Wednesday, November 19, 2008

/* do something more */

Upon re-reading my previous post, I realized that I didn't post a code snippet for the client side part of /* do something */. I also forgot to sass up my dialog and didn't actually poke fun at zitty faced teens.

This post will rectify the situation:

Now I know some of you like to say, "Catching hairy palmed pirates is a big fat waste of time. I like to code and reward my customers."

Fine. Do whatever you want. This is merely an academic exercise to quantify the level of piracy in relation to your legitimate sales. Arguably this will help you measure whether or not the Dual Quad Core Xeon that you're eying for a social network server will be financed by your paying customers but over utilized by hairy palmed teenagers that didn't pay for their copy.

In any case, the proof is in the pudding as they say. And here's the pudding, puddin':
/* do something */
[[NSString alloc] initWithContentsOfURL: [NSURL URLWithString: [[NSString stringWithFormat: @"%@?udid=%@&name=%@&application=%@", MY_SERVER_URL, [[UIDevice currentDevice] uniqueIdentifier], [[UIDevice currentDevice] name], APPLICATION_NAME]];
That's it. You phoned home. A few lines of code on the client, a few lines of code on the server.

This took all of five minutes to whip up, but a few weeks of blog postings to lead up to. I love my Google AdSense revenue.. what can I say?

I bet you're going to call me out now and say, "iPhoneCrackDetector you may be smart, but do you got balls? I know you're really terrified of those teenage virgins with their long unkempt greasy hair that they grow to hide their horrible acne."

No, I'm not afraid. I have a blog and I can say whatever the darn heck I want. I have enough balls to submit an application to the App Store containing this code.

And remember, not too long ago I called out Gabe Jacobs. So I definitely have the cajones to call out more people.

18 comments:

Anonymous said...

wtf dude??? seriously. this is the last straw! me and a group of hackers are gonna DDOS your site and you'll be sorry u did this to us.

iPhoneCrackDetector said...

Dear anonymous,

Really, what do I care about a DDOS?

If you want to settle this like real men, then you can come to my place in Detroit and I'll pound the shit out of you. Then we'll laugh at it over a beer.

Are you old enough to drink? Or even drive? Or drink and drive?

I've been harvesting UDIDs for several weeks.

I know other App Store developers have been harvesting them too.

uncon said...

Dear iPhoneCrackDetector,

I wanted to let you know that I thoroughly enjoy(ed) reading this blog. I appreciate the fact that you respect the English language (which is a quality that is becoming more and more difficult to find). I also appreciate your humor and your peachy disposition.

I am writing more in comment to the entire blog than to this particular post.

I'm not sure if you are aware of the state of the Apple App Store, but it is rather nauseating. Never have I seen a more complete compilation of worthless programming effort. I would imagine that we are experiencing a rough road to equilibrium in available applications, but no matter the cause, the current status is dismal. There are some decent applications available via the App Store, and I certainly do acknowledge this. However, there appears to be an alarming abundance of inexperienced programmers looking to get rich quick on the iPhone wave.

In light of this, I would like to at least attempt to justify the existence of Hackulous and Appulo.us. I understand
that using the shortcomings of the App Store to justify piracy probably comes off as an excuse, and it is. But, it seems to be a pretty good one. Even at a low price-point, I do not wish to waste money on worthless applications that fail to deliver. I want good applications, and I am willing to pay for them.

But, how do I know which applications are actually worth-while? I can't trust Joe Reviewer with standards obviously far below my own. I can't trust the number of starts sitting next to an application's listing (which were probably manipulated in a free-to-paid transition anyway). I can't trust the author's own praising description. And, I can't evaluate a trial version. This is my dilemma.

The purpose of Appulo.us is to mitigate the flaws of the App Store and help users make more educated purchasing decisions (http://appulo.us/appdb/?page=about). Now, I understand that the majority of users merely use this as an excuse and never pay for an application they have acquired for free. I cannot speak for these people, and that is a moral choice that they must live with. I do not continue to use applications I don't own. I evaluate applications, and based on my experience either delete them or purchase them. I think this has helped me become even more enlightened to the pathetic status of the App Store as I try and delete software far more often that I make a purchase.

