Windows Marketplace for Mobile: Advanced Anti-Piracy Protection

Windows Marketplace for Mobile: Advanced Anti-Piracy Protection

  • Comments 9
  • Likes

If you are developing applications for Windows phone, you have probably read about the Standard and Advanced Anti-Piracy Protection available to developers to help protect your hard developed IP. If you haven’t done so yet, check out the Windows Marketplace anti-piracy model white paper available here. Advanced Anti-Piracy Protection (AAPP) is designed to thwart the illegitimate sharing of your Windows phone applications. Even if a hacker obtains the binaries from one device, AAPP will prevent that application from running on any other device. While Standard Anti-Piracy protection does not require any intervention by the developer, AAPP does require that you integrate code into your application. We will walk through how AAPP works, how you obtain the AAPP code from Microsoft and how to integrate the AAPP code into your application.

How Advanced Anti-Piracy Protection works

Installation Time: The Marketplace Client installs a license, derived from the application id and the device id, into the registry. The license is protected using RSA security.

Application Run Time: The startup code (obtained from the Marketplace section of the Windows phone Developer Portal) in your application verifies that the license stored in the registry matches your application. You (the developer) has control over the error handling. You can choose to display an error and quit, shift into ‘demo’ mode, or do whatever you deem appropriate.

How to obtain the AAPP Code

Obtaining the AAPP code is part of the application submission process. You will see the following at Step 3 (Product Info). image

Clicking on ‘Show Managed Code…’ we see the following code:

  1. using System.Runtime.InteropServices;
  2. using System.Security.Cryptography;
  3. using System.Text;
  4. // ....
  5. static string m_certModulus = "a26T2aaMKaafWSaI5JOaaQ7...";
  6. static string m_certExponent = "DUPQ";
  7. static string m_appSku = "dddddddd-70e8-4b15-9c90-46fca72d6959";
  8. [DllImport("coredll.dll")]
  9. private extern static int GetDeviceUniqueID([In, Out] byte[] appdata,
  10.     int cbApplictionData,
  11.     int dwDeviceIDVersion,
  12.     [In, Out] byte[] deviceIDOuput,
  13.     out uint pcbDeviceIDOutput);
  14. static void Main()
  15. {
  16. //Pre-Initialization code
  17. // ....
  18. byte[] licenseBytes =
  19.     Microsoft.Win32.Registry.CurrentUser.OpenSubKey(
  20.     "Security\\Software\\Microsoft\\Marketplace\\Licenses\\")
  21.     .GetValue(m_appSku) as byte[];
  22. string data = m_appSku.ToLower() + " " + GetUniqueDeviceID();
  23. RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
  24. //Create a new instance of RSAParameters.
  25. RSAParameters RSAKeyInfo = new RSAParameters();
  26. //Set RSAKeyInfo to the public key values.
  27. RSAKeyInfo.Modulus = Convert.FromBase64String(m_certModulus);
  28. RSAKeyInfo.Exponent = Convert.FromBase64String(m_certExponent);
  29. rsa.ImportParameters(RSAKeyInfo);
  30. byte[] bData = System.Text.Encoding.ASCII.GetBytes(data);
  31. if (null == licenseBytes ||
  32.     !rsa.VerifyData(bData, new SHA1CryptoServiceProvider(),
  33.     licenseBytes))
  34. {
  35.     MessageBox.Show("Could not verify signature");
  36. }
  37. else
  38. {
  39.     MessageBox.Show("License is valid!");
  40. }
  41. // ...
  42. // Post-initialization code
  43. Application.Run(new Form1());
  44. }
  45.  
  46. public static string GetUniqueDeviceID()
  47. {
  48. // Call the GetDeviceUniqueID
  49. byte[] appData = Encoding.Unicode.GetBytes("Marketplace");
  50. int appDataSize = appData.Length;
  51. byte[] outData = new byte[20];
  52. uint outSize = 20;
  53. GetDeviceUniqueID(appData, appDataSize, 1, outData, out outSize);
  54. StringBuilder resultSB = new StringBuilder();
  55. foreach (byte b in outData)
  56. {
  57. resultSB.Append(string.Format("{0:x2}", b));
  58. }
  59. return resultSB.ToString();
  60. }
           

Integrating AAPP Code into your Application

This code has all the basics you need to implement the Advanced Anti-Piracy Protection. However there are a few gaps that you need to fill-in. I’ve put together a sample (HelloAAPP) that has these issues worked out.  You can download it from here.

