Windows Phone Xap File Decompiler

Posted on  by admin
Windows Phone Xap File Decompiler 6,2/10 3404 reviews
  1. Windows Phone Xap File Decompiler Download
  2. Windows Phone Xap Download

A .NET decompiler with support for XAP applications.Allows hackers developers to decompile assemblies and resources in a code editor, make changes and compile the code back to the assembly.

DOWNLOAD v 0.0.3

Is there some smart piece of software out there that can essentially take an android apk file, extract the contents and auto assign the files in order to easily convert the app (with minimal work) to a windows phone app (xap/appx)? With news at the latest Build event of easy cross platform developing maybe this is almost possible now?

(old build, breaks more than usual)

Features

  • Decompile .NET assemblies to C# and allow editing/compiling the high-level code back to CIL
  • Edit CIL instructions in method bodies
  • Modify assembly structure
  • Edit and extract assembly resources
  • Edit the contents of a XAP by adding, removing or swapping files, or using internal editors for certain resource types.
  • Integrated editors for text, hex, manifest, resource, XML and XAML.
  • XAP package manager (compatible with Windows Phone and Silverlight applications) allowing to view and extract XAP contents.
  • Does laundry, has mastered Italian cuisine, cleans and makes mind-blowjobs when asked kindly and treated right.

Sorry, what?

I have plans to add a few more features and make a complete update for Windows (Phone) 10.

Since this software is not yet stable I'd like to mention Reflector as an alternative, but I think it's way too overpriced and I don't find it especially user-friendly as well.

.NET Rain is donateware. Its development pretty much depends on your feedback and support.

DLL Deep Throat

The program tries to locate referenced assemblies but so far it does a very poor job and in many cases you'll have to manually point them. Sorry, it's open source :)

Usually you are shown the 'open file' dialog after opening a DLL. In the filter box you can see a file name (SomeAssembly.dll).This is an assembly that has been referenced in the DLL you are trying to decompile but cannot be found in the same folder as the DLL, in the XAP package or in the GAC. You have to show the program where the file is located, so it can be loaded and decompiled as well.

For Windows Phone 7.5 the path for most assemblies looks like C:Program Files[ (x86)]Reference AssembliesMicrosoftFrameworkSilverlightv4.0ProfileWindowsPhone71.

Some Links

Contributing

Obviously, the project is open-source. Once the world is mine I shall build monuments for those who decide to take a part in building the project. Contact me for anything you can help with.

Some of your skills that could be useful may be:

  • Blogging: You can write down the results of your testing, your ideas and stuff about the project the way you see it.
  • UI/UX design: You don't have to bother with WPF implementation. Photoshop designs are good enough.
  • C#/WPF programming: You can contribute to the code quality and all user-related features of the application.
  • C# Reflection mastery: The 'core' is in a very alpha state and is full of bugs. The are many planned new features, too.
  • Donations: They will be wisely spent.
  • Crowd-funding experience: You can help with raising money to pay for community-hired professionals to write code that will later remain open-source.
  • Virgin goat blood: For recreational uses.

Roadmap

Cumming soon (1).

(1) If you related this bad joke to yourself even for a moment you should consider there may be serious underlying conditions causing premature ejaculation. Only you can take care of yourself because generally nobody really cares.

Screenshits

Join the DZone community and get the full member experience.

Join For FreeWindows Phone Xap File Decompiler

I have been playing with the Windows Phone 7 SDK for a while now, however I have been lucky to still have a day-job while doing my tinkering and therefore haven’t sourced my main income from sales in the WP7 marketplace. There are others who don’t have the same luxury as me and have bet a considerable amount of their time on the platform to date. Whether these developers are aware of it or not they are fighting a silent battle that I want to bring more awareness to – a problem that every smart phone ecosystem has faced to date: Piracy.

This problem is a worry as it affects Windows Phone devices more than some other platforms as we write our applications in languages that can easily be decompiled: get an app’s binaries, and you have mapped the apps very genome, its source code. A problem which once done is out there forever – if people get your app’s code or resources now, the game is up even if Microsoft releases a fix in the future. Hopefully by raising more awareness of this, together we can challenge Microsoft to put more effort into this area moving forward.