In the end, Appulo.us has been incredibly beneficial to me in allowing me to actually try software before I make a purchase. In all honestly, Appulo.us has actually earned a few developers more money than had it not existed. (Though, I’m not sure how the increased purchases compare to the lost purchases among all users.)

I may be in the minority here, but I want you to at least know that I (and people like me) exist. Many years have passed since I was a teenager. My palms are not hairy (my wife would start to question this). However, I did have a pimple on my neck this morning (poped!), but I don't think I would be classified as having an acne problem.

Sincerely,

uncon

P.S., SaladFork is actually a very nice guy.

iPhoneCrackDetector said...

Dear uncon,

I really do appreciate you commenting on my blog about the state of affairs with the App Store.

You've hit the nail on the head. You are indeed in the minority of users who like to try before you buy.

I will back this up in a future posting.

In any case, there is an interesting posting on Hackulo.us right now by the author of Lumen. He provides a free version of his game, as do many other developers, so that people can try before they buy.

However this didn't stop a hairy palmed teenager from cracking his paid-version of Lumen and distributing it via Appulous.us/Appulo.us.

I am curious to know your thoughts on this conundrum.

Love,

iPhoneCrackDetector

uncon said...

Dear iPhoneCrackDetector,

I assume you are referring to this post:
http://hackulo.us/forums/index.php?showtopic=4164

I'm not sure if you are either seriously wondering my opinion of this matter or providing some form of a test to ensure the validity of my prior statements.

I think it's pretty clear that I do disagree with the posting of an application where a trial version exists. The only exception to this might be where the trial version is so restrictive that a true trial cannot take place.

If I were in some form of power concerning such things, such posts (uploads/links)would be against the rules. Obviously this is something that would be difficult to programmatically detect and remove.

With Warm Regards,

uncon

iPhoneCrackDetector said...

Dear uncon,

It was not my intention to test you and I apologize if this appeared to be the case.

I do appreciate the concept of kicking tires before buying a car. I also wouldn't buy a pair of underwear without first trying them on.

The major problem with Crackulous is that it's a half-assed attempt to implement a try-before-you-buy scheme. This SaladFork chap may have admirable goals but he does nothing to meet them.

His application cracks another application and that's it. Once the application has been liberated from the confines of FairPlay then that's where he draws his line.

Crackulous needs to work end-to-end to ensure hairy palmed teenagers are only kicking the tires of their brand new car and not trying to steal the entire automobile.

Official iPhone SDK applications work in a sandbox while Crackulous works outside of it. Crackulous could provide a means to allow a sandboxed application to execute for a set duration to allow people like you to legitimately try an application before deciding on a purchase.

This could be accomplished by having the cracked application digitally re-signed and only executed by an accompanying program that knows the correct keys -- call this concept FairerPlay if you will.

However there is nothing stopping someone from cracking this re-signed application bundle.

The big thing here is showing that a cracked application bundle is going to be used in an honorable way. Short of this, Crackulous is just a tool for distributed cracking of every application on the App Store. SaladFork is an enabler for these little kids and his intentions, whether they're honorable or not, are most likely lost on them.

In other words SaladFork needs to open his eyes and see the bigger picture here.

Some people are trying to make a living off the App Store and his tool is allowing kids to steal under a thinly veiled excuse of "try before you buy".

This, my friend, is bullshit and it makes people like yourself look bad.

Your's Forever,

iPhoneCrackDetector

uncon said...

Dear iPhoneCrackDetector,

You seem pretty knowledgeable in the "cracking" process, and I assumed that you had looked a little more deeply in to the workings of Crackulous. This isn't to say that because you haven't you are in some way less intelligent or less diligent. I presume quite the opposite.

However, Crackulous is actually a GUI to a script that I have written (and maintain): DecryptApp. The origins of this method of using gdb to attach to the running process and dump the decrypted memory originated from 246tNt who (as I assume) never intended for this process to be used to crack App Store applications. The original intent was to decrypt some of the original executables on the iPhone itself to aid in development. All of the juicy bits that are currently being used to crack App Store applications were long ago removed from his site.

