I would be lying if I said I didn’t think some people would get the wrong idea about ChevronWP7, which is why we went into great lengths to emphasis it is just an unlocking tool and even outlined our position on application piracy. What I didn’t think is that people would actually accuse us of advocating piracy itself.
One post in particular, “My Thoughts On ‘ChevronWP7′” by Michael B. McLaughlin is riddled with so many false allegations that begs a response. Although this post will be replying to excerpts of his writing directly, I hope this will help clear the air for others as well.
“ChevronWP7” is a “jail-breaking” thing
…
“Jailbreaking” is just a euphemism for “helping criminals steal from developers who depend on the software they write to help pay their rent, feed their kids, buy clothes, and meet the other ordinary expenses one incurs in life”.
First of all, the common understanding of a jailbreak is gaining root access to a device that otherwise has a limited API, which I might add was recently ruled a legal practice with the support of the EFF. Misrepresenting jailbreaking for application piracy is a far stretch of the truth.
I really don’t care what your motives are. The fact remains that you have created a tool, the sole purpose of which is to circumvent the security restrictions of the phone.
Personally I think my motives are pretty important in the context of this issue and that is to help develop a community of Windows Phone 7 homebrew developers and users.
Nevertheless, the sole purpose of the tool is also quite simple – to enable anyone to sideload an unpublished application to their Windows Phone 7 device.
I must emphasize the ability to sideload and run unpublished applications is a supported functionality of all Windows Phone 7 devices. Although not enabled by default, it’s a behavior embedded into the design of the operating system itself. That’s all ChevronWP7 does.
You say that the tool can’t be used to illegally load apps from the marketplace. How should we know? Because you say so?
…
Anyone who thinks that doesn’t hasten the arrival of pirated apps is deluding themselves. You’ve moved the ball forward on that. You. Not someone else. The fact that someone else might have done it eventually anyway doesn’t make it any less harmful and doesn’t make it “OK” that you did it.
We say this because none of our efforts has any effect or influence on what would be necessary for application piracy. Microsoft has implemented what we understand to be sufficient anti-piracy protection on all applications published on the Marketplace and it’s not our intention to break them.
Of course someone out there could be attempting to break that protection, but our tool and efforts does not aide them since it makes no modifications to the operating system’s security mechanisms.
Just to play devil’s advocate, even if the protection is compromised, we would support Microsoft hardening its anti-piracy mechanisms for published applications since it should not have any impact on any homebrew efforts outside of the Marketplace.
Do whatever it takes to help yourself get to sleep at night. Because being a celebrity is totally worth being a sociopath without any concern for your fellow human beings. Isn’t it?
As someone who tries to be a compassionate and considerate person and member of society, this is extremely offensive.
Microsoft banning you would simply be them sticking up for us. It’s their call how to deal with this abominable act of yours, of course. But don’t harbor any illusions that developers would universally support you. This developer, at least, most certainly would not.
I fully intend to pursue my goal to enhance the Windows Phone 7 experience for myself and anyone else who understands the nature of our work. It’s a shame Michael doesn’t feel the same way.
Update: The first homebrew Windows Phone 7 application that enables custom ringtones has just been released.
Update 2: We have a new blog post “Pursuing the future of homebrew on Windows Phone 7“.
I think it is important to point out that Chevron doesn’t open up ANY additional attack vectors for pirates. It does the same as the official “Windows Phone Developer Registration” tool that comes with the WP7 SDK. It just doesn’t require you to have a App Hub account to run the tool.
As a Windows Phone developer, I can deploy applications onto my device for testing, which means that if I have the binaries, I can deploy any other application for testing also.
However, as someone who relies too much on the income for their development to hurt anyone else in that way, I don’t pirate others’ software.
I don’t think it is vastly “wrong” to unlock this feature for the general populus, but chances are, there are a lot more non-developers who will be happy to pirate software than there will be developers who are, so I’m pretty sure this is going to be harmful to a degree.
Also, it’s not like this is an opportunity for students who don’t have the money for a development license, as Microsoft is pretty generous about giving those away, and they’re not that expensive to begin with.
This tool is not harmful in and of itself, but 99% of the people who needed the functionality already had it legitimately, and 99% of the people getting it from this tool are not going to use it legitimately.
It seems odd to me that a developer doesn’t understand how the tool works and what the intentions are. Even as a non-developer, I thought that the intentions and what the tool does were explained quite clearly.
It’s not that he doesn’t know how it it works, it’s just an appeal to emotion to generate hatred from the people towards the application.
It’s a lot like what most politicians do nowadays.
+1.
Homebrew != piracy. Lets take a look at the competition for a moment (Apple). Apple have strict requirements for allowing apps into their store, I’m not saying Microsoft are the same but why should Apple device what you can, and can’t, run on your device. The same goes for Microsoft IMO.
Long et al, keep up the great work.
This is a misunderstanding. You can write, compile and run anything on you iPhone device, the device *you* bought. You can give the sourcecode to anyone else who can also compile and run it on theirs. You can even distribute a compiled binary within your company or to your close friends (called ad-hoc distribution). But to distribute a binary widely – that can be done only through the appstore and there Apple apply its security checks and require you follow their published rules. So Apple support homebrew coding without any limitations – but if you want to become famous or rich (or both) you need the appstore.
