A post over on the XDA-Developers forum claims that the user has discovered a massive flaw in the Windows Phone 7 marketplace that allows anyone to download the entire Windows Phone 7 marketplace in XAP form, and install these on your phone using a series of hacks. While the read is interesting, the poster also claims that the protected applications in the marketplace should be able to be unlocked.
The process of the "hack" is outlined as:
- Downloading the entire marketplace using a C# code snippet that was provided
- Circumventing the maximum application sideload limit, which was originally outlined on WithinWindows
- Enabling deployment of the disabled XAP files by deleting a file header inside the XAP "Zip" itself
- Activating the disabled marketplace XAP by replacing an entry assemly (the example used an open source app which had the debug assembly freely available
- Removing the XAP"s security signatures
- Replacing the marketplace published entry assembly with a facade debug assembly
The poster requests that users on the forums create a torrent of the entire marketplace worth of XAP files, and make this available so people can begin hacking, as well as asking for help to create tools to remove the header files, and replacing the entry assembly.
While this is a long winded process, it seems to work for applications which have freely available code online, but the technique requires a large amount of work before it will be able to be used on any actual commercial applications. To complete this process, the "hacker" had to have code available to him to be able to circumvent the locks, and otherwise would not have been able to perform the process. On top of this, the user must have a copy of Visual Studio 2010, and an unlocked Windows Phone device.
Developers can sleep safe knowing that right now, these tasks have not been completed, and piracy is harder right now on Windows Phone 7 than any other mobile platform. Sure, the XAP files can be downloaded, but are disabled until parts of the code is publically made available.
Update: The original post was removed from Xda-Developers, with moderators saying that the forum does not condone piracy.