Is there any known way to protect windows 8 store app from piracy? When I wrote for Windows Phone 7/8 I just checked for existance of some fields in WMAppPRHeader.xml. In Android I can check package signature and I have LVL library. In iOS it's enought to search for some files inside a package.
But does Windows 8 store app have some similar?
Yes and no.
Just about everything you do, even in those cases you mentioned above, can be disassembled and overwritten. Consider, all they have to do is replace those lines in assembly (completely ignoring disassembly) with a NOP slide and then repackage it, signing the app package with their own certificate and installing it on their own machine.
The key is the way that they have to install this. In order to install a metro application, they need to get a developer's license and side-load the application. According to MSFT, they track (in some way) the usage of this developer's side-load to ensure that you are not installing pirated applications and are indeed using it for testing and development purposes (which you have to agree to in order to get the developer's license).
Now, if someone were able to bypass this system further, then this won't affect them as much, but that's the way DRM works. As of the current state of technology, it's not perfect (and likely never will be).
To answer your question though, Windows 8 has similar features built-in to the system. Users who misuse their developer's licenses will lose that license and be unable to side-load applications at all, so long as the system works.
You can do things to make it more difficult for them to, say, disassemble and repackage your application and sell it on the store like has been quite common in Android markets. Check out Dotfuscator. They have a version specifically for Marketplace apps.
Unfortunately, that's the best that can be offered. You can make it harder to pirate, but not impossible. You could have the app hash the contents of the install directory and send that off to a mobile service to be verified, but they could just as easily run it once regularly, sniff the packets being sent, then replay the verification response. You could also create a signing certificate in the mobile service and verify that the response is coming from the mobile service itself, but they could also just replace that certificate. You could have it pull the certificate from your mobile service in the first place, but they could just point your app to their own mobile service.
And, again, they could just bypass the checks entirely.
The system has drm already in place to try and make it more difficult for pirates to create a usable system, but with piracy, where there is a will, there is a way.
Related
I'm wondering if it's possible for a Xamarin application (all the platforms : Android, iOS, Windows Phone) to detect and load assemblies at runtime.
This is the kind of thing that I already did in WPF, and I'd like to use those modules (maybe with some modifications) in a Xamarin app.
I've spent yesterday looking for info online, and today I tried to implement a solution, but without success.
Prism seemed to be a way to do it, but it works only in WPF.
The restriction which makes this difficult is that I don't know at compile time any information about the assemblies. No names, no versions, no classes.
I can put the name and the version in the filename, and maybe find the classes by reflection. Using an interface as entry point (Prism use this), I should be able to do it.
Do you have any thoughts about this challenge ?
Thank you very much !
iOS: No
Apple does not allow code that was not bundled into the app at signing time to be executed, thus no on-the-fly Jit'ing of CIL allowed. The only exception to this is Javascript code that is run via their Nitro JavaScript Engine.
Android: Yes
Google allows just about anything you can think of, for better or worse ;-)
Windows Phone: No
All code must be signed as part of the Microsoft Store' App Ingestion process and thus you can not dynamically load assemblies later
Note: If this is a hard requirement for your app, you should look at hybrid mobile apps, like Cordova/Ionic, where you can perform a hot push to roll out new features, bugs fixes, etc... Besides self-hosting those hot pushes, various vendors support hosting of those, even Microsoft Azure has a full versioning publication system for this. Of course you would most likely be coding in JavaScript (or some trans-compiled variant).
I had thought that my Windows App was finished and ready for release. However, during the certification process, ACK told me Tag-Lib# uses API that the Windows Store does not support. Now I need to find some other way that the Windows Store DOES support to be able to programmatically set the album art for songs. Any ideas? (I would also be happy if anyone knew of a way to modify Tag-Lib# to comply with the Windows Store restrictions.)
Use the Windows App Certification Kit to see which API's are called. Then try to modify the Tag-Lib# source to not use those API's, or pick the relevant code and build your own library.
Though I think, given it's used for reading and writing files, it relies on System.IO which will require quite some rewriting to Windows.Storage.
I am working on a web project where content security is client's first priority. I need to create a windows app which will track if the user while visiting the website, is running any screen recorder. If he is, I need to log him out. I have knowledge on c#, vb.net. Can you please tell me if it is possible to track if screen recorder is running on user's computer?
You seriously want to prevent access to a web-site being recorded?
The simple answer is no, you can't tell. However, MS does offer some content protection APIs that might be more what you need, IF you are rendering to a DirectX 11 surface:
Direct 3D Video APIs on MSDN has more info.
It might cost colossal resources to implement such solution (that will have holes and must be maintained). Monitoring web site by means of a desktop app sounds like a dirty insecure hack. What if the user has a mobile phone with the camera?
Better, you shall rely upon standard widely accepted security principles of HTTP/TSL, such as proper authentication, authorisation, security policies, encryption, strong passwords etc.
I'm looking for a suitable client side architecture that will meet some or all of the following requirements.
I'm thinking primarily about Silverlight (but I would also consider MVC or WPF depending on your suggestions - I can possibly trade some of these requirements off, or find work arounds).
I'm looking for an assessment of Silverlight being able to fully, partially or not able to support, each of the following, with detail around each if possible:
Must be able to reliably upload large (~100MB) binary files via WCF and MTOM
Must be able to support file downloads, preferably in the background (i.e. through 'synching'), though this could simply be supported through a manual URL if necessary
Should have access to some form of local storage - this could be binary or XML for config purposes, but ideally some kind of database (not fussed which, as long as it is part of the install/app)
Should be able to dynamically configure itself depending on user profile. In other words, where a user logs in, the UI and services available are dynamically determined.