I will admit I felt a little uncomfortable myself when I saw the announcement of this tool. I looked at it more closely and realised all it does is turn any phone into a developer testing handset. My own handset has been registered as a developer one, so this tool is not for me, but I still have concerns about people obtaining XAPs and putting them on the phone once its unlocked.
I hope that Microsoft make an update to the phone, which requires apps to contain some code when they are to be tested on the phone, which is not present when submitting to the marketplace. This way if the code is not present in the XAP, it wont be sideloadable.
This way XAPs designed to be sideloaded can be compiled as such and distributed online, or the source code shared if it is open source, but apps without the code present will not run without having been purchased or obtained from the Marketplace.
This is something Microsoft should do, and it would not clash with your goals of providing a way in for homebrew and non-registered users to use their apps on their phones.
There are many countries where you can’t buy developer’s license. This is my case.
Thank you for the possibility to develop my own apps for my own phone.
He has a point to some degree.. in the same way you could argue Albert Einstein is directly resposible for all the lives lost at Hiroshima and Nagasaki.
However, I think most sensible people see the difference and understand where you are coming from. Dare I say Microsoft may be thanking you for this in the not too distant future!
This a very important point, I´m on the same boat as you.
Sorry, my mistake, my reply was for Petr’s comment
Sort, I would prefer saying this is like arguing James Clerk Maxwell is responsible because he is a scientist.
I mean Einstein did write to Roosevelt promoting the idea so there is a reasonable connection there. This McLaughlin asshat is just completely off base.
The fact that he describes himself as a retired lawyer says it all. This guy seems to have nothing but the most rudimentary understanding of how WP7 functions.
Still, one would have thought that as a lawyer, he’d have understood the importance of motives. To claim that motives do not matter, is akin to claiming Albert Einstein is a war criminal for the minor role he played in the Manhattan Project that lead to the Atomic Bomb. All you have done in this analogy is achieve a chain reaction of nuclear fission. At that point, you are still some way from both Nuclear Power and Nuclear Weapon, but you cannot acheive either without passing through basic fission. Yes, there is the ultimate potential to use this knowledge gained for the purpose of distributing pirated software. But there’s also the potential to fill a huge gap in the market, and exploit the great platform Microsoft have developed in ways previously unthought of. A win-win for Consumers, Developers and Microsoft themselves.
He seems to drastically overstate the importance of this tool for piracy as well, and seems to believe it will completely compromise the security of his application’s “source code” and his “Intellectual Property”. You know, because that wasn’t in the open already. Not that I’m convinced there’d be anything worth gleening from toiling over his decompiled application. I laugh at his claim that I gained “unauthorized access” to binary data floating over my WiFi in obtaining the Samsung COM DLL, which he goes on to make out as forming the basis for this “jailbreak”. Which we all know is completely untrue. Let me make it completely clear: There is no such thing as restricted data in the land of the digital machine. It is only a matter of time and perseverance as to returning binary to it’s original form. This wasn’t an acheivement, it was just some people putting in the time and effort into something that, if they hadn’t, someone else would have sooner, rather than later.
Hello,
As a windows mobile developer I have to say “Thank you”. This tool is awesome and not for piracy stuff!
Here is my small testimony of why ChevronWP7 can be usefull in some cases :
“”
I’m working in a huge company in a small development team. To make demo of what “windows phone 7” can bring to our company I can use the emulator but it’s really missing stuff (GPS emulation, Accelerometer, Camera, …). Then the solution proposed by microsoft on some official blogs was to buy the “app hub” access to unlock my device (wich I bought on my own, and for personal use at first). The problem here is simple : how to make a demo to convince my big boss to pay those 99€ without a real device : I failed doing it!
Now thanks to ChevronWP7 I was able to publish my demo-app, run it for real, fix some small issues, show it to my boss and : I will get the official AppHub subscription next year (budget stuff, administrative things and more but now it’s validated, just a matter of time).
As you can see ChevronWP7, in my case, helps me to get in the official AppHub!!
“”
I will post this on my blog later (after reading it more carefully to avoid dirty english, wich is not my native language).
Thanks again for the good work!
DarkAngel aka Stéphane
Lawyer. Nuff said. Next…
As a developer I would just like to point out that Mchael McLaughlin is an idiot.
Indeed!
The same guy probably takes for granted his ability to load any application he wants, without restriction and without paying for the privilege, on the same PC he used to write that poison-filled post.
The allegations by McLaughlin are laughable at best. The fact that you can now load your own applications to the device in no way, at this time, allow you to copy and transfer an app from one device through means of piracy… at least, not without considerable effort. Moreover, your efforts have been (on this project and others) an amazing contribution to the Windows community.
If I had a WP7 device right now, this would be a “must have” application.
5 dead lawyers in a Benz. What’s the crime?
It holds 6.
No words can quite describe what a fool that man is.
Considering that the ability to sideload apps, among other things currently costs $99 and this program is designed solely to circumvent this then you must be stupid to say that what you are doing is right.
I personally think of this app as a ‘crack’, because you granting people access to something that should cost them money for nothing. Thereby Microsoft are losing out on $99 from every person that would have instead actually purchased a license from them in order to use this feature.
