Filed under: Analysis / Opinion, iPhone, App Store, Jailbreak/pwnage
Crackulous is released, chaos imminent
iPhone developers who already have to fight for app approval, exposure and marketing techniques now have a new hurdle to overcome: instantaneous app-cracking. Although cracking iPhone applications for use on a jailbroken iPhone or iPod touch is not new, the method has never been so easy or so accessible.
Crackulous, an application developed on the Hackulous forums (Hackulous is a community dedicated to cracking iPhone apps; back in my day we called these warez boards), makes it possible to "crack" any purchased App Store application. That app can then be transferred for use on other devices.
Although the larger discussion of intellectual property, DRM, peer-to-peer transfers and what constitutes "piracy" is filled with large gray areas, Crackulous strikes me as about as black and white as you can get. Any way you slice it, this is piracy. This isn't about fighting DRM or fighting what some see as a draconian application platform, this is theft.
While pirated applications are hardly a new phenomenon, we still have relatively unsullied ground in the world of mobile applications. The Symbian platform appears to have a warez community, but BlackBerry, Windows Mobile and Android (though Android is currently not selling any pay apps at this time) are relatively piracy free.
What makes App Store piracy different from other types of software piracy (mobile or otherwise) is that developers don't have the opportunity to strengthen or change the protection scheme that ties an application to a user account. Because all applications must go through Apple in order to reach the App Store (which is equally controlled by Apple), developers can't fight back, they can only wait for Apple to try to strengthen the protection scheme or introduce other counter-piracy measures.
What are developers supposed to do, other than lobby Apple to make changes to make this sort of decryption more complex? Because devices must be jailbroken in order to run cracked applications, an obvious answer could be for Apple to try to make devices more difficult to jailbreak.
To be clear, jailbreaking does not equal piracy, but to deny that there are many users who jailbreak for the sole purpose of running cracked applications is just naive. By taking potential sales away from the App Store, Crackulous takes potential money away from Apple. Apple will respond. How successful the cat and mouse game will ultimately be, only time will tell, but Apple will respond.
The defenders of applications like Crackulous say that if Apple offered a trial period on apps, this wouldn't be necessary. Perhaps. But I think it is far more likely that developments like this will only make trial periods less and less likely.
Think about it: Right now the only way to crack an application is to buy it. What happens when you can download apps for a "trial" without paying anything? Not even the initial purchase has to be made before the application is cracked and ready to be downloaded by the masses.
I agree that Apple needs to develop a better way for users to either try apps, or conversely, have the ability to request a refund for apps that don't work as promised, but cracking the apps hardly seems to be the solution. All applications like Crackulous really seem to do is undermine the legitimate uses for jailbreaking that may exist, and encourage Apple to make its process more closed, rather than more open.
[Editor's Note: This is a thorny issue on a lot of levels and we know reader response will be passionate in both directions. While we're open to discussing the issue of piracy, ethics and jailbreaking in the comments, please know that any comments containing torrent links to warez or direct downloads for cracked apps will be removed. Repeated infractions will force us to block the offending users and/or close comments to the post.]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 5 of 7)
Michael Rose said 9:08PM on 2-02-2009
Hi Raphael,
We appreciate your insight and your feedback. Up until now, posting on TUAW about the app cracking scene would have done exactly what the earlier commenters feared: brought undue publicity to it, although perhaps it would have put pressure on Apple to address the issues more quickly.
Like I said, once Engadget and Wired have published it, it's pretty much game over.
RG said 2:33AM on 2-03-2009
Your six year old has a phone?
Dagor said 9:13PM on 2-02-2009
That guy who claims to be the real asshole developer blah blah registered his domain pretty recently:
Domain Name: CRACKULOUS.NET
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.REGISTRAR-SERVERS.COM
Name Server: DNS2.REGISTRAR-SERVERS.COM
Name Server: DNS3.REGISTRAR-SERVERS.COM
Status: clientTransferProhibited
Updated Date: 01-feb-2009
Creation Date: 01-feb-2009
Expiration Date: 01-feb-2010
So I would conclude he's just bored and wants to piss some people of - or scam like Jody. But however the gizmodo article is hilarious.
Reply
Chase said 10:17PM on 2-02-2009
I am not going to lie. I had jailbroken my iPhone 2g to test out SimCity for iPhone. But after 5 minutes of playing it. I purchased it on my iPhone 3g. I also tested out Tweetie, and then bought it as well. So I don't feel like a dirty pirate. I don't have my 3g jailbroken. Because I would rather it be a virgin.
Reply
tpfilm said 9:56PM on 2-02-2009
So if all the other Mac info sites published a how-to on assassination using nothing but the heat generated from a MacBook Pro you would publish the story too? If they reported how to produce counterfeit US currency with a Mac Mini and a Canon Photo Printer you would publish it?