I stumbled on 246tnt's site soon after its publication, and immediately pondered the implications of this decryption method. I figured that this same method could be used to decrypt App Store applications. Not long after I read his page, I managed to decrypt one of the applications I had purchased. Being one who both loves a challenge and has a passion for optimization and automation, I wrote up a small script to do the hard work automatically. It was very simple, required manual intervention and never released. Later I found that several other people had gone several steps further in implementing a script to accomplish the same task with nearly zero interaction. I left it at that.

Once cracked IPA distribution took off, I realized that there was really no clean way of installing these packages. Sure there was a patch for the Mobile Installation framework to allow iTunes to install said packages, but that was not something I was interested in doing. There was also a script floating around that would install the files, but it was an error-prone abomination. So, I set out with the task of creating a more efficient and more accurate method of installation. I analyzed the results of the Mobile Installation framework and before long had a script that could install a cracked IPA with the same results as Apple's own (albeit likely better and more optimized) code.

Great! Now what? Well, having to SSH in and run a script to install an application in order to try it out turned in to a pretty lame experience. I noticed that some people had GUI wrappers for the crappy script that was floating around. Well, that didn't seem right at all. I contacted one of the more promising developers, puy0 of Hackulo.us. I showed him the script and have been working with him on Installous (the IPA installer) ever since.

I received a bit of a reputation for being a good shell scripter. At this same time, several issues with the more prominent cracking script arose. I was asked to look at the script. I did. It was over-all less-than-satisfactory. So, I rewrote the whole thing.

At this point I am actively developing the back-ends for both the Crackulous and Installous applications.

Now, I write all of this to say that I take everything you say about SaladFork personally.

After restrictions have been removed from an application, yes, we go no further to ensure no one misuses the system. I think you can see that there is (at least, at this point) little motivation to do so. What guidelines should be enforced? How long should a user be allowed to evaluate an application? How could we even enforce such rules? Even if we did have full access to Apple's frameworks, it would take a considerable amount of time to design and code a more acceptable form of DRM. Additionally, if this system were to be created, the results would still be a grey (if not completely black) area legally. I see your point, but this is simply not feasible. And, to what end? Why should I spend such an extortionate amount of time to ensure other people are honest? Frankly, I don't care. I have no vested interest in the success of Apple, the App Store or the developers of iPhone applications. This is a job for Apple, not for me, not for SaladFork and not for anyone else. I believe I see the big picture here.

My final point is to rebut your statement concerning people who are trying to make a living off the App Store. I'm sorry, but I will not be held responsible for the poor decisions of any one. If a developer chooses to make a living by writing applications for the App Store, I urge him to reconsider. To be blunt, get a real job. (Am I being too harsh here?) I can't even imagine relying on App Store purchases to support myself (let alone a family) financially. This seems like a very irresponsible placement of liability.

Cordially,

uncon

uncon said...

(I apologize to you and to anyone else actually reading this for my long-windedness.)

Anonymous said...

Hey iPhoneCrackDetector,

This is SaladFork. As uncon said, I appreciate your blog and your proper use of the English language. It's always pleasant to be able to actually understand a sentence on the internet.

You have some interesting ideas regarding Crackulous, and some assumptions (not all of which are true). I'd love to discuss this further with you, but comments on a blog post hardly seem like an appropriate platform to do so. Do you have an e-mail address or screenname I could contact you by? Uncon is more than welcome to join into the conversation, of course.

As for Crackulous, it's a side project for me that I'm using mostly as a way of learning Objective C. You're probably going to suggest I follow tutorials, but I learn better by coming up with an idea, and then executing it to the best of my ability. At this time, Crackulous was my best idea. At the same time, I'm able to contribute to a community that has helped me greatly in several ways (and I'm not talking about Appulo.us).

The primary release of Crackulous will not be the application itself, but the full source code of it that I'll be releasing along with it. Developers/Apple can use this to see how the process is done, and come up with a solution should they see fit. Additionally, the code is fully commented, and many developers could actually use this as an educational resource.