Don’t get me wrong though, I’m all for hacking apps but you guys are trying to be both hackers and “support[ers] [of] Microsoft [in] hardening its anti-piracy mechanisms for published applications”. You can’t be on both sides as the very fact of hacking the OS isn’t helping Microsoft with that cause.
Again, I’m all for hacks but I’m disappointed in your pathetic attempts at trying to cover your ass, whether you like it, while you aren’t directly advocating piracy you are greatly aiding it. Just like with the iPhone without the numerous jailbreaks there would be no piracy on iOS. And similarly without this “unlock” potentials for piracy wouldn’t exist, they now do and you are whether you like it or not, partly responsible for that.
I suspect that Microsoft loses nothing to this “crack”. Developers might lose something, but mainly they lose due to increased competition from free side-loaded apps, not due to piracy.
Microsoft charges $99 to pay for an “identity check” service from a 3rd party. Basically, when you register, Microsoft gives you permission to publish to their app store. Before giving you that permission, it wants to know who you really are so that if you publish a malicious app, Microsoft can hunt you down and boil you in oil (or whatever).
To make this more attractive to developers, Microsoft includes 5 free app submissions in the package. Microsoft loses money here. Each app submission requires Microsoft to pay for a Microsoft employee to check the app for nastiness (hate speech, pr0n, etc.), and that costs much more than $20, but Microsoft wants to get more apps in the store, so it subsidizes the submission process.
Bottom line is that the $99 fee is to pay for access to Microsoft’s Marketplace. Since ChevronWP7 doesn’t grant access to Marketplace, ChevronWP7 doesn’t take anything away from Microsoft. Microsoft doesn’t lose anything here.
The ChevronWP7 app doesn’t really aid piracy either. Marketplace also allows you to install apps without paying for them. In both the Marketplace and the ChevronWP7 case, the app knows that it hasn’t been purchased. If the app is free, the app runs normally. If the app is not free, the app runs in “trial” mode. So ChevronWP7 will only make it easier to distribute free or trial apps. It won’t allow you to run a non-free app without paying.
If somebody takes a non-free app from Marketplace and modifies it so that it works without being purchased, the app could then be loaded onto any unlocked phone. This would work whether the phone were unlocked via ChevronWP7 or via Microsoft’s own developer tools. This would be piracy. However, ChevronWP7 doesn’t change this situation. It does enlarge the potential market for such pirated apps, but the piracy is independent of ChevronWP7’s existence.
@Carl. Since it’s my device, I should and can do whatever I will with it. Allowing me to access my device does not in any way destroy intellectual property rights of Microsoft or Developers.
You didn’t actually reply to anything I wrote, you simple ignored it. I never said you shouldn’t be able to do anything you want with your device, that’s your right. I’m simply pointing out the fact that Long is trying to sit on both sides of the fence, or to put it simply trying to having his cake and eat it too.
“Considering that the ability to sideload apps, among other things currently costs $99 and this program is designed solely to circumvent this then you must be stupid to say that what you are doing is right.”
– Since it’s my device, I should and can do whatever I will with it.
“I personally think of this app as a ‘crack’, because you granting people access to something that should cost them money for nothing. Thereby Microsoft are losing out on $99 from every person that would have instead actually purchased a license from them in order to use this feature.”
Allowing me to access MY device does not in any way destroy intellectual property rights of Microsoft or Developers.
“Don’t get me wrong though, I’m all for hacking apps but you guys are trying to be both hackers and “support[ers] [of] Microsoft [in] hardening its anti-piracy mechanisms for published applications”. You can’t be on both sides as the very fact of hacking the OS isn’t helping Microsoft with that cause.”
Don’t be jealous.
“Again, I’m all for hacks but I’m disappointed in your pathetic attempts at trying to cover your ass, whether you like it, while you aren’t directly advocating piracy you are greatly aiding it. Just like with the iPhone without the numerous jailbreaks there would be no piracy on iOS. And similarly without this “unlock” potentials for piracy wouldn’t exist, they now do and you are whether you like it or not, partly responsible for that.”
Would you prefer they said nothing? At least they put their faces on this and not try and hide like some of the iphone dev team. I think that’s strong enough.
“You didn’t actually reply to anything I wrote, you simple ignored it. I never said you shouldn’t be able to do anything you want with your device, that’s your right. I’m simply pointing out the fact that Long is trying to sit on both sides of the fence, or to put it simply trying to having his cake and eat it too.”
Is my reply now enough for you darling?
“- Since it’s my device, I should and can do whatever I will with it.”
Do you have same feeling with your gun?
Yes, with gun you can create bodily harm and with latter financial harm. Would you be a hero, if you would drive around the city, throwing universal keys to door locks? You could claim that it’s good for everybody, since now they can have an extra key, in case they lost their own keys, but how about the overall picture? What else was just made possible?
If you own something, it does not mean that it would be wise to do anything what comes to your mind with it
“Would you be a hero, if you would drive around the city, throwing universal keys to door locks?”
