Hackers Bypass Windows Store, Turning Trial Apps Into Permanent Programs

by Andy Patrizio

One month into Windows 8 and the Windows Store, the online app store for selling Windows 8-specific programs, has been breached by a hacker tool that turns trialware into full use apps.

The Windows Store has a number of developer friendly features, including the ability to put out a time- or use-limited version of an app as trialware, which would allow a person to try out an app before making a purchase decision.

Unfortunately, if you build it, the pirates will come. A recently released hacking tool called Wsservice_crk floating around the underbelly of the Internet lets users crack Windows Store applications, sideload unsigned apps to install them on Windows 8, and even access source code and documentation.

You simply download the trial version of the application using your Windows LiveID and click the CrackIt! button on Wsservice_crk to unlock the trial version of the application. 

The program is only on the x86 version of Windows 8; it is not compatible with Windows RT devices. Also, any apps cracked with the tool can't be updated via Windows Store when a new version comes out.

The program also offers the ability to create app packages that can be redistributed and sideloaded onto a PC without being digitally signed by Microsoft.

A Microsoft spokesperson said the company is aware of the rootkit and is working on stopping it. "We have seen a limited number of people use this method to extend trial durations, convert trials to full featured applications and to install applications on more machines than five computers," said the spokesperson.

It's not a great way to launch Windows 8 to have the app store protections broken in the first month of release, but at the same time, it's too early to say if the release of the rootkit will scare off developers.

Wes Miller, research analyst with Directions on Microsoft, doesn't think so. "I don't think in the grand scheme of things it will be because a couple of things will happen. I figure Microsoft will figure out a way to deal with this and the typical consumer won't go through the work to use the tool," he said.

The activation in products like Windows and Office aren't there to stop the hardcore pirates because they will always get around it, said Miller, who worked on Windows XP yeas ago at Microsoft. It was designed to stop casual pirates who wouldn't make the extra effort often required to circumvent the activation steps.

"If anything, if you were a large ISV it might make you take a wait and see approach to see how Microsoft cuts off circumvention, but I think that's the worst thing it will do," added Miller.