• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Russian Hacker Figures Out Way to Obtain In-App Purchases for Free



    A Russian hacker has successfully figured out a method to obtain in-app purchases from iOS apps for free.

    The “in-app proxy” method is simple, doesn’t require a jailbreak, and allows users to install in-app content for free. The hack works on all iOS devices 3.0-6.0. We do not condone the stealing of content in any form, and this story, like the 9to5Mac piece, is being written to alert the developer community. The hack is already gaining massive amounts of traction, and hopefully a fix is released soon.

    The three-step process involves installing a CA certificate, installing an in-appstore.com certificate, and changing the DNS record.hacker. Once the user completes the process they are met with the message pictured above instead of Apple’s purchase confirmation.

    A great deal of information is also processed through the developers servers as part of the process including:

    • Restriction level of app
    • ID of app
    • ID of version
    • GUID of your idevice
    • Quantity of in-app purchase
    • Offer name of in-app purchase
    • Language you are using
    • Identifier of application
    • Version of application
    • Your locale


    We do not recommend anyone use this process, and we will not provide information on the specifics of the hack. Developers, Apple, fix this. Now.


    Source: 9to5Mac
    This article was originally published in forum thread: Russian Hacker Figures Out Way to Obtain In-App Purchases for Free started by Phillip Swanson View original post
    Comments 185 Comments
    1. znbl's Avatar
      znbl -
      Quote Originally Posted by confucious View Post
      I like the way someone uses an American dictionary, which does seem to have some very strange defintions,to try and disprove someone.

      If you use the Oxford English Dictionary this is theft, pure and simple.
      Actually, the Oxford English Dictionary, just like the other sources that have been quoted thus far, says that is incorrect:

      oxforddictionaries.com/definition/english/theft?q=theft (This is using British and World English.)
      the action or crime of stealing:
      Ok, now we need to look up steal, which is seems you forgot to do:
      oxforddictionaries.com/definition/english/steal?q=steal
      1 [with object] take (another person’s property) without permission or legal right and without intending to return it:
      It still comes down to actually taking someone's property. A making a copy does not deprive someone of any property, they are not minus anything.

      Quote Originally Posted by iLoveWindows&iPhone View Post
      I will say I am on Team: People who accept the fact that they indulge in piracy (however you want to define it), and their conscience is okay with that fact.
      I have never said I supported piracy and I don't recall seeing anyone claim they did too. I flat out said it's wrong and that it's no better than stealing. That isn't the point here. The original point was only of correctness of words. Words have definitions. I was merely pointing out an incorrect usage hat stems from a popular misconception that ultimately is the result of mass ignorance on the subject. What is so wrong with that?

      Quote Originally Posted by Simon View Post
      So if an idea can be stolen and therefore be called theft why can't an app being copied be considered the same?
      First off, you completely ignored the actual definition (cited above):
      1 [with object] take (another person’s property) without permission or legal right and without intending to return it:
      Secondly, what you did highlight:
      accusations that one group had stolen ideas from the other were soon flying
      is not a definition, but a sample of using word in a sentence, demonstrating how to use the word in common speech. Furthermore, it's referring to one person claiming someone else stole their idea, not claims of actual infringement. Either way, you can't possibly be trying to use a sample sentence as some sort of authority, are you?

      Put simply, you can deprive someone of a physical object, and they no longer have it. This constitutes theft. Obtaining a copy that you have no right to, on the other hand, is copyright infringement, although the author has not been deprived of their work. That's the main difference. Both are wrong, no argument here. That was never the issue, though. It only issue (for me at least) is one of correctness.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by mori View Post
      i felt like i should put my 2 senteses on somethings i read here, first JB its nto illegal tru,, but by that it means when u use your absenthin,redm0n etc etc, THAT isnt illegal, now it always been my belief, that cydia IS illegal,you may say why?
      well read the IOS TOS, and u will see that adding any3rd party apps its in violation, they might get away with doing it if it were free, cause you can alway s say it was educationla purpose or not for benefict, but mot in this case cydia has a store as well. they take payments, in other words they broken the gardenwall of apple and are using the iphone NOT as apple inteded it to be used.

      now im ok with that, but just to make sure that site like MMI and its followers dont think they are mighty then thou,, cause anyone that installs cydia or any programs from with in,, are in fact breaking the copyright laws.