NOTE:
I need to be really clear before I start. This post does not promote piracy on the Windows Phone 7 platform. I personally develop apps for Windows Phone 7 and have a vested interest in the platform’s success. Hiding facts that are publically available does not increase this behaviour but it definitely brings it out of the shadows for all to see (and implement change).

WhatI am trying to do is bring up a topic that is not a new one for Windows Phone but appears to have been un-addressed by Microsoft since2010. This issue can’t go away until more effort is made in this area or the problem will only get worse as time goes on.

On a side note, I also tried to contact a number of people at Microsoft to get their view before posting this post however, after a week or trying, I am yet to hear from anyone.


What this post will cover:

  • Piracy on Windows Phone 7: It exists, and more attention needs to be given to it.
  • How to pirate a Windows Phone 7 app.
  • A closer look at how the piracy app I'm using works.
  • What can you as a developer do about this problem on your apps.


Piracy on Windows Phone 7

All of the smartphone “walled gardens” share one thing: Piracy. Apple being the leader in this space with the iOS platform and knows this better than any of us; People have been pirating iPhone games for years with some stats showing that for every app sold 10 more are pirated on the IOS platform.

Windows Phone Xap File Decompiler Download

Windows phone 7 has been no different, with WP Central reporting that piracy was easily achievable way back in 2010. There have been many such reports since then. There is still little or no blocks in someone’s way from firstly side loading apps easily onto devices (be they pirated or not) or more worryingly simply sniffing the Zune traffic and then downloading the XAP directly from Microsoft. It’s now nearly 2 years since this news first came to light and little appears to have changed; there are still apps out there that enable these same hacks to be conducted easily by the everyday lay person.

My large concern about this is the double whammy that is Piracy on WP7 - iOS apps are built in objective-c, which while not making iOS apps immune to decompilation; it does make the act of decompiling a lot more challenging for any would be pirates.

Windows Phone 7 apps don’t have anywhere near this level of complexity when it comes to decompiling the source code and assets that a game or app is made with. We build our apps using the .Net framework in any of its supported languages, which in turn gets compiled into an intermediate language (MSIL) that by its very nature is powerful because it’s not low level.

As I'm sure you are all aware, If you get a .Net framework assembly (.dll) and arm yourself with on of the multitudeofdecompilers on the open web, you very soon have a readable copy of a binary’s source code.

If you are a Windows Phone 7 developer this is all a little unnerving when you consider how much time and effort you’ve poured into your app.

Taking a closer look at the facts:

  1. Device owners can easily unlock their phones for side loading fun both legally and using hacks (even if semi legitimately done with something like ChevronWP7).
  2. Getting an unadulterated copy of an application or game’s XAP file is trivial (more on this in a sec).
  3. Once anyone has the XAP for your app, they can then easily grab your source code and resources, further allowing them to do what they want with it. Side load it for free, or extract your app’s resources for nefarious purposes.


My concern grows when I consider that in the last year there have been instances where pirates have downloaded an app’s XAP from the Windows Phone 7 marketplace, created a developer account and submitted the same app themselves (with Microsoft approving it). There has also been a case where pirates have downloaded an App, copied its contents and created a competing app with the original developers resources (in this case their Yoga video content, created by their wife…).

There is little we can do about the first or third step mentioned above, but I think Microsoft can do more about the second item – the ease of getting an apps package.

Is this really a problem?

Over the last few days I have been touching base with a few people in the community about this. Many have said similar things: prove this is a problem, and we’ll give it more thought.

One comment from Justin Angel (a Nokia principal engineer on WP7) said this:

While I must apologise before I go on in reply to Justin’s comment, as I’m not beating up on him personally, the view he mentions on piracy as “Prove it’s a problem” for a relatively new platform like Windows Phone is dead wrong.

If as developers we pour part of our lives into creating apps for a smart phone platform, we are often choosing to do so over another. If there is a feeling that the creators of your chosen platform care little for the security of your intellectual property, that’s a pretty good reason to not bother with it. This is especially the case with Windows Phone where it is so easy to reverse engineer an app to retrieve the app’s IP.

Justin’s stance does nothing to support the developers choice for Windows Phone 7 or allay any fears of current developers on the platform.

If I can download my app’s XAP and open it as a zip file this is what I see:

if I then decompile one of these binaries this is what I see… real code (if you haven’t obfuscated your apps code):

This means that anyone getting my app potentially has my IP – whether the numbers of piracy are high today or not, this is a problem.