Are the lock manufacturers trying to tell you that, even though you’ve bought your door outright, that you’re actually ‘licensing’ it and are only allowed to unlock it as often or in a manner which they approve of, and only subject to additional yearly payments? Likewise, is the tool being provided here allowing you to access everyone ELSE’S devices without their knowledge or permission at the expense of their privacy and personal safety?
Very stupid analogy.
@Mr. nobody: Amen!
“Are the lock manufacturers trying to tell you that, even though you’ve bought your door outright, that you’re actually ‘licensing’ it”
Whenever a software ‘purchase’ is made (in this case the OS) you are never buying the software, you are always licensing the software – the owner is still the software publisher (not you). As such it is up to them how what restrictions are applied to the license and if you don’t like it, then it is your right not to buy it. MSFT apply a a restrictive license (of which the $99 means really nothing to them) in order to stop themseleves being held accountable for bad software causing issues with the OS / HW. This was the fundamental problem with Windows Mobile previous to WP7 that they are now trying to avoid. It is the same at Apple for iOS.
@Carl – the $99 provides the ability to submit apps to the market place, as well as the testing and code signing that Microsoft does as part of the process. The ability to side-load apps is simply a necessary part of the package (since otherwise we couldn’t test applications on actual devices), not the reason they’re asking for the money.
So no, I don’t think this is depriving Microsoft of any income.
The most compelling argument in my opinion is the one Petr mentioned, since not all countries have access to the developer program, and people *should* be able to write code for their own phones.
What you consider “necessary” is irrelevant. The fact of the matter is Microsoft are charging you $99 to sideload apps (among other things), this program circumvents it therefore you are gaining something for nothing.
What you consider “irrelevant” is actually necessary fact.
I do not think your response and clarification was not necessary as his language clearly is offensive and non-fact based. Sounds just like an American Politician.
duh, double negative. what I meant to write was “I don’t think you response was necessary…”
I have to say, regardless of any allegations. This app has been a life saver for me. The sole purpose of getting a windows phone 7 was so I could develop apps for myself in C#. My hopes and dreams were totally squashed when I found out that while the tools are free, I’d have to pay $99 and go through some bullshit verification process just to use my phone. When you couple this with the money invested in the phone, and software (I have full VS), etc.. it seems ridiculous to charge me $99 + $20 (per submission, not publication) just to develop apps for my phone. I literally had sent in an RMA, and had already delivered my phone to fedex when a friend pointed me to this place, and I had to go back to fedex and ask for my phone back.
So the story is that you had $200 for the phone, but not $99 for the app store. How are you going to benefit from building your apps, if you do not put those to App Store?
I do not know whether the original cracker thought that he’d done something good for the developer community, but he should have also thought how this is going to affect to those devs who already have apps in the app store and now their work can be pirated. So thanks for all idiots who pissed to the cereals of all devs getting money from MS app store from their apps. Thanks a lot.
Why can’t you understand that this tool DOES NOT allow apps to be pirated? Do you just see the word “hack” and think they are all the same? Does the iphone jailbreak tool allow iphone apps to be pirated? No. If jailbreaking tools pirated apps, would they be legal? No. HELLO. Get your facts straight.
OMG, you still don’t get that there are people that just want to develop for their own phones? Not everybody wants to earn money or go through the hassle of submitting to the app store with every app he/she writes just to enhance its own phone.
Sure you can develop. It’s only $99 if you want to test you app in live device and submit to App Store.
If you want to do dev and use emulator, it’s then $0. Fair?
You can Open Source your app, if you do not want and there will be someone who has App store / dev license who can upload your app to app store.
And now gentlemen, what prevents copying installed app from phone, repackaging it and then installing it to cracked phones? FS and Registry hacks do exist.
Note that the simulator doesn’t accurately provide the same emulated HW environment.
Hey, some people don’t want to pay half of the (subsidized) price of the phone just to test $HARDWAREDEPENDENTFUNCTION.
Also, fix your terms. ChevronWP7 is a hacking tool to allow you to sideload apps, not a cracking tool (unless there was a “patch” to rename licensing calls that would work perfectly every time)
Also, for the devs, if you really want to make your app p1racy-proof, make it tied into a web service, ffs.
“So the story is that you had $200 for the phone, but not $99 for the app store. How are you going to benefit from building your apps, if you do not put those to App Store?”
Why do so many idiots think that the sole purpose for writing mobile software is to publish to others? I write software 1) for my own satisfaction, 2) to improve my technical skill set and employability, and most importantly 3) to serve needs specific to myself. I have no interest in publishing most of what I do for the world to consume, nor would most people likely have any interest in what I do. Even IF the time comes that I write something of interest to others that I care to share, I have no interest in being at the mercy of another “App Store” with all its bias and monopolistic failings. If this leads to a Cydia-style arrangement, all the better. Yeah Microsoft potentially lose out here. Big deal, I’m sure they’ll survive. The bigger deal here is the claim that it’s the independant developers who get hurt, and considering they’re the ones who really benefit most (well, the only ones really) from this, anyone trying to pursue this argument is a blatant dickhead.
“And now gentlemen, what prevents copying installed app from phone, repackaging it and then installing it to cracked phones? FS and Registry hacks do exist.”
