apps (like
WP7 does (http://twitpic.com/6josnn)). That would make it harder to modify .net
apps.
3.
Checksum HTML, Javascript and CSS project before startup: Even if it’s
unpreventable that modifying Win8 HTML apps would take place, run a checksum
on all files before loading the app into memory. That would make it harder to
modify Win8 HTML apps. It sounds like AppBlockMap.xml is supposed to do
something similar, but it doesn’t seem to work.
4.
Don’t store App’s executing files as plain-old files on the user’s hard-drive: It
shouldn’t be possible to even see the files shipping with an app by default using
just Windows Explorer. A lossless compressed folder with DRM protection would
be a good step forward here. This should make it harder to reverse engineer Win8
apps.
5.
tl;dr: If Microsoft doesn’t undertake the aforementioned steps or comparable ones it’s
not because it can’t, it’s because it doesn’t want to. If Microsoft chooses to ignore this
problem for the remaining one year (?) development lifecycle for Windows 8 then it’s not
because it couldn’t solve these problems.
Visual Studio 2011 App Deployment
Apps deployed by Visual Studio 2011 do not get deployed to C:Program
FilesApplications but rather get deployed to C:Users<UserName>AppxLayouts.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
23 of 32 21-Dec-12 12:36 PM
25. (http://creativecommons.org/licenses/by/3.0/).
Comments
Jeremy Says:
Very nice article Justin, thanks for sharing. I started to look at the
proportion of HTML vs XAML vs Native apps and I appreciate your
diagram. I'm looking forward seeing what Microsoft will do to mitigate
those issues.
pedro Says:
You seem to forget a little detail.. Final apps will be signed.
Justin Angel Says:
Signed apps would be one of the small obstacles I've mentioned.
However, I'm not sure what signing apps would mean for HTML
apps. How exactly does one sign HTML files?
Also, more importantly, Signing attempts to protect against
Modification. It does nothing to solve the Reverse Engineering
issue.
pedro Says:
I'm guessing that app packages will be encripted and signed.
And the reverse engineering is a non issue. How do you
protect current apps from being reverse engineered? Even
obfuscating .NET apps doesn't really protect you, it only makes
it harder.
If signing the apps is enough to prevent tempered code to be
executed, I'm OK with that.
DrPizza Says:
Can you explain to me which of these is a Windows 8 issue?
Consider that the .NET decompilers are for, uh, all .NET
programs, not just Windows 8 ones, and that Web browsers let
you look at both HTML and JavaScript directly.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
25 of 32 21-Dec-12 12:36 PM
26. How does one sign HTML files? You stick a signature in a file
and put it alongside the rest. You know, the same way that you
sign .inf files in driver packages.
Justin Angel Says:
Windows 8 made the choice to consume interpreted
languages as offline application development languages. I
am calling out that it there are some issues with that plan
going forward in regards to the aforementioned concerns.
How does one sign HTML files? It is possible to sign &
encrypt anything. HTTPS for example is an encrypted and
signed HTTP transport layer.
Addressing the core point of your argument: I believe that
Microsoft has people smarter than myself that could
provide more realistic solutions to the issues I've raised.
IMO This is a set of problems that have potential solutions.
Luke Says:
On the default user you enter more pc settings (from
metro) and open user.
There is an option to switch to Microsoft account.
This option is not available by default on the build-in
administrator account.
Is it possible to enable this on the build-in
administrator?
I can use most of the metro apps on the build-in
administrator account when/if I change
this regkey FilterAdministratorToken from 0 to 1
Sarkie Says:
When looking for string data in .exes.
Use Strings
http://technet.microsoft.com/en-us/sysinternals/bb897439
Aside:
Why is this whole site in Silverlight?
Alberto Says:
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
26 of 32 21-Dec-12 12:36 PM
27. Whats the problem the site beeing in silverlight?
-.-
Michael Crump Says:
Excellent blog post Justin! I have also heard that final apps will be
signed. But right now you have exposed several flaws that Microsoft
needs to be aware of.
Jeremy Brayton Says:
Signing happens at the project level, not individual files. I want to
speculate that the dev preview was simply rushed and the DRM
protection we're about to see in the Mango store is going to hit AppX
too. Having to what amounts to unzipping an app before every run is
going to increase at least that initial load time but you could use a
temporary secure location to cache this kind of stuff. They might've
thought this would be sufficient but you proved how easy it was to
unlock that jail cell.
