08-01-2015 02:15 PM
67 123
tools
  1. LastBattle's Avatar
    I just want to rant out my concerns, as I've made a discovery today regarding InPic's (Applify) shady practices during the production of the application. As a developer myself, this is totally unacceptable as they were one of the reputable developer around. I couldn't believe it myself as they have released a high quality YouTube app on the Windows 8 store, PrimeTube.

    I've been developing on an Instagram client since July 2013 when Instagraph was released to Windows Phone. That was #2InstaWithMassiveLove.
    Sure, #2InstaWithMassiveLove was not as fully featured as Instance or 6tag. However, I worked hard day and night focusing on Windows Phone 7 users exclusively. I'm well aware that it didn't get as much attention as Instance or 6tag since they were leaps and bounds better on its first release. That's fine, I kept my promise and kept updating the app as much as I can despite the tight schedule with school.

    However, what's frustrating is how much attention the newly released InPic got from WPCentral, & WMPoweruser on its first release. Even recently, when they got reposting of photos when it have been on mine for months. InPic updated with multiple account support and the ability to repost Instagram photos | Windows Phone Central
    Fine, I live with it and continue focusing on WP7.

    That's until today that I've come to a conclusion on how much InPic was following on my recent updates. For instance, I released notifications around a month ago and 1 week later. It was released for InPic too! Just 2 weeks ago, they've even implemented reposting of photos that raised my suspicion. I've decided to take a look at their Windows 8 code only to confirm what I thought to be.
    They are simply copy pasting code right off the reverse engineered version of my .XAP file for their own purpose without asking.





    I've since cancelled the certification of the official app until this gets ironed out.
    http://forums.windowscentral.com/win.../229613-12.htm

    Certainly, I cannot claim rights on other developers making Instagram or not. But stealing codes is another issue.
    Please be my judge.

    I'll be glad to release the source code of #2InstaWithMassiveLove and the latest binary file of InPic on Windows 8.

    So what's the lesson learnt here? Protect your codes.
    Last edited by LastBattle; 10-01-2013 at 10:22 AM.
    10-01-2013 09:52 AM
  2. berty6294's Avatar
    Good lord! Thats ****ed up, I'm immediately removing their app from my surface!
    10-01-2013 10:35 AM
  3. amitnahar's Avatar
    Me too...
    Didn't know that they will do things lyk this.



    Sent from my Nokia Lumia 820 using Tapatalk
    10-01-2013 10:41 AM
  4. Ultimateone's Avatar
    Unbelievable
    10-01-2013 12:30 PM
  5. Rafael Rivera's Avatar
    If you want help in filing the appropriate paperwork to boot their *** off the marketplace, ping me. (rafael@withinwindows.com)
    10-01-2013 03:46 PM
  6. asylumxl's Avatar
    I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?
    y2bd likes this.
    10-01-2013 04:45 PM
  7. 1101x10's Avatar
    I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?
    I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

    Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?
    Last edited by 1101x10; 10-01-2013 at 06:51 PM.
    10-01-2013 06:25 PM
  8. azcruz's Avatar
    While I symphatize with your feelings, that's a serious accusation and will be difficult to prove, moreso that the codes are different and one can always point out similarities to make a point.

    If I will be making an app to get Instagram feed, I would come up with something like what you posted without needing to see any code beforehand.
    10-01-2013 06:53 PM
  9. asylumxl's Avatar
    I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

    Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?
    Using an online comparison tool there is mostly similarity in the syntax, which is to be expected. Couple of lines tops are identical.
    10-01-2013 06:57 PM
  10. rudyhuyn's Avatar
    OMG !!!!

    I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

    Study Instagram API is one thing, stole source code is an other
    10-01-2013 07:10 PM
  11. Nogitsune Micah's Avatar
    I never used either app but that truly is screwed up to do that. Hope you get it worked out.
    10-01-2013 07:11 PM
  12. rudyhuyn's Avatar
    XAP encryption can be removed with some windows phone 7 device (you retrieve directly unencrypted dlls)
    HarisA1 likes this.
    10-01-2013 07:15 PM
  13. rudyhuyn's Avatar
    Just a question, you spoke about copying codes from Instance and #2InstaWithMassiveLove but show only a #2InstaWithMassiveLove stolen code, what proof do you have for Instance ?
    10-01-2013 07:17 PM
  14. 12Danny123's Avatar
    Tell Microsoft about this. Bet they'll wouldn't be impressed.
    nohra likes this.
    10-01-2013 07:31 PM
  15. schandlich's Avatar
    10-01-2013 07:32 PM
  16. rudyhuyn's Avatar
    They just copy/paste the code, even if the code is dotfuscated, they can copy/paste it
    10-01-2013 07:37 PM
  17. 12Danny123's Avatar
    wow disappointing InPic. This isn't right at all. I bet you'll be angry if someone steals your coding. why use someone else's??
    10-01-2013 07:39 PM
  18. schandlich's Avatar
    They just copy/paste the code, even if the code is dotfuscated, they can copy/paste it
    But it also means they don't know what they are pasting. Checks could be hidden in that. Its better than nothing. Where's Daniel been btw?
    10-01-2013 07:45 PM
  19. 1101x10's Avatar
    OMG !!!!

    I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

    Study Instagram API is one thing, stole source code is an other
    Have a closer look - it's not *exactly* the same code (even though it's decompiled) - Coincidence?
    10-01-2013 07:45 PM
  20. LastBattle's Avatar
    I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?
    Its only Windows Phone 7 apps that are affected, at the moment WP8 isn't vulnerable to this.
    A simple search of ".XAP" will get you that. https://www.google.com/#q=%232instawithmassivelove+XAP

    Yes, they are now encrypted on WP8. However the phone will still have to decrypt it eventually to read off the contents. So its only a matter of time before this affects WP8, unless your app is developed in language like C++.