Fail. This tool does nothing that the $99 developer account stuff doesn’t. Does having a developer account give you the ability to pirate apps? I didn’t think so. You have to have more than just sideloading access to pirate apps. You’d have to break Microsoft’s protection scheme, and this tool does nothing to assist in that endeavor. Just being able to copy apps (if that’s even a possibility right now) is meaningless.
One thing that I haven’t seen mentioned is the use of this tool within a company.
With previous Windows phones, a company could develop an application and give it to all their employees. For example, develop a stock control program – give it to everyone in the warehouse to install on their company supplied phones.
With WP7 there is no way to do this. You have to put applications through the MS store. So either you give everyone in the world access to your proprietary app – or you go without.
With this tool, a company can unlock the phones they’ve purchased, install their own application on the, then distribute to the field.
I have spoken to the WP7 guys about this scenario and, while they’re aware of the problem, they wouldn’t comment of when or if it would be resolved.
T
Irrespective of if this makes it easier for pirates or not – the fact remains that we need to stop running around on our toes and missing out on the advances of technology just because of the idiots who do such a thing.
Whatever happened to innocent until proven guilty?
That guy’s inflammatory blog post really is just him going off the deep end. It shows zero understanding of the platform, and zero understanding of what the tool is. I mean, really: calling the developers sociopaths? Maybe he ran out of refills on his antianxiety meds. Or maybe the post was just click bait, who knows. Anyone in their right mind, who knows the industry at all, knows that jailbreaking a phone is legal, and that it is about enabling functionality on the device, not about piracy.
Been LMAO at the negative comments and Tweets, especially those of the “you’re cheating Microsoft” variety.
Since when is competition cheating?
And car theft is just enabling the functionality of the platform?
@JP so by your logic we should not have invented the hammer because some one might one day use it to break into a car?
Again, your “analogies” just prove that you’re a braindead dickhead.
Car theft would be a valid analogy if this tool allowed you to take someone else’s device without their permission, thereby depriving them of a physical asset. Explain how this tool 1) punishes end users of the device in question, as with car theft, 2) deprives anyone of a physical asset.
If “CarTheft” was the name of a tool which allows you to load your own MP3s onto a car stereo instead of having to pay the car manufacturer a yearly license to be a “Record Label” and then have the music you want to listen to in your own car first pass the car manufacturer’s approval process and also be subject to a per-unit publishing fee, then yes. Valid analogy. Especially if the approval process also means that any music you want to load into your car MUST, by distribution channel design, also be available to anyone else with the same car.
the only problem is you OWN the car. o_O.
the only problem the person you are trying to label as thief OWN the car. o_O.
Long all that needed to be said was two things really (but you said more and quite ellequently):
1. Its like bit torrent or Napster. Their primary use is piracy but its up to the user to know right from wrong and make the correct use of the program and not to anything illegal or frowned upon.
2. Microsoft baked it in and switched it off with a hidden switch. Similar to what att does with android. Its wrong to not have that switch exposed because every other android phone allows side-loading and with the current gen. of smart phones all should allow side-loading. period. Maybe with the release of this tool future versions of WP7 may have that switch exposed. I don’t know enough about WP7 but on android side-loading has nothing to do with market piracy.
I would also hope that microsoft has the same stance on WP7 customization as they do with the windows OS customization (allow people to hack it if they choose, dont actively fight it, but make it something mom and dad dont have to worry about) If they employed this stance (which was also the stance with WP6.5) they would get quite a few people over from android.
I read that there is a limitation on how many apps you can sideload with your developer account. Does this tool encounter the same limitation? That could put a damper on the homebrew scene…
It’s all fun and games to create an unlock tool and say “oh but we don’t do it for piracy”. But this is the same as thepiratebay.org yelling “Most of our users don’t use this website to download pirated software/music/videos/etc..”.
Yes, this tool only gives the ability to side-load apps, first someone has to hack a WP7 app before you can actually pirate something. But yes thepiratebay.org wouldnt be used for illegal stuff if nobody had hacked something and uploaded the torrent…
Now in all fairness, what are all homebrew/unlock tools used most for? Can somebody here say in all honesty that this is not piracy?
This leaves us with one conclusion: either the ChevronWP7 developers are extremely naive/ignorant or just total douchebags…
For the love of all that’s good and holy, THIS DOES NOT ALLOW YOU TO DO ANYTHING YOU COULDN’T ALREADY DO, a) in the emulator, developer account or no, or b) on your phone with a developer account.
IT IS NOT JAILBREAKING, IT DOES NOT REALLY ALLOW JAILBREAKING MORE THAN ALREADY COULD BE DONE. If someone HACKS a protected xap file, yes they can put it on their phone. But they already could, if they had a developer account.
very naive to think this does not support piracy. showing very strange intentions here.
McLaughlin sounds like he needs to work for Apple. Microsoft was making some headway when they reversed their position on Connect “hacking”.
You can be a good steward of technology or you can milk every penny and take the closed Apple route.
Long you have done a lot for the .Net programming communality, I personally appreciate your involvement.
The simple but ‘inconvenient truth’ about this hack -:
Without this being available only a very small percentage of the general WP7 userbase had access to sideload apps – those that had gone to considerable effort to get a marketplace account. I don’t know what actual percentage this is – but would a good guess would be that as the platform matures this would still be less than 1% of WP7 owners.