Should support some form of client notification (sound and or tray bubble). Ideally this would be supported via WCF duplex, but could be accomplished through polling.
Ideally, should run on multiple platforms (Win / OSX)
Should be easily deployable - if I need to run Silverlight in full-trust mode / OOB - how do users get new versions?
Should be minimisable to the system tray
Any detail or thoughts you can give me on the above would be much appreciated.
Edit - additional questions
Are there any limitations on local storage/access in Silverlight 5 OOB? Or does it behave like a standard WinForms app?
Is it possible to bundle SQL express with a Silverlight OOB .msi?
What is the best option for dynamically configuring a Silverlight app? I've seen MEF mentioned - is this the preferred approach or are there others?
Must be able to reliably upload large (~100MB) binary files via WCF
and MTOM
Should work.
Must be able to support file downloads, preferably in the background
(i.e. through 'synching'), though this could simply be supported
through a manual URL if necessary
Unless you are running OOB with elevated trust (or SL5 in browser elevated) and thus have limited access to the local file system, you would need to ensure sufficient space in Isolated Storage for the downloads.
Should have access to some form of local storage - this could be
binary or XML for config purposes, but ideally some kind of database
(not fussed which, as long as it is part of the install/app)
See above. Regarding local database support there is an SQLite port for Windows Phone 7 which also works in Silverlight (I've recently tested it).
Should support some form of client notification (sound and or tray
bubble). Ideally this would be supported via WCF duplex, but could be
accomplished through polling.
The notification can be done through Silverlight's Notification Window (supported from SL4 and up). The actual server side notification could be done through duplex channels or Kaazing WebSockets Gateway etc.
Should be easily deployable - if I need to run Silverlight in
full-trust mode / OOB - how do users get new versions?
You can install an OOB Client along with the runtime with an MSI installer and still have the Silverlight standard update mechanism work for you (required Authenticode signed XAP). I've done just that a couple weeks ago.
Should be minimisable to the system tray
AFAIK not possible in SL4. Not sure about SL5.
All the points I have not quoted should work.
Having done some Silverlight development I often feel a bit restricted by the possibilities it offers. In my opinion it is meant to be run within a browser, with a web-like interface. From what you describes it is more of a full app you want so I would recommend WPF and click-once deploy that handles updates automatically.
From your requirements I would suggest WPF, full application support, but when it comes to OS X support, then you have a problem, WPF won't work on OS X, only Silverlight will, so I am afraid you have a few requirements that have conflicts with one another.
I just like to code when i travel,but i can't carry my laptop while travelling so i thought of a mobile in which i can create apps in C#, .NET or Java but for that i need an IDE,Compiler,etc.
Basically I am looking for a phone / mobile / PDA (far more handy than a net-book or a laptop) in which i can code the way i can do it normally in Visual Studio installed in a machine.
So are there any such devices ?
Let's take a look at what you need to overcome to get this to work.
1) oomph
Smart phones are designed to give you the ability to stay in touch, and have a rich experience on the move, but within the confines of a device that can be put in your pocket. Storage isn't really an issue these days, but processing power on small devices are. Sure we can run calendar, 3D games (though nowhere near the complexity of what you'll see on a fully-fledged operating system), fart-applications and plug-ins for you-tube so we can watch idiots break their ballsacks on railings, but there's a reason you don't see a fully-fledged rich-desktop application, or Grand Theft Auto IV on these devices. Oomph. Now bring in the Visual Studio development environment (and database server, if that is what you're application is doing), with potentially 100s of source files in your language of choice. Assuming we put a severly cut-down version of your IDE on to your pda, I hope you brought some spare batteries or the power-cord because you're going to need it.
2) input
It's probably not difficult to change your predictive text input to cover all the keywords of your chosen language so that you don't end up typing pubic instead of public. Once we've solved that we then need to go through the agonizing process of the fact that computer code contains a lot of symbols and identifiers, meaning we'd have to switch our input mode every other word or two to facilitate it:
for(int i(0); i < _vector.length(); i++)
Takes a few seconds on a keyboard. Probably about one train journey on your PDA. To solve this, we must assume the PDA has the facility for an external keyboard to prevent suicide.
3) display
Ok, we've solved our oomph problems with a power-chord and/or 50 batteries and we've plugged in our external keyboard. We're ready to code!! We'll have to adjust the font-size on the display so that we can get more than 20 lines of code (vertically) or 10 (horizontally). I enjoy my comfort when I code, so I don't want to be squinting at a small screen as I type on my plug-in keyboard. I'd have to prop it up against some books or something (so I don't have to hold the PDA and the keyboard). Now I can't see what i am doing. So, I need a bigger display.
4) Target code
What platform are you targeting? Remember the PDA is designed to run software for the PDA in question. You won't be able to write fully-fledged win32 applications on Windows Mobile 7. There are differences in the API. What if it's a web app you're developing? We're going to have to add a web server to the phone too, unless that is deployed elsewhere and we can rely on an internet connection to upload the changed files to.
Have we solved the problem? Did we get more oomph? A keyboard? A bigger display? Yes we did.
It's a laptop.
It's impractical, as Moo-Juice mentioned. However, you could try using online compilers that work through web browsers, such as Compilr.com. Perhaps this could work well enough through a mobile device's web browser. This way you could write snippets of code and verify that it compiles. Otherwise, you'll be stuck getting a netbook or laptop.
Use a VNC client or Remote Desktop client or something.
Obviously your experience will not be very good on a phone/PDA, but I also don't have an IDE installed on my laptop -- I just use remote desktop (and a wireless modem if I'm desperately bored and can't find wifi).