      to the dude that made the example using a car engine,,, let me put it to you this way,
      u pay for your car you OWN it,, the car companie will not update you engine every time they come out with a new update,, cause u OWN IT its yours and off they hands yes u can do what eva you feel like it and it be ok,
      BUT with IOS# you dont own the OS, u license it, aka ur in lease, witch its WHY they would update it for you everytime something comes out for free,, try leasing a car and change something on it or as you say the engine,, and see what happends.

      so at the end of the day no matter what we tell each other,, MMI ,cydia,etc etc, its a hacking tool to USE something we arent authoraze to use, so when MMI say we dont condone hacking,, ,,,really,,,, your existance its based on hacking. shrug

      and to those that think well how come apple havent shut down all this site,,, think of it this way,, free R & D.
      You are confusing breaking your terms of service and thereby forfeiting your warranty with something that is actually illegal (piracy). Cydia is not illegal. Jail breaking is not illegal. Does it break apples TOS? Sure. Apples TOS is not law though. If I buy a computer and take it apart I will break the TOS on it and lose my warranty. Doesn't mean I am breaking the law.

      Quote Originally Posted by znbl View Post
      Secondly, what you did highlight:
      is not a definition, but a sample of using word in a sentence, demonstrating how to use the word in common speech.
      This is a forum, I would say using common speech here is quite acceptable
    1. jrl_1644's Avatar
      jrl_1644 -
      Quote Originally Posted by Senyaichiya View Post
      If you don't condone it then don't write about it...

      It's akin to writing a barebones article how to make a IDE and then saying "but don't do it!"

      I wouldn't have known about this if not for this post.

      Do you think FOX/NBC/CBS/NPR/PBS/CNN or any news agency condones the activity they report on?

      This article will lead as much to piracy as a newspaper ad for a gun sale leads to murder. Information does not make a person a pirate. It is a choice some people make.

      The article has as much potential to inform affected developers and bring pressure to Apple to fix the problem.
    1. szr's Avatar
      szr -
      Quote Originally Posted by iLoveWindows&iPhone View Post
      I'm not looking anything up on wikipedia or anything like that, but just going off of my own knowledge.....Didn't the term "piracy" derive from pirates (REAL pirates....like Johnny Depp) stealing actual belongings, currency, goods, rum, souls, the fountain of youth, etc?
      Software piracy, music piracy, etc, are used to refer to copyright infringement, albeit real piracy (of goods) today is black markets and anywhere physical illegal goods are sold. Yes, piracy began on the high sea (and in some places still exists and isn't all that different in many ways), though theft has always been a big and defining part of it, as was pillaging, raping, and other related criminal acts. For the most part, though, when one is talking about piracy in regards to digital media (music, videos, software, games, etc), they are referring to copyright infringement.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by znbl View Post
      It still comes down to actually taking someone's property. A making a copy does not deprive someone of any property, they are not minus anything.
      So would you consider money property? Piracy may not take anything physical from the dev but does it not deprive them of revenue?

      Here's a interesting read: Piracy Is a Form of Theft, and Copyright Infringement Is Neither
      Kinda touches on both our points.
    1. thazsar's Avatar
      thazsar -
      Quote Originally Posted by Simon View Post
      So would you consider money property? Piracy may not take anything physical from the dev but does it not deprive them of revenue?
      But your argument excludes the fact: Would we actually buy the app? Except for consumable goods, w/ regular purchases, we have a warranty, a trial period, a test drive, etc. W/ apps, we don't get that nor can we return the app.

      So the pirated app may have never been purchased in the first place, therefore, not depriving the Dev of profit..
    1. dwizurd's Avatar
      dwizurd -
      Quote Originally Posted by thazsar View Post
      But your argument excludes the fact: Would we actually buy the app? Except for consumable goods, w/ regular purchases, we have a warranty, a trial period, a test drive, etc. W/ apps, we don't get that nor can we return the app.

      So the pirated app may have never been purchased in the first place, therefore, not depriving the Dev of profit..
      Impressive addition to this heated debate.
    1. szr's Avatar
      szr -
      Quote Originally Posted by Simon View Post
      So would you consider money property?
      Money in your wallet is a physical item. If I take $20 from you, that's by definition theft. Also, breaking into a bank's computer, hacking a Paypal account, etc, is taking money from someone and moving it somewhere else. It may be by the use of electronic means, but that money is still being taken away from someone. They no longer have it.

      Piracy may not take anything physical from the dev but does it not deprive them of revenue?
      It is difficult for one to be deprived of something they never had in the first place. I am in no way defending such an act (make no mistake, it is wrong), but you simply cannot guarantee that a given download would have otherwise been a sale, and because of this uncertainty, one cannot accurately measure losses in this manner.
    1. Simon's Avatar
      Simon -
      Quote Originally Posted by thazsar View Post
      But your argument excludes the fact: Would we actually buy the app? Except for consumable goods, w/ regular purchases, we have a warranty, a trial period, a test drive, etc. W/ apps, we don't get that nor can we return the app.

      So the pirated app may have never been purchased in the first place, therefore, not depriving the Dev of profit..
      True, the app may have never been bought by some. But you have to admit some people would have bought it instead of pirating it had it not been available to pirate. So piracy does take some revenue away from the developer.
      That brings up a whole other debate of whether Apple should institute trials for apps.

      This has been a fun little debate though, I can see what everyone is trying to say and agree with some of what you, znbl and others have said. It is good to see that people on the internet can have a discussion about something, have differing opinions and have it not end in insults and inappropriate language.

      Quote Originally Posted by szr View Post
      Money in your wallet is a physical item. If I take $20 from you, that's by definition theft. Also, breaking into a bank's computer, hacking a Paypal account, etc, is taking money from someone and moving it somewhere else. It may be by the use of electronic means, but that money is still being taken away from someone. They no longer have it.

      It is difficult for one to be deprived of something they never had in the first place. I am in no way defending such an act (make no mistake, it is wrong), but you simply cannot guarantee that a given download would have otherwise been a sale, and because of this uncertainty, one cannot accurately measure losses in this manner.
      I agree, there is no way to accurately gauge how much would or wouldn't be lost because of piracy. But in most cases I would say some type of revenue would be lost, be it large or small. I guess the debate would be if stealing the potential of money is the same as stealing physical money. And then if it is or isn't would that be considered theft.
    1. iLoveWindows&iPhone's Avatar
      iLoveWindows&iPhone -
      Quote Originally Posted by Simon View Post
      So would you consider money property? Piracy may not take anything physical from the dev but does it not deprive them of revenue?

      Here's a interesting read: Piracy Is a Form of Theft, and Copyright Infringement Is Neither
      Kinda touches on both our points.
      Ohhhhh FACE znbl!!!!

      On another note znbl...You sir, must have not read my posting correctly, or many others posts....I LOVE piracy!! And I support it! I thought I was pretty clear about that! And no, im not going to try and justify my beliefs, I don't have too..because piracy is my religion! Long live [CENSORED]!

      PS: I'm just kidding you guys..
    1. bonum83's Avatar
      bonum83 -
      Quote Originally Posted by bigboyz View Post
      This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!
      I thought I was the only one that felt this way....
    1. mmaboi21's Avatar
      mmaboi21 -
      Sorry had to go into work... Looks like things got settled for the most part I mean y'all busted out the dictionary and sources!
    1. Hogs4Life's Avatar
      Hogs4Life -
      Yeah who needs this with iAp Cracker out there? I realize this does about any app while iAp Cracker only does liek 100,000 but still.

      If people wanna hack/glitch/steal then tough sh*t, not really anything you can do about it, now that this is out and about, I bet even more hackers are digging into this and this won't be the last time we see stuff like this.

      You can't stop Hackers. Hackers gonna hack.
    1. TwinSouls's Avatar
      TwinSouls -
      Whats up with people thinking that writing an article condones the actions mentioned in the article? If parents talk to their kids about sex that doesn't mean that they condone them getting knocked up or knocking someone up and/or getting an STD. Their simply trying to warn them about the risks in hopes that they make the proper decisions because parents can't be watching there kids 24/7. Just wondering what the age range is for this site anyway?
    1. iLoveWindows&iPhone's Avatar
      iLoveWindows&iPhone -
      Quote Originally Posted by TwinSouls View Post
      Whats up with people thinking that writing an article condones the actions mentioned in the article? If parents talk to their kids about sex that doesn't mean that they condone them getting knocked up or knocking someone up and/or getting an STD. Their simply trying to warn them about the risks in hopes that they make the proper decisions because parents can't be watching there kids 24/7. Just wondering what the age range is for this site anyway?
      Oh please....the lame "I'm older and wiser then all of you" type comment. But okay, ill play ball..