With this being available now 100% of the WP7 userbase has access to sideload apps.
It’s therefor a pretty moot point that this app ‘only allows you to do what registered developers could already do’ – because those ‘developers’ would have been such a small percentage of the market it wouldn’t have mattered if some of them were using it for piracy and not homebrew apps (and really wouldn’t have impacted anyones bottom line in a meaningful way).
Anyone who is in doubt or naive enough to believe this now won’t be used by others to enable piracy should go and visit some torrent sites – and see how these sort of hacks have enabled piracy on other platforms (like consoles as well as mobiles like iPhone). While homebrew apps are available – they are dwarfed in quantity by pirated ones.
Try telling me that Einstein was completely naive of his work potentially being used to create bombs.
Does everyone taint his memory because he was the father of nuclear warfare?
These guys are not building a piracy platform.
They are not modifying the platform in any way, just changing a setting that is built into the device.
How is this condoning or enabling piracy? It is not their responsibility for how the software is used.
Are you a developer? Are you/have you produced an app onto the store that you are currently selling?
If not, you don’t really have a place to be talking.
I, as a wp7 app developer, don’t give a damn.
PIRACY IS INEVITABLE. By the very nature of computers, there is no way to prevent piracy. Not even WoW is immune.
I’m hoping that homebrew is inevitable too, because I can make my own apps then, for my own purposes, without having to pass Microsoft’s certification.
Why is that such a crime?
Seriously – that Einstein argument is pretty ridiculous. His e=mc2 equation was hypothesized decades before the first nuclear bomb was made (1905 i think) – and while it was used twice in actual combat (the bombs dropped on japan) – it’s also been used in almost every other aspect of nuclear physics and scientific advancement including providing electricity to hundreds of millions of people, space travel etc. The ‘primary use’ of his work has not been to create nuclear bombs.
The primary and sole function of this application is to enable unsigned/uncertified apps to be deployed to a WP7 handset. There’s plenty of existing evidence to suggest that this same thing being done on other platforms has RESULTED in it’s ‘primary’ use being for piracy – NOT for homebrew applications. (are you really going to dispute this?). You’d actually be hard pressed to find people with modded consoles (ie. hacks allowing unsigned apps) which are actually running homebrew apps – the overwhelming majority are modded purely for piracy.
The authors of this hack must have been living in a cave for the past 10 years if they didn’t think this is how their hack would be used by most people. (developers are a very small percentage of the wp7 market as are people wanting to run homebrew apps).
Also – yes I am a WP7 developer – and having spent a lot of time developing paid apps I do actually give a damn.
I don’t dispute piracy is inevitable at some point – but it’s been substantially accelerated by this hack. On the consoles at least the software developers had months if not years (PS3) before people could use unsigned apps (and deterrents such as long download times and being banned from online play has some impact in curbing it). This happening within a few weeks of launch of the handset is simply not a good thing – and I don’t understand why any serious developers (who want to make a $ out of their work and aren’t just writing stuff for fun) would consider it a good thing.
‘Inevitability’ is not an excuse. ‘Fraud’, ‘Murder’, ‘Rape’ and ‘Theft’ are all inevitable in society too – but it doesn’t give anyone the right to do it.
Oops, conveniently forgot that fact, did we?
Any developer that isn’t an idiot will have ways of finding out that their app is running unsigned. Like, for example, the fact that if you are running an app unsigned, calls to ‘IsTrial’ return an exception. Mmm. Ouch.
This doesn’t allow you to just grab a xap, chuck it on and run it, because all the IsTrial calls will crash the app. If your app is tied to a webservice, you could then ban them until the have a legitimate copy etc.
Copy protection is still a form of your own responsibility.
All this means is that unsigned app usage is no longer an exclusive club. You know why I never got into iPhone development? Apart from Objective-C, it was because it was impossible to do any real testing without a developer account.
Now I have a developer account through DreamSpark, but this still would have made me much happier, because yes, I develop homebrew for myself.
I never said because it was inevitable that it was right. These guys are not pirates, so stop blaming them as such. If they wanted to pirate apps, the easiest way would be to modify the OS itself so that IsTrial always returns false.
MUCH easier than this.
Pirates are lazy, they’ll find a much more efficient way that this. So take your rage somewhere else. If your apps SERIOUSLY get pirated through this, I will be very, very very surprised. I mean, they need to get your XAP file, strip it of it’s protection, break your obfuscation (you are obfuscating, right?), and then remove all calls to IsTrial. Seriously.
If it really was that big an issue, MS would have required developers to sign their apps with a personal certificate before deploying them to the phone, like Apple do. Do they? No.
For a developer, you seem to still not be too familiar with the processes involved. Pirating one of your apps is not simple, and not to mention, they have to do it again for each update. If you take ANY measures yourself, you’ll be much safer. Stop taking it out on these guys, they’ve done nothing wrong.
By your comments – I don’t think you’ve actually done much development yet – or have a limited knowledge of obfuscation on WP7.
1. For Unsigned apps (including apps that have been recompiled from obfusicated ones) – calling isTrial does NOT crash the app. They always return false. (try it out and you will see). It works this way so developers can effectively test an app running in ‘full purchase’ mode on their handsets (see the API help topic for how this works)..