An application developed exclusively for the purpose of breaking the security of another program with the sole purpose of distributing the hacked program for free is the same as printing counterfeit money and buying something with it. It is wrong and giving it publicity is wrong, too.
Napster was not a really big thing until technology types started reporting about it. When Metallica and the labels made a point of filing lawsuits, joe public was interested and found out how easy it was to download free music off the internet. Which it is still easy to do today.
"He who is without sin, cast the first stone." I will admit my iTunes library is not full of music I bought from iTunes. But my iPhone is straight-up Apple and my apps are all paid for or free.
Reply
Kovah said 6:00AM on 2-07-2009
@tpfilm Oh shut up. Bringing this to the attention to the masses will do two things. For one it will make more people aware of the application, and why it's bad. And two, if Napster is anything to look at, it will create such a shit storm for the developers of said application that they have no choice but to pull their app, stop development or face a law suit or even jail time.
So please, as I said to begin with, shut up about your "hypothetical" bullshit and scare tactics.
Derek said 10:25PM on 2-02-2009
This has been out for a while now. This is the new version. I used this app before and ended up buying 5 games that I really likeed. I think I tried about 50 apps before I found those. It's a really good way to screen is something is worth 5$.
Reply
Dagor said 10:33PM on 2-02-2009
Dude that is b******it.
In order to use this app you have to buy them first.
Andrew Theken said 10:25PM on 2-02-2009
I am a developer, but that is beside the point..
If you're using this app, you're not just stealing from Apple, you're stealing (for the most part) from small shops where this is a big chunk of their livelihood. Something I have noticed since switching to Mac 6 years ago, there are tons of free, cheap apps that can solve your problem. There are also some slightly more expensive apps that are worth every penny. (OmniGroup.com & Panic.com, I am talking about your products). This is also entirely true for iPhone apps.
My single complaint is that there should be a 2-3 day grace period in which you can evaluate and dump an app if it isn't working for you.
If you think it's worth cracking, it's worth buying. High quality software doesn't get written without a huge investment of at least time and in many cases money.
(I'm also a huge F/OSS advocate, but even that isn't written without cost, so don't go there).
The developer of this app should be shunned from the community.
Reply
Jeremy said 10:39PM on 2-02-2009
So what we need now is for someone to figure out how an app can detect whether it is running legitimately or cracked. If you're running cracked on a jailbroken phone, then you have write access to the filesystem and you can just trash the entire device, right?
Reply
dan said 10:58PM on 2-02-2009
Are you saying that apple should screw with people's iphones if they have cracked apps on them? if so, that is just sad. you dont trash a $300 product just because someone didnt pay $.99 for a stupid fart app
dowens said 11:17PM on 2-02-2009
I wouldn't see anything wrong with apple making you reformat your iPhone, if there was a stolen app on it.
Also while my phone is no longer jail broken, I hope this doesn't lead to the end of jail-breaking altogether. I do believe there are legitimate uses, including providing an alternative software channel for denied applications.
Kai Cherry said 12:20AM on 2-03-2009
You don't see a problem with Apple destroying property that isn't theirs, to enforce a copyright violation on software that apple only has distribution rights to?
Excuse my language..but are you fucking stupid?
Sorry. I could not think of a "nice" way to phrase that question.
This notion of "security via obscurity" that many of you seem to be floating, that it is somehow the fault of "the press" or "publicity" if the App Store fails in some way due to this is patently absurd.
The thought that jailbreaking is a cause, in any way, for this foolishness is pure fallacy.
Now, I put on my developer hat:
I'm very, very happy that so many people here feel that Crackulous is "evil".
I think you are wrong, but I'm glad to see that you feel this way :)
To the person that asked if there was a way developers could do something to protect themselves, the answer, in a word, thanks to Precious All-Knowing Most Beneficent Apple, is effectively...
"No."
You see, since developers do not have a direct relationship with the delivery, or even packaging of the product, the many schemes that could be put into place to make a "EZ-Krak'd™" app fail are not available to us to use should Apple's Cracker Jack methodologies fail.
Apple's DRM scheme for the App Store is in place to *serve Apple*. The APP STORE Model exists to *serve Apple*. The revenue model exists to *serve APPLE*...and believe you me, if there were something as simple as a competent web browser that let you download and install apps via the web from Macupdate, Versiontracker or whatever, this would be a whole other discussion.
So let's see: The App Store Model *hasn't* got us "high quality apps"...hasn't prevented exploits or "malware"...doesn't protect developer's...it doesn't even make it easy to find what freakin' apps are newly released on any given day in a section called, oh I don't know, "New Releases"...