      What's up with asking the question you just asked? If you would have actually read ALL the comments, debates, fights, arguments, etc, you would have discovered there were some VERY philosophical, deep, and well thought out arguments being made. You would have also found many MUCH better analogies for the same point you were attempting to make....which brings me to my point...

      THE SEX TALK?!!? Really??! That's what you are saying is going on here?? What?! What are they "warning" us about? How are they helping us make "informed decisions"?

      The members of this forum are not complete idiots who have never jailbroken their phone, installed a tweak, or added a new repository. I guess you could say...they are not iVIRGINS! Infact, most of them are dirty iWhores!

      So in your analogy, the parent (modmyi) is warning their kid (forum members) about the dangers of sex, even though the parent is well aware of the fact that their kid has sex daily, is on birth control, and has had an abortion or two. Make sense? Nope!

      A more accurate analogy for this situation would have been something like...The parent injecting a little bit of heroin into their kid...then standing back, dangle a bag of it in their face...and say "feels good eh? Want some more?". Then throws the bag down the drain, and says "No, that's bad!....But, here's a name and number of a guy i know if you want some more".
    1. rkswat's Avatar
      rkswat -
      Some of you are big kity cats! If you steal cool, if you don't cool but stop whining about a story about a possible way to steal in app purchases. Go complain about the stupid story about SJ's widow..... that's the type of story that has no place. At least this is interesting.
    1. Feanor64's Avatar
      Feanor64 -
      hhhhmmm lol im not gonna try it but i think this is probaly not a bad idea i mean u bought the app its paid for hhhmmm i wonder where the industry would be at if it wasnt for piracy i mean its wrong of course but didnt it also push companies to develop safer and better technology?

      lol then again i guess if i buy a f-150 they arent gonna give me the mud tires for free lol maybe this is a bad idea....
    1. kyphur's Avatar
      kyphur -
      Quote Originally Posted by thazsar View Post
      But your argument excludes the fact: Would we actually buy the app? Except for consumable goods, w/ regular purchases, we have a warranty, a trial period, a test drive, etc. W/ apps, we don't get that nor can we return the app.

      So the pirated app may have never been purchased in the first place, therefore, not depriving the Dev of profit..
      Ok, I'll admit that I've installed pirated apps that didn't have a free or lite version as a test drive. My rule of thumb is that if I still want it after 1 week then I delete the pirated version and make a legit purchase in the app store, otherwise I just delete it. I seriously wish the app store had a 7 day trial policy...

      For those who critisize the app store for this shortcoming I'll remind you that Cydia doesn't have it either and I've bought a few lemons there also.

      Frther I would point out that some of the most successful apps do have free or lite versions that give you a taste (PvZ, Angry Birds, etc) and enough people like the free sample well enough to make the paid versions very lucrative for the devs.

      The whole "would I actually buy the app?" question is invalidated in my opinion by the fact that you have taken the effort to pirate the app so you have gained the benefit of possession without giving anything in return. Why do you deserve to receive that free benefit?
    1. thazsar's Avatar
      thazsar -
      Quote Originally Posted by kyphur View Post
      Ok, I'll admit that I've installed pirated apps that didn't have a free or lite version as a test drive. My rule of thumb is that if I still want it after 1 week then I delete the pirated version and make a legit purchase in the app store, otherwise I just delete it. I seriously wish the app store had a 7 day trial policy...

      For those who critisize the app store for this shortcoming I'll remind you that Cydia doesn't have it either and I've bought a few lemons there also.

      Frther I would point out that some of the most successful apps do have free or lite versions that give you a taste (PvZ, Angry Birds, etc) and enough people like the free sample well enough to make the paid versions very lucrative for the devs.

      The whole "would I actually buy the app?" question is invalidated in my opinion by the fact that you have taken the effort to pirate the app so you have gained the benefit of possession without giving anything in return. Why do you deserve to receive that free benefit?
      +1

      I completely agree!!!
    1. Sk37cH's Avatar
      Sk37cH -
      Next headline "Russian Hacker Figures Out A Genius Way Of Gaining Access To 1000's Of Apple ID's"