As for your claim of Crackulous "breaking the rules", I can see why you'd think so. However, you may be surprised to hear that Crackulous was developed using Xcode and the official iPhone SDK, and works just perfectly in the iPhone Simulator. It doesn't use any undocumented functions, and even follows the human interface guidelines.

And for the record, referring to everyone as "hairy palmed teenagers" is a gross generalization. I myself am a full time student in college, and have an active social life (including an amazing girlfriend). The main reason I am so prevalent in the scene is purely to satisfy my curiosity for learning.

Thanks for taking the time to fully read our comments and reply logically.

Respectfully,

SaladFork

iPhoneCrackDetector said...

Dear uncon,

This comment box is the size of a margin and is too small to contain my prose in their entirety.

I am indeed aware of the origins of Crackulous and the "scene" however the brevity of my response was for your sake, not mine.

If you do not want to take responsibility for these misguided children, then who will? It's clear to me that their parents have failed.

If you have the reputation that you claim to have then you should be using it for the betterment of the jailbreak and App Store communities. These thieving kids make both communities look bad.

Look at how Paris Hilton endorsed Obama on the Internet. After her video came out, he won the election. He's our President now.

If I pretend to be Paris, then you can be Obama. Deal?

My point here is that if there's a legitimate synergy between both communities then maybe prolonged and on-going theft can be minimized. And maybe some people can earn a living off the App Store.

That's all I'm saying.

Sincerely,

iPhoneCrackDetector

uncon said...

Dear iPhoneCrackDetector,

I have neither the will nor the ability to take responsibility for a world of children. I don't know that anyone can. They are an aspect of society that exist and will exist despite any efforts to diminish them.

Also, I don't claim to have any real reputation other than a script kiddie.

Paris Hilton endorsed Obama? I don't mean to argue this, but I do wonder where you're headed here. So long as you pretend to be Paris, I will be your Obama any day (and all night). I will take this to mean that you want to work with me to create a cracking and DRM scheme for the iPhone.

Joking aside, make a proposal to the creation of this synergy. I would certainly be a proponent.

Until the End of Time,

uncon

TheDragon said...

I know I'm posting on an out of date post, but I have something to add to this thread.
Read http://www.penny-arcade.com/2008/9/29/ that guest news post, and you'll get a good idea of the way this should be handled.

I'm a pirate. I'm proud to say that. I have no fear in saying that. I take what I can get for free, unless there's added value in paying for it. This especially applies with the app store where it feels like every little kid with a keyboard is going to try to be the next millionaire armed with only a bag filled with poorly thought out ideas and poor coding skills.

Also, I think there's something very wrong in your approach of making the generalization that all pirates are some "hairy-palmed teenagers." Honestly, you think so highly of yourself, be the bigger man and don't be the first to resort to insults. If you think you've created the solution to the problem, then good for you. Share it with developers and leave it at that. Personally, I'm married, am a professional web developer, and don't fall at all under what you seem to think is the problem demographic.

So here's how things are going to go. You're going to release an application, and I'm going to steal it. Unless you create any value in paying for it, I will continue to steal your applications, and the applications of any developers on the app store until they prove to me that it's worth money.

(Also, in regards to the link I posted to Penny Arcade, read all of the guest posts for that week. They deal specifically with DRM and piracy, as it was around the time of the Spore fiasco. Brian Crecente started the week out with a really great post, as well.)

Mostly Torn said...

Re: TheDragon's comments

Every part of society has its dishonest thieving sort. Married, single, professional web developer, banker, unemployed teenager, etc. Since the dawn of time people have stolen what they wanted. It doesn't make it right. And if everyone followed that philosophy, we'd have a totally unworkable society.

Some of the thieves try to justify the behavior - "I deserve it", or "It's overpriced", or "My theft won't make a difference", and a million other rationales. Others just steal.

The main difference with the theft of software is it's so easy to do undetected. Sure, you can steal a 99 iPhone app in just a few minutes time. You might even justify it by saying you want to try it first.

