A fourm poster has discovered a massive flaw in the Windows Phone 7 Marketplace that allows anyone to download the entire WinP7 marketplace in XAP form, and install these on your phone using a series of hacks. The poster also claims that the protected applications in the marketplace should be able to be unlocked.
Here’s the process:
- Downloading the entire marketplace using a C# code snippet
- Circumventing the maximum application sideload limit
- Enabling deployment of the disabled XAP files by deleting a file header inside the XAP “Zip” itself
- Activating disabled marketplace XAP by replacing an entry assemly (the example used an open source app which had the debug assembly freely available
- Remove XAP’s security signatures
- Replace marketplace published entry assembly with a facade debug assembly
To complete this process, the “hacker” had to have app source code available to him to be able to circumvent the locks, otherwise it wouldn’t be able to perform the process. On top of this, the user must have a copy of Visual Studio 2010, and an unlocked Windows Phone device.