What the bad guys keep on the down low

If you do a Google search looking for Windows Phone 7 pirating, you’ll soon come across a few Windows desktop apps floating around that make the act trivial. I will not name them or link to them, but I will walk you through using one of them to download my personally developed Google Analytics app InTheKnow.

I have downloaded an app I found that touts itself as being a one stop shop for Windows Phone 7 pirating. It downloads, removes security and side loads all in one.

I have blocked out any branding from the screenshot below to make it harder for budding pirates reading this post to find it, but you can see from its interface that when I search for my app that it offers a similar experience to that of the Zune Marketplace client (I can only assume it uses the same web service endpoints).

Once I’ve search for my app and found the version that I want, a simple double-click is all that is needed to download it.

I decided at this point to do a little digging to see what the creators of this app were doing that was magical enough to get around my perception of the security Microsoft would have put in place for the marketplace.

Taking a look at this user journey using Fiddler, I became quite concerned.

None of the traffic coming or going was over HTTPS, and none of it consisted of anything but plain vanilla Http GET calls.

The app queries the Zune store using a search URL, which in turn returns a GUID along with all the store details for an app.

It then queries another URL using the returned app GUID, which returns XML containing the download URL for the app’s package.

If you copy and paste this last raw URL into a freshly started web browser (i.e. no session, no special headers), this downloads without hesitation. Ram booster free download apk. It’s just a plain old URL – you could email it or share it just the same.

The XAP you download only has one protection to it – an XML file that contains a signing signature. Something that you can find an easy way around with the help of another Google search – hell, the marketplace piracy tool I was using to write this post even would patch this for you upon download! How convenient…! *sarcasm*

Again to reiterate, all of the simple things Microsoft could have done:

No authentication occurs.

SSL is not used.

No special headers or HTTP tricks are used.

And that was that. I now had the XAP file for my app, without paying. And as only a cursory Google search will tell you, XAP’s aren’t hard to get the contents of – they are just zip files.

But you have to put it on your phone still, right?

At this point regardless of the fact that I now have the binaries and resources for my app (i.e everything there is to my app), if I was to side load this app on my phone I’d still need to have a developer registered phone, so that’s a hurdle right?

Wrong – the application I was using kindly came with a XAP uploader as well that works with non-developer unlocked devices. Two more clicks and I was done.

This sucks! What do I do to protect my apps

So Microsoft might not have the answers yet to the piracy problem, but there are things you can do to attempt to minimise the damage.

Obfuscate your code

Microsoft has teamed up with PreEmptive Solutions to package the Community Edition of their code obfuscation tool “DotFuscator” with Visual Studio. Pre-emptive has also released a full blown Windows Phone Version that is also free and can be downloaded from here that includes support for Silverlight XAML obfuscation as well.

These tools obfuscate the code in your binaries, so that once the bad guys get your XAP file they will find it harder to understand any code they decompile – any resources such as videos or images will still remain free to copy or edit though so keep this in mind.

It is worth noting that some obfuscation tools often can and do slow your app down.

Example of your code before Obfuscation:

Example of your code after using Dotfuscator:

My advice: Obfuscate every app you submit to the marketplace.

Code checks

Some developers are using code that looks for the presence of DRM files in the app’s directory and if missing, launches the marketplace to purchase.

You could consider the implementation of these techniques, but be warned: This can be touch and go as you risk making your application non-functional if Microsoft changes their DRM functionality or something out of the ordinary happens in the legitimate deployment of your app.

Summary

We cannot stick our heads in the sand any longer – if you are a member of the Windows Phone 7 team and are reading this, please help me raise this with your team members. I love the platform and want it to continue, but as a developer I need assurances that these things will get attention – not take years to fix as they appear to have to date.

A web service similar to the one suggested here, would be a great active validation technique that should limit the amount of effort the WP7 team put into it.

Windows Phone Xap Download

If Microsoft wants developers to invest time and money in creating apps for their platform, they have to have a good story when it comes to Piracy – currently this doesn’t appear to be the case.

Like This Article? Read More From DZone

Published at DZone with permission of Douglas Rathbone , DZone MVB. See the original article here.

Windows phone xap download

Opinions expressed by DZone contributors are their own.