Regarding checksums against HTML content, I would say just do a
checksum against the *entire project* as one motion. It's essentially the
same thing but we're really interested in the sum, not so much individual
files but doing them individually would be a way for us to tell which file
has been tampered with so I'm a little on the fence about my own
suggestion.
I think if we start to get to the beta and RC stages and no significant
changes are made in this area that all of us should worry. I'm glad they
can address it now and I'm glad you figured this out to make sure they
do. There's still plenty of time to plug these holes but we definitely need
to keep a fire up their ass to make sure our apps aren't cracked in one
fell swoop. If I'm relying on your app store and one point of failure is all
that is needed to expose EVERY app, you might want to rethink your
design a bit and I hope they at least give us the option to run extra
licensing mechanisms on top if we so choose. If they don't plug these
holes AND get heavy handed there, I could never recommend
developing for their app store.
Fallon Massey Says:
Does that mean that C++ is the best language to program in?
Because with C++, you'll need a disassembler, and that still won't net
you the correct code.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
27 of 32 21-Dec-12 12:36 PM
28. Philippe Da Silva Says:
With every new OS comes new security threats especially when you're
adding something new that hasn't been tested accross mainstream
audience.
While I don't care much about seeing people modifying apps I purchase
since it opens the way to application "mods" that us, consumers, will
decide to use or not, I'm way more worried about the Win8 Apps being a
real system security threat for viruses and other malware that could act
on my behalf in my machine.
This should definitivelly be the top security priority of Microsoft from my
point of view.
I personally see Win8 Apps as Rich Clients for distributed & cloud
content or processing. I can't think of any application that would make
use of the Metro UI and paradigm that don't fall into such user
requirements.
For all other user requirements, we'll stick to our old yet very familiar
Explorer environment ;)
All in all, I'm really glad to see Microsoft finally taking a step backward,
looking at the market and sharing with us what they see as the future of
our computer/software usage ;)
Ian Griffiths Says:
Session PLAT-905C went into quite a lot of detail on application
packaging. The signing mechanism covers everything in the package,
and is independent of file type. You could even put binary files with a
format of your own devising in there and it'd still be able to check their
validity. Logically speaking, it's pretty similar to how Silverlight supports
it - you sign the container rather than individual files. In Silverlight, you
can apply a digital signature to the ZIP file, and that'll cover everything
in there, no matter what the format of the individual files. The fact that
the streams happen to be extracted out into files in a folder in Win8 is
no obstacle to this - it just requires a scheme for how the whole
directory should be handled - as long as Win8 knows that (say) the appx
manifest contains a list of signatures for everything (including itself),
then it can check everything. IIRC, that's pretty much how ClickOnce
worked - it was able to check validity even when each of the resources
in the app was downloaded separately. So this is not new.
Nor is reverse engineering. C++, Xaml, and JavaScript are precisely as
easy to reverse engineer in Win8 as they were before.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
28 of 32 21-Dec-12 12:36 PM
29. piers7 Says:
As an aside, in the keynote Sinofsky claimed the Apps app was written
in Javascript/HTML, whereas you seem to suggest C++...
dsurendra Says:
Cool....
ZUyq5def Says:
Maliscious won't have access to the program filesapplications directory
(among other things, such as signing). The steps that Justin goes
through to access the directory require explicit user action - they can't
be done programmatically (unless the app already has privileges - in
which case it doesn't really make sense for the app to go messing w
other apps, because it can already do whatever the maliscious user
wants).
Justin Angel Says:
Yep, the Program FilesApplications folder is protected the same
way modern-day Program Files directory and Windows directory
are protected.
However many viruses, spyware and malware (if not the majority of
those) currently use those locations to hide, store and modify their
executables.
Theoretically, you're right to say there's a hurdle here. Practically,
you'll have to ignore the entire history of modern-day malware to
claim it'll matter in the long run.
rtruth Says:
HTML and javascript are plaintext on the web, I don't see that
preventing developers from writing code.
Second of all, it doesnt matter if the code is plain text, .net, or
assembled c code, you can always see the code. Even in c code, you
just disassemble the binary and its right there in front of you. You can do
the same things you are doing now with html.