    If you want help in filing the appropriate paperwork to boot their *** off the marketplace, ping me. (rafael@withinwindows.com)
    Thanks.. I'll contact you later.

    I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

    Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?
    Its the direct copy of the compiler optimized version of the code. It'll look the same once you decompile #2InstaWithMassiveLove and compare that same piece of code.

    I have in fact purchased a copy of http://www.preemptive.com/products/dotfuscator/overview
    It wasn't used in the recent version of the app due to the fact that its not working well with Telerik controls, causing the app to crash once launched. I'm still waiting for this to be fixed.
    10-01-2013 07:48 PM
  21. rudyhuyn's Avatar
    Have a closer look - it's not *exactly* the same code (even though it's decompiled) - Coincidence?
    Coincidence? Definitely no

    My own code doesn't look like #2Instawithmassivelove for example.


    In this case :
    same variable name, same regex, same behaviors, same algorithm, same custom enums, etc...
    10-01-2013 07:50 PM
  22. rudyhuyn's Avatar
    Just a note:

    The copied function isn't a hard function, no security to solve, no secret, nothing hard, just take some times to work on regular expression. Everybody can do it with some times. I really don't understand why copy this specific function, in my opinion, they just wanted to save time and make it volontary. Not a good move. If they copied this function, in my opinion, it is not the only one
    10-01-2013 07:57 PM
  23. LastBattle's Avatar
    Just a question, you spoke about copying codes from Instance and #2InstaWithMassiveLove but show only a #2InstaWithMassiveLove stolen code, what proof do you have for Instance ?
    I'll update you in a moment...
    10-01-2013 07:58 PM
  24. LastBattle's Avatar
    OMG !!!!

    I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

    Study Instagram API is one thing, stole source code is an other
    Yes. Just 3 months ago, someone republished a version of #2Insta with a different app logo too.
    Insta | Windows Phone Apps+Games Store (United States)

    I added something on top of it to stop this guy from doing so while contacting Microsoft about it :)

    Code:
            
    publicstaticvoid CheckApp()
    
             {
    
    #if
     DEBUG
    
                return;
    
    #endif
    
                
    // check if the 'Appcracked' exist
    
                
    var ResourceStream = Application.GetResourceStream(newUri("Appcracked", UriKind.Relative)); // patching games-wp.com
    
                
    if (ResourceStream != null)
    
                 {
    
                     
    MessageBox.Show("Please download the official app from the store.", "Error", MessageBoxButton.OK);
    
    
                     
    MarketplaceDetailTask task = newMarketplaceDetailTask(); // make piracy to your advantage :)
    
                    task.ContentIdentifier = 
    "6f25e648-c923-443d-a678-1daa22f57fbf";
    
                     task.Show();
    
                     
    thrownewException();
    
                 }
    
    
                 
    Guid applicationId = Guid.Empty;
    
    
                 
    XElement elem = XDocument.Load("WMAppManifest.xml").Root.Element("App");
    
                 
    var productId = elem.Attribute("ProductID");
    
                 
    var title = elem.Attribute("Title").Value;
    
    
                 
    if (productId != null && !string.IsNullOrEmpty(productId.Value))
    
                     
    Guid.TryParse(productId.Value, out applicationId);
    
    
                 
    string guidStr = applicationId.ToString();
    
    
                 
    if (guidStr != "d26cc335-5c38-45e7-908f-afcab445bddd" && // local testing app GUID
    
                    guidStr != 
    "0215d686-8224-42df-9ec6-74dd01846b45" && // paid app
    
                    guidStr != 
    "6f25e648-c923-443d-a678-1daa22f57fbf" && // free app
    
                    guidStr != 
    "95deed08-fbac-4e12-a4f3-558825a62afa" && // beta app
    
                    guidStr != 
    "2f8ae83b-cd4a-412c-a19a-869d65966de9") // beta 2 app
    
                    
    thrownewOutOfMemoryException("Unable to load images.");
    
    
                 
    // another
    
                
    if (title != "#2InstaWithMassiveLove" && title != "#2InstaWithMassiveLove Free")
    
                 {
    
                     
    MarketplaceDetailTask task = newMarketplaceDetailTask(); // make piracy to your advantage :)
    
                    task.ContentIdentifier = 
    "6f25e648-c923-443d-a678-1daa22f57fbf";
    
                     task.Show();
    
                     
    thrownewOutOfMemoryException("");
    
                 }
    
             }
    ----

    Same issue happened to Skinery Tiles, with a Chinese publisher re-publishing that again and again after it got removed by Microsoft.

    http://www.windowsphone.com/en-us/st...8-56f5b1422eed
    rudyhuyn and 12Danny123 like this.
    10-01-2013 08:04 PM
  25. azcruz's Avatar
    My golly, scumbags...
    10-01-2013 08:19 PM
67 123

Similar Threads

  1. Text and live tile problems
    By donebrasko in forum Nokia Lumia 928
    Replies: 6
    Last Post: 10-25-2013, 06:53 PM
  2. Report from the Panos Panay Microsoft Store Surface event
    By someoneinwa in forum Microsoft Surface 2
    Replies: 44
    Last Post: 10-03-2013, 10:20 PM
  3. Replies: 2
    Last Post: 10-01-2013, 09:48 AM
  4. Degree of difficulty in replacing 928 screen??
    By clane493 in forum Nokia Lumia 928
    Replies: 4
    Last Post: 10-01-2013, 09:38 AM
LINK TO POST COPIED TO CLIPBOARD