BuySellAds.com

Until Dec 3rd, 44% off all Manning books, including Barcodes with iOS! Promo code: mobicftw
Our DNA is written in Objective-C
Jump

State of the Art in Cracking Apps

With the number of apps on the app store soon reaching the big 100.000 it is only logical that piracy continues to flourish. At the beginning of this year a tool named Crackulous promised to make it easy for everyone to become a pirate, claiming to be the solution to a flawed app store. At the time of this writing Crackulous version 0.9 is public and the next version 1.0 is being “in development” for more than half a year.

Piracy is a thorn in the side of all small time iPhone developers who can hope to make around $10 per app per day. Those hard working coders now face the likelyhood of  loosing half of their revenue to pirates making it continuously easier to get the apps for free. According to latest numbers of Pinch app to 60% of apps in use are in fact cracked copies.

There are several things that you can do being such a developer who sees a at least a portion of his potential income being stolen.

  • cease to protect and consider pirated apps as additional advertisements
  • pay hundreds of dollars to a professional protection service
  • do some research and collect together methods to detect cracks and modify your app’s behavior if you find it is cracked
  • join the AntiCrack community to gain access to our repository and put this into your apps, mix and match, use what you like
  • or the fatalistic option is too cease making iPhone apps alltogether

I encourage everyone to do a bit of his own research to understand the techniques that are out there and maybe develop a couple of your own. But for everybody who still wants to try to do at least something we made AntiCrack.

To be able to claim successful cracking of an app these things need to occur:

  1. The encryption that Apple applies to the binary during Review needs to be removed
  2. The cracker needs to disassemble the binary and manually disable or circumvent all detection and countermeasures
  3. The cracker needs to test the app to be certain that there are no time-delayed traps
  4. The hacked binary needs to be repackaged and distributed

Crackulous 1.0 is rumored to be signing the app with a self-signed certificate. This will make most of the current generation checks which rely on looking for modifications of info.plist obsolete. The current version 0.9 of Crackulous is unable to auto-dump the decrypted binary, instead you get a message that the dump file does not exist.

This knowledge is the reason why we were claiming to “completely eliminate the risk” of being cracked. Admittedly this was marketing lingo, the truth would be found in the small print to say that AntiCrack 2.0 is able to prevent Crackulous 0.9 from decrypting apps. There was a blog post on freakbits.com flaming me for the original statement. The author of the post enigmax and a couple of other people with fancy nicknames (hiding their identity) found that I was making a overly bold statement that held no truth. Hm, truth in advertising …

Seasoned Russian cracker crash-x offered to demonstrate that he is able to manually disable all checks I put into an app of mine. Being a good sport I provided a promo code and let him play with it. He spent around one hour in total to dump and hack around on the app. But when it came to prove that he actually achieved what he claimed, he refused to write up what he did or how he did it. If this was out of generosity for the people who use the current generation AntiCrack or if this gives him some rise can only be speculated. For all I know he found only the obvious checks. We will never know.

Our Ruski pal proved something that we already knew: if you are well versed in ARM-Assembler you can probably disable most of the anti-piracy checks in less than an hour. It appears you still need to manually dump the binary from memory. And it also appears that if there are enough checks in the app even an experienced hacker will miss a couple.

Where does this leave the promise of AntiCrack? Mostly intact I should say.

I amended my overly precocious statement on the marketing page and until proven otherwise AntiCrack continues to provide an easy to add protection layer against auto-cracking by wanna-be hackers. AntiCrack 2.0 already contains a mild degree of polymorphism. We are waiting to see how Crackulous 1.0 will deal with it once it finally becomes public. Then we have a couple of additional tricks up our sleeve to make a binary into a true polymorphous mine-field for manual hackers.

The point of AntiCrack is not to make something difficult. It’s to make something so easy that you can put it into dozens of places in your app at the same time. Each additional place (in different form) doubles the time a hacker has to spend on the code to find it. The point of any such exercise is to give the cracker the feeling that he has succeeded in disabling all detections while still keeping the upper hand over copies that where distributed subsequently. I call this concept “Silent Lite”. Let the unsuspecting user of a cracked app test the app for some time and then suddenly do something drastic when the forced trial has expired.

For the time being we can see from our statistics that crackers fail to do the necessary long term testing and if you hide our traps in enough places they can never find them all. Also it’s up to you to vary the protection code for each update for your apps so that a hacker who has set his sights on your app has to start from the beginning every couple of weeks.

Apple seems to follow only two approaches regarding piracy:

  1. They aim to make it incrementally harder to jailbreak iPhones hoping to finally reach a point where modern hardware is safe from being exploited. Unfortunately for us developer they constantly get proven to be incapable of doing that. I am astonished by the number of exploits that get discovered and made into jailbreaks.
  2. By allowing free app to up-sell content via in-app-purchases they hope to take away one of the reasons for getting pirated copies. So far the reception has been lukewarm but from what I hear many developers are now scrambling to replace their Lite versions with such Free-To-Paid-Upsellers.

The second thing might have been prompted by piracy being so incredibly widespread. For the longed time apple refused to accept Demo versions as well as only permitted in-app-purchases in paid apps. Though it remains to be seen what kind of effect this will have. For one not every kind of app lends itself to such an upsell path. A simple utility app that would go for $1 (like Summertime) is not something that you upsell easily. What works for additional levels and content does not work for a small fixed function app.

Most of the money in apps is made in the long tail, unless you get hyped by one of the major review blogs or can paid your way there. And that’s also where piracy can really impact your funds in the long run. I am fearing that some day I or any iPhone developer I know will need to fold his activities due to no longer getting this long tail of a couple of dollars per day. If you are raking in boatloads of cash you don’t feel the pain as much as when you make like $10 – $30 per day.

Philosophically I cannot imagine a good reason why able and smart young people would rather spend their time on costing somebody else money as opposed to partnering together and creating apps that put those very apps in the shade that they would have cracked otherwise. Is it lack of creativity? Lack of a will to create? Is the fame of putting your monicker on a cracked app sweeter than the money that might buy your next Mac?

I tip my hat to those cracks who can read assembler like Neo can read the matrix. You can do something I cannot. I can only create it and I have a bit of an idea on how I could make a living off it. I continue to have an open ear for any smart guy looking to get his foot in the market. Stop whining about bad software (and cracking it). Help make good software (that is worth the cost).


Categories: Copy Protection

%d bloggers like this: