Here we go again. A couple of days before the Windows Marketplace for Mobile officially launched in October, XDA Developers member Chainfire published his workaround to Microsoft's minimal security measures. When you load an app from the Marketplace, it's done transparent to the user, with no CAB file left behind.

Fast forward to today, and Chainfire's let us know that he's bypassed Microsoft new "advanced" security, which was rolled-out along with Web access to the Marketplace. New is the use of license keys that can be baked into apps. These keys are controlled by Microsoft, not the developer. Says Chainfire:

This new "advanced" protection was released today by Microsoft, and as far as I know no app available already uses it at the time of this writing.

So I got the code snippets you are supposed to put in your app and it was simply jawdroppingly WTF. While it was not exactly easy to beat, it took me less than two hours to devise a "generic" hack, without modifying any files on the device. (Well hey, at least it's better than the 5 minutes it took for the "basic" protection, right?)

A "generic" hack? Yes, by this I mean that this single hack (actually, running an EXE in the background) will completely bypass the entire code snippet provided by Microsoft that is supposed to check and validate your license code, for all Marketplace apps that use this "advanced" protection.

Indeed, that's no good. But Chainfire says he's no Robin Hood, stealing from the rich and giving to the rest of us.

I will not publish the code that performs this hack, so don't ask. My goal is not to crack Marketplace apps, my goal is to get MS off their ass and allow us to use our own licensing systems, like the good little resellers they're supposed to be. I will tell you that it has to do with runtime patching the crypto API, but that's it. All in all, I don't think it will take long for the warez people to duplicate this hack.

Follow along in the XDA thread, and let's hope, for developers' sake, that things get worked out.

Thanks, Chainfire!

(Ed Note: Malatesta, who has used IE6 on the Sprint Treo Pro, chimes in with his thoughts on the recent question of what it means that it comes on the CDMA Treo Pro on WM 6.1 but no upgrade path will be available for others.  I have just received a review unit of the Sprint Treo Pro which may include some improvements over the original ROM - stay tuned for that. In the meantime, Mal tells us "what we need to know" and it's not what you might expect. --Dieter)

Microsoft has revealed details on the much-hyped Internet Explorer Mobile 6 (IEM6), which is also making its official debut within the next 2 weeks with the Sprint Treo Pro (no word on Alltel’s version).

To recap what we know and has happened so far with IE6, lets go down memory lane:

• March/April ’08: Adobe licenses Flash Lite to MS for future version of IEM; Announced at CTIA
• Nov. ’08: WMExperts gets screenshots of IEM6 on Treo Pro; Microsoft announces (again) IEM6 at Tech•Ed EMEA
• Dec. ’08: IEM6 gets cooked into ROMs
• Feb. ’09: An even newer version of IEM6 for WM6.5 is demoed at MWC; leaked a few days later
• March ’09: Sprint Treo Pro to be first official device with IEM6

Yes folks, that was one year in the making for what is arguable a very marginal update. Now in fairness to Microsoft, there are actually a ton of changes to the internal code of IEM6. But for the end-user, it remains to be seen if these changes are significant.

Read on to catch up on Microsoft's latest browser and our hands-on opinion!

Read the rest of this entry »