  1. The code provided by the portal does not catch NullReferenceException thrown by the Registry class if the license key cannot be found. This is most commonly caused by installing the CAB outside of the Marketplace client. This is because during installation, the Marketplace client installs the license into the registry. Most often you will see this during your own ad hoc testing. To help you avoid this error, in Debug mode, the sample installs a test license into the registry. Additionally the sample includes a handler for this exception.
  2. In the portal code, if the validation succeeds or fails, the application will still run. In most cases you will want to notify the user and exit. The sample displays an error message and the application exits following the users response.
  3. In the portal code, if the validation succeeds, the code will notify the user telling them so. This notification is probably not necessary in a real world scenario. The sample simply continues if the validation succeeds. Note that in the sample the same validation (VerifyData) is called in both Debug and Release modes. In Debug mode the test license is validated using the test key. In Release mode the real license is validated using the public key included in the developer portal code.
  4. In the portal code, the error message does not have any context. A (hopefully) clearer message “License verification failed. Please install via Windows Marketplace for Mobile.” is used in the sample.
  5. In the portal code, there is no way to test the validation logic since there is currently no way to install a license. As mentioned above, the sample creates and uses a test license that tests the validation logic. This goal of the sample is to demonstrate a way to use a test license in Debug mode and a real license in Release mode with all other code being the same.
  6. The error message is not localized. In the sample, the message is localized in English and German (de-DE).

 

Please let me know in the comments if there any other gaps in the AAPP code that you have had to fill.

Thanks,

Mike

9 Comments
You must be logged in to comment. Sign in or Join Now
  • I've already answered wieser's question in the MSDN forums, but for the sake of any one else reading I am reposting.  Your certificate is unique to your publisher ID. So your cert modulus and cert exponent won't match some one elses. If you download another's app you won't know their cert mod/exponent and thus cant use their license. You will need to use your own app.

    I uploaded an app, got it certified, and then "purchased" it for free so that I would have a key on my device that I could use for testing.

  • Started submission of a product, so I could get to the code, and sure enough, Modulus and CertExponent are different from the listed example.

  • Further to my earlier post, downloaded two freebie apps (one microsoft, and one from somewhere else), but alas, Joe's trick didn't work.

    So is it just my device, a bug in my code, or would we expect it not to work, because the CertModulus and CertExponent are in fact different for each product.

  • Regarding Joel's suggestion, Are the CertModulus and CertExponent always the same for every app, or does marketplace switch them around occasionally?

  • Apparently this mechanism has been cracked, according to this site:

    www.wmexperts.com/microsofts-new-marketplace-security-reported-cracked-already

    Looking at the reported work around, it sounds like intercepting the call to the VerifyData call, and always returning true.

    So, to make this hack not work, we'd need to poke in some data that we know is wrong.

    So here's the question:

    Can one guarantee that by changing a single bit in the data to be verified, the hash will always be different?  If so, we could detect this interception from a false positve.

  • Thanks Joel. That's a clever way to test with a real license.

    Mike

  • If you have a free application in the Windows Marketplace for Mobile then you may be able to use it to test this code. Install your free application and the license will be installed to. During the development of your code set the app ID to be the same as what it is in your free application and now you can see how your code behaves in the presence of the proper license key.

  • Thanks MAZZTer - Yes. The registry access should be wrapped in a using statement. Thanks for pointing that out.

    Mike

  • One thing that jumps out at me with that code block is that you open a registry key but never close it.  I'm guessing .NET will close it for you once the RegistryKey object goes out of scope and gets destroyed.  I'm not sure when .NET does that in this circumstance... possibly after Main() finishes, making it more important since it'll only close the key after your app is closed, although if .NET is smart enough it'll realize it goes out of scope after that line of code.  Of course, even when it does go out of scope, no guaranteed it will be destroyed immediately.  Best to leave no uncertainty and free resources manually when the option is available, IMO.