Also,even if the apps are signed, its only trivial to patch the check by the
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
29 of 32 21-Dec-12 12:36 PM
30. OS. On an open system like a PC, its impossible to stop this.
Its just the reality of software development. If you make good software,
it will be pirated. And those that pirate will never buy your stuff in the
first place anyways.
Zach Heise Says:
Hi Justin, I was curious about this in the Customer Preview released
yesterday, so I found your blog entry by searching for "windows 8
programs file tree location" and got here. It looks as if in this version,
c:program filesapplications no longer exists. Where could all of these
newly-available "store-bought" (free) apps be living now that they're
downloaded?
I hate all this handholding Metro does. I have a feeling I'm going to be
ignoring it 90% of the time unless I want a news reader on a bus ride
home with a tablet. For actual work, it's useless.
Zach Heise Says:
Nevermind, found it! CMD, plus dir /a:h in the program files folder,
found that it's now stored under c:program fileswindowsapps. You
probably already knew that though!
Vamshi Says:
Wow thats a great find ! ,now i can at least some code of my favourite
apps ;)
niks Says:
y i m nt able to use these apps ???
i hv devloper preview...
Alex Says:
Excellent article! I'm looking forward to your next article concerning
apps.
Christian Says:
Anybody who argues that people write html+js for the web even though
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
30 of 32 21-Dec-12 12:36 PM
31. anyone can see it is an idiot. Almost all the code that ACTUALLY
MATTERS is server side. On Windows 8 all the important code will be
right there for people to steal. Think before you post next time.
Kapil Says:
Now folder name is WindowsApps.......
Rufus Pearce Says:
I have the RTM version of Windows 8 Pro, and the folder 'Program
Files/Applications' does not exist. It has been moved somewhere else.
Any idea where these apps can now be found?
Brandon Says:
How can one change the default install path for apps? I really don't want
all these apps eating up my small SSD drive!
Alex Says:
Seeing that you can change certain thing in the folder, is there any way
to launch desktop applications, while preserving image subway tile, only
shifting toward openness. Exe or link?
JuanK Says:
This is not a microsoft problem, is allsoftware engineering problem.
Decompile managed code is more dificult than just edit a javascript, but
still being an easy task. Decompile or extract/modify logic from native
binaries is more dificult , but not impossible.
Kept in moder times. Times when you assume that compile aan app will
secure your code is far far away in the past.
If somebody wants to get the algoritms or logic in your aasemblies ,
even native assemblies, just need to hire a young 19 years old guy with
passion for technology to reconstruct the algorithm based on
opcodes/assembly, this is not trivial but not impossible, just the kid with
free time could do it.
If you want to modify any application behavior, just need to known what
platform is and make the changes.
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
31 of 32 21-Dec-12 12:36 PM
32. How you think 'hackers' crack Adobe products one release after other,
just few days or hour before program availability? one or two guys with
free time knowing assembly, change the opcodes or object linkg for
another and .... pufff ... the program think you have an original copy.
Current world is not easy. You want to protect your algorithms or logic?
--> get patents for those you really need to protect.
Even thinks like connection string to db connections are in risk, you
could encript a connection string to avoid direct code/config files
attacks, but in some time, even for little bit of time, the string will be
decrypted in memory and then a young guy with lot of free time could
get the string after hours of patience and retries.
Legal terms, agreements etc are the final protections.
Sure, you need to protect your application in any way, obfusctate code,
use in memory secure strings for sensitive data, encription in any
complexity levels etc, thats necesary because for more protections you
use, less 'young ' people with lots of free time will success breaking your
secure barriers.
JuanK Says:
btw, take a llook at this important notes: http://stackoverflow.com
/questions/12754265/is-there-any-prevention-methods-for-removing-
istrial-and-trivially-cracking-wi
Scott Says:
LOL..once again you're breaking into jail with this one ;)
Oh man.. that just makes me sad to see the above and how simple it
was to hax0r it (not that I knew, but now we do know).
Thessaly Says:
How can I gain access to your article "reverse engineering for Win8
games"?
Reverse Engineering and Modifying Windows 8 apps http://justinangel.net/ReverseEngineerWin8Apps
32 of 32 21-Dec-12 12:36 PM