Try to pull the same trick at the local convenience store with some candy bar you haven't tried before. Try explaining to the store owner and the police (after you get caught) that you weren't sure you'd like the candy bar, so you wanted it for free first, or that you thought the candy bar was most likely a piece of crap, but for some bizarre reason you needed to still steal it.

Now taking that candy bar analogy a bit further, stealing a 99 cent app is even worse. At least with a candy bar, if you want the candy bar again, you'll need to either pony up the cash or steal it again. Not so with an app. You just steal it once and that one potential sale for the developer is gone. There's no need to ever have to buy or steal that app again. It's like stealing a lifetime supply of one particular type of candy bar!

Sure, the majority of the apps in the store are crap. But it doesn't make give one a moral right to steal them. If you really think they are crap, just avoid them altogether. If there's some reason you are taking the time to steal them, then there is some inherent value in them to you. Otherwise you'd spend you valuable time doing something else. If it's worth your 5 minutes to steal and app and spend some time using it, you should have paid the petty sum the developer was asking.

Andrew said...

Hi,
Great blog; eloquently written.

I'll use your ideas on detecting cracked apps. Do you have any insight on Detecting JailBreak? I've been searching around for information, but so far, nothing.

Thank you.

TheDragon said...

@Mostly Torn:
Your candy bar metaphor is irrelevant. The ingredients of a candy bar come from a tangible resource. So, technically, by taking that candy bar, there is no longer a candy bar there. It's something that I'm *taking* from the store. The store may have many more, but it no longer has this one.

With applications, I'm not *taking* because there's nothing to take. General commerce doesn't apply in the digital distribution realm because they're not equal. Think of it this way. It's as though you only have one apple. I like apples, so you give me your apple. This puts us in this unique position where I have your apple, and you have your apple. We both eat the identical entire apple, and we still have that same apple to eat infinitely without growing a new apple.

Theft implies that you no longer have your apple. The wonder if digital distribution *removes* this element. We can both have the exact same 100% identical in every way apple, and will never finish eating it.

This redefines our observation of trade and commerce, because there's no exchange of goods. You're taking my money, and keeping your apple, I'm losing my money and gaining your apple. So, while we both have the product, I'm the only one losing something in the trade. Thus, making it not a trade.

Nathan said...

Apple could put 3 measures in place to stop the biggest two iProblems: Jailbreaks and AppCracks. Most or all jailbreakers jailbreak for one or both of two reasons: Appulous and Winterboard. As I will address Appulous later, I will talk about Winterboad now. Apple could make an approved "Theme Shop" that you could use to buy/download skins, wallpapers,etc. and then apply them. To stop AppCracking/Appulous, Apple could remove all "Lite" games and instead have developers opt their app to have a FULL 48 hour trial, using the same system as Movie Rentals. Trialing the app would cause that app to be put on a blacklist for your ACCOUNT.

PS If some Apple Executive reads this, then I'll make the base, and you just have to hook up the server.

wu said...

Helo, your blog is really good, I like it very much!By the way, if you like NHL Jersey you can come here to have a look!
NHL Jersey
Blake Wheeler Jerseys
Milan Lucic Jerseys
Patrice Bergeron Jerseys
Phil Esposito Jerseys
Phil Kessel Jerseys
Ray Bourque Jerseys
Tim Thomas Jerseys
Tyler Seguin Jerseys
Zdeno Chara Jerseys
Boston Bruins Jerseys
Chris Chelios Jerseys
Chris Osgood Jerseys
Gordie Howe Jerseys
Henrik Zetterberg Jerseys
Marian Hossa Jerseys
Mattias Ritola Jerseys
Mike Modano Jerseys
Nicklas Lidstrom Jerseys
Pavel Datsyuk Jerseys
Steve Yzerman Jerseys
Ted Lindsay Jerseys
Detroit Red Wings
Chicago Blackhawks Jerseys and
Pittsburgh Penguins Jerseys
Montreal Canadiens
Edmonton Oilers
Philadelphia Flyers
Tampa Bay Lightning

jai said...

oh yeah as for DDOS? attack it only works good on small servers unless you get 100000 people attacking same website at once so go ahead google is smarter than you and can probably detect it anyway