2. Obfuscation is only effective for hiding internal code calls. Calls to IsTrial (even embedded in your own obfuscated functions) is fully visible and findable because its calling an external/public API. If you don’t believe me – get an obfuscated WP7 app you’ve made with a call to IsTrial, load it up in reflector and you will be able to find all occurances of it being called very quickly. Because they are this findable/detectable – it it’s then not rocket science to recompile the obfuscated app and rewrite those few lines of code to not actually call istrial.
3. Full anti-disassemble obfuscation like what you can do on Windows platform (including turning .exes into native code etc) does not run on WP7. You can only do the very basic obfuscation techniques – which is useful for protecting your algorithms from re-use but not effective for stopping your overall app from being tampered with.
4. In terms of ‘web service’ calls. How do you actually propose this would be implemented. You aren’t actually allowed to do hardware ID fingerprinting to the device classes (if MS know you’ve done this they will reject the app) – and there’s no way to actually determine a purchase of the app beyond the IsTrial call. Similar applies to other techniques (ie. reflection etc on your assembly) – these are not allowed to be used for most apps (ie. SL) – so I’m not clear how you would actually then check for whether your app is signed etc. Even making a user perform an activation every time they run the app (or even once) due to inability to get an actual list of registered accounts/device id’s from marketplace for legitimate purchases.
Also – yes if hackers modify the O/S to change the IsTrial call – then of course all bets would be off. Replacing this DLL though would then be done through a tool like this (coupled with a ‘homebrew’ app that manipulated the file system). Without a tool like this people cannot modify the dll’s (or create similar apps which do same thing) – so again it stems back to this hack being available becomes the ‘enabler’.
Again – it’s not inconceivable that hackers will release ‘hacked’ versions of other people’s apps – and given the ease at which it could be done ‘programatically’ – it definitely not inconcievable that an ‘automated’ patch tool would be released to find the istrial calls and remove them.
Also not sure if you’re aware – but due to some very badly designed marketplace server code – anyone can actually easily download the signed XAP’s (so noone has to go to any great length to purchase an app and copy it from their device).
It sounds like you’ve looked into and quite the expert in breaking the XAP protection.
Instead of shouting your lungs out the world is about to end, have you forwarded any of these concerns to Microsoft who might be able to fix it?
Yes I’ve had experience in copy protection on Windows Apps and Silverlight – which I’ve effectively implemented on my other products. However I’ve racked my brain looking for an effective counter measure for WP7 apps and so far am coming up blank – as everything I can think of is prevented by certification rules (some of those trains of thought are mentioned above). This is why I’m so concerned about this.
Do you have an email address of someone at Microsoft who would actually respond to these concerns? If you’ve had any experience with dealing with Marketplace or WP7 team you’ll know that it’s pretty near impossible to contact them and get any response on anything at all.
My past experience also tells me that Microsoft generally develop their updates well in advance of release (they likely already have the next two major updates locked down) – and it would take a considerable amount of time to get anything changed.
Yes, you should ping Brandon Watson. He’s on twitter @brandonwatson and his email is brwatson(at)microsoft.com
See, even if I got the IsTrial bit wrong (and I did read that somewhere!), I still lost you where you said ‘delivered by a tool like this’. That is completely and utterly wrong, and an ‘expert’ like you should realise that: this doesn’t allow native code, which is a requirement.
Anyway, Microsoft aren’t idiots. They’ll be able to track people who do this. So calm down, stop yelling at these people, because if you’re really that annoyed and concerned, you’re talking to the wrong people.
Nothing you’re saying is going to stop them, or anyone from downloading this tool.
BTW, I still haven’t gotten any reply on the number limitation yet. Niall, that might ease your worries a bit if it still holds – pirates would have to pick and choose:
”
A limit on the number of side loaded applications that may concurrently be installed on the phone will be enforced. The default limit will be 10 applications. Attempts to side load more than 10 applications will result in an error. This limit does not affect applications installed via Windows Phone® Marketplace.
”
I will admit that I haven’t made a paid app yet, and don’t have a real device to test it on, but I know enough to know that you’re overreacting a bit.
Talk to someone who can make a difference. You’re not making a difference here.
nope you got that wrong again… if you don’t understand how updating native code can be done then I’m not going to bother explaining it to you. After all I’m not here to write a ‘how to’ manual for would be hacks.
In regards to both of you (@long as well) – claiming I’m screaming my lungs out – blah blah blah..
Let’s not forget – @long (and other @chevron guys) have now posted 2 blog entries trying to justify their actions in releasing this tool – and both these entries try to proport claims about it not enabling or encouraging piracy. Then similar amounts of comments on twitter (and no doubt elsewhere) where they also try to justify their actions.
AND THEN there’s comment threads like these where users come in make the same supporting BS coments further trying to justify this tool’s existence (like your ‘einstein’ reference – or the ‘only does what developers can already do’ – or ‘i just want it to run homebrew apps’ )…
So then when I present an opposing view to this – and comment on a discussion and debate WELL AND TRUELY IN PROGRESS… I’m then told I’m ‘screaming my lungs out’…
If the authors can’t handle this sort of interaction then they simply shouldn’t write a blog entry (which is a 2 way conversation) – and instead publish a read only ‘paper’ (and not provide any mechanism for feedback) – or maybe they should just hold a ‘pep rally’ or ticker tape parade.