If anything, Crackulous is throwing YET ANOTHER FAILURE of the App Store into sharp relief, and quite frankly, (sorry guys...you KNOW deep down I *really love you*) if TUAW and Friends had any BALLS or REAL Journalism going on, they'd have reported this on Day Zero, did an in-depth analysis of HOW AND WHY this simple, simple app is so devastating (yes...it is due to a failing in the system from Apple) and asked Apple for official comment about their PISS POOR response to the root cause...and developer feedback in general...you know, treating them like a Multi-Billion Dollar Multinational Corporation instead of "Unka' Jim's General Store" then we'd have something here to talk about.
Anyone who has used a Mac for any decent amount of time knows all about the software swappin' circles in our world...even if they don't talk about them.
Why in the world we are up in arms about this one is a little suspect, but what is MORE suspect is the irresponsible...dare I say it..."fanboy" response instead of dangling Apple's sack over the coals and asking "WHAT THE HELL, GUYS?" we are weeping for them?!?!
Instead of asking what Apple is going to do to help out their own ecosystem and address some of the root causes that pretty much accelerated this crap we feel sorry FOR THE APP STORE...with a side nod to the devs who are being reamed here with no tools or access to protect themselves?
Crackulous was created to serve a purpose; it was created to allow someone to buy an app, strip the leaky, sales-generating (for Apple...remember, they get their cut off the top and get to make interest on everyone's revenues before devs get their cut...such...altruism...such philanthropy. Sounds like those RIAA bastards that we all seem to love sooooooooo much, huh?) "DRM" off of apps (which gasp! work the same way for every app to the degree that you can script the process. *Brilliant* job, guys!) and distribute them over the web.
There will always be people that want a...product...such as this. They are part of the cost of doing business.
I just don't think Apple should be fueling the "reasoning" behind it by having a crap "store" that is constantly being "gamed"...questionable publishing guidelines with varied degrees of "arbitrary" and "wtf?" and worse...not responding to CUSTOMER or DEVELOPER feedback.
Ok that last one was unfair. You can choose to give away 50 copies of your app for "promotions"...not that this was super high on anyone's list of "gotta have it!"
Hrmph.
-K
Rick said 12:21AM on 2-03-2009
I'm an independent iPhone app developer. A couple of my apps do several checks and simply fail to run properly when determined to be cracked. I also have free Lite versions of these same apps. There is no excuse for anyone to steal my paid apps when anyone can try the free version first.
I have no issues with jailbreaking in general. Just don't steal my apps. I've already put in way more hours than I'm getting back in sales.
Kai Cherry said 12:31AM on 2-03-2009
@Rick...
Really now? Well now that the rest of us have crackulous that couldn't get our hands on X-Crack, we can see how this thing works and see if we can find a way to deal with it.
Since what you send Apple isn't what they ship, I am kinda curious about how you worked that out within the constraints. I've had an idea or two for a couple of schemes that *might* be resistant to this but haven't been able to really test them in the wild.
Got a white paper on this? :)
-K
Rick said 12:50AM on 2-03-2009
@Kai
I don't wish to give specific details because I'm worried it will lead to my methods being worked around. But I based my work off of information I found here:
http://thwart-ipa-cracks.blogspot.com/2008/11/detection.html
Kai Cherry said 1:14AM on 2-03-2009
@Rick:
Heheheheheh...thanks for the link. This gives me a good indication that what I was thinking would work, due to an(other) idiot hole in the system, a bit of trickery and a sprinkling of the info in that post.
Thanks again, going to do something with this now.
-K
BOK said 12:18AM on 2-03-2009
I find it thoroughly amazing that all you bloggers are tripping over each other to publicize this piece of crap first. Why? So you can get on a high horse and condemn the product you just introduced to untold numbers of readers? What a joke.
May every iPhone developer who reads this install Adblock tonight and configure it as need to block every ad on this and other guilty sites. If you're going to help them lose money, despite your hilarious pretense to the contrary, let them and anyone else return the favor.
Reply
Kai Cherry said 12:27AM on 2-03-2009
Hey BOK...
Does this extend to Apple, an their irresponsibility, too?
-K
BOK said 12:36AM on 2-03-2009
Certainly... but Apple's inability to take care of its App store developers is an issue that's been burning since the App store opened. And that's a dialogue that could have been opened any day before today, when seemingly every other blog decided to start their diatribe with an accidental commercial for Crackulous' groundbreaking ease of use and convenience (TM). You can dress up the discussion any way you want, but you can't possibly tell me that there aren't scores of people using that program right now as a direct result of blogs giving it the face time it does not deserve.
Acting self-righteous about it, and using the "hey, everyone else is talking it, it ain't going away" defense is embarrassing. If everyone else is having the exact same discussion, do your job as faux-journalists and find a better story.