So what is really being said by you + @long is – please feel free to post your comments “as long as they completely support our point of view”.
You are right about one point though :-
The authors of this app simply don’t give a toss about the ramifications of what they are doing – and my comments obviously aren’t going to change that. (despite me making a bunch of irrefutable points that neither you nor long have any valid response to), Their need to have 5 seconds of fame are obviously far more important than the efforts of any legitimate developers wanting to protect their applications from piracy. And of course according to them – anyone who doesn’t agree with THEIR ACTIONS should ‘complain to microsoft’ or ‘stop screaming their lungs out’…
obviously people like you who ‘havent actually written a real app yet’ or just ‘wrote some stupid app for fun’ are not going to oppose these tools… nothing to lose for you of course..
so anyhow – i’ve said my piece – and this is where I sign out.. (and you can all go back to applauding the authors of this tool, showering praise on them and coming up with even more stupid points to justify their actions).
However – I’ll be sure to drop back in and say ‘i told you so’ when the WP7 apps start appearing on torrent (to join the hundreds of iphone, psp, symbian and android apps already there). I’ve no doubt these apps will all carry the same steps for deployment (step 1. install chevron)..
You raise much better (ie- remotely relevant) points than most other doomsayers.
For me at least, even if this becomes a launching platform for other cracking techniques ultimately leading to piracy, I don’t care. If they didn’t unreasonably restrict you from running your own software on your own phone, this wouldn’t be needed. The PS3 is a perfect example of getting what you deserve for being a tight-arse. The PS3 went for years being viewed as virtually unhackable and with zero piracy. Then they decided to lock out the “OtherOS” feature which was the catalyst for really unlocking the system in order to achieve lesser goals.
If you view ChevronWP7 as a catalyst for piracy, then it’s equally reasonable to claim restricting the functionality it unlocks in the first place is also a catalyst for encouraging piracy.
I hope WP7 is cracked wide open mostly for the ability to deploy software locally without the marketplace (now accomplished), simplified file storage without all the Zune bullshit, and the ability to change annoyingly mandated things like using Bing search or a fixed list of ringtones. If, in the course of providing these things, it makes piracy possible… I really don’t care.
@Niall: RE: Screaming your lungs out – I was trying to acknowledge I hear you about your concerns about piracy and recommended you to direct you to some people at Microsoft who can actually take action on your concerns.
I don’t believe anyone is preventing opposing views. Everyone is entitled to their own views and opinions and people have shared theirs on many mediums about ChevronWP7. I’ve tried to respond to as many people as possible who I believe may have misunderstood the purpose and functionality of ChevronWP7 to make sure they’re basing their opinions on facts.
RE: Piracy – Like we have stated very obviously, we understand developers’ concerns about piracy and are concerned ourselves, but I believe instead of debating about it over ChevronWP7, the effort should be directed at Microsoft who has the best chance and opportunity to fix any potential piracy problems.
We support stronger anti-piracy mechanisms because sideloading/unlocking and piracy is mutually exclusive, or otherwise it would not be a feature of all Windows Phone 7s to begin with.
I apologize if you felt offended in any way but all we’re trying to do is address everyone’s concerned because no one has to lose in this scenario.
I just checked out that blog. Kinda sounds like just a hater who’s ass is a little sore. I wouldn’t be surprised if he was also just working on a unlocker and u guys beat him to it LOL.
Thank you ernesto and Long Zheng. Now can we put this out to pasture and get back to the important stuff — helping me install this thing? “Uh-oh” errors are getting old FAST.
Didn’t unlock my HTC Trophy! What am I doing wrong????
As a developer I’m glad for applications like this, they make the job of writing legitimate, honest software that little bit easier. As for the question of security threats and malicious intent….um…maybe read the next chapter of your “dummies”guide. Thanks guys.
Dude just bitched and whined about it for the blog hits. Take down the link to his blog 🙂 I’m a developer and I find Chevron awesome – this guy is obviously developing software for the wrong reasons if all he cares about is making a buck.
I’ll never buy a windows 7 phone untill I can load all the unsigned, unauthorized (by microsoft) apps I want. It’s MY phone and I want to customize the way I see fit!
I’m NOT a pirate and disapprove completely, however, I don’t believe microsoft or anyone should be allowed to tell me what I can run on MY phone once I puchase it. If they want to retain control, rent phones don’t sell them.
Without something like this, there would never be a console emulator on WP7. I won’t buy a WP7 device until I’m able to run a PSX emulator so the only way Microsoft is going to get my money for a WP7 phone is if I can sideload apps. If Microsoft opened it up whether natively or through a tool like Chevron WP7, they’d certainly sell a lot more WP7 devices to many users of WM and Android like myself. How is that not a win for Microsoft? I get that we’re not their target market now, but we are a large portion of the market. How could more sales hurt?
Nice work on this tool. Looking forward to an app that allows me to share my Win7 Phone data connection with another device.