[LastBattle]

I just want to rant out my concerns, as I've made a discovery today regarding InPic's (Applify) shady practices during the production of the application. As a developer myself, this is totally unacceptable as they were one of the reputable developer around. I couldn't believe it myself as they have released a high quality YouTube app on the Windows 8 store, PrimeTube.

I've been developing on an Instagram client since July 2013 when Instagraph was released to Windows Phone. That was #2InstaWithMassiveLove.
Sure, #2InstaWithMassiveLove was not as fully featured as Instance or 6tag. However, I worked hard day and night focusing on Windows Phone 7 users exclusively. I'm well aware that it didn't get as much attention as Instance or 6tag since they were leaps and bounds better on its first release. That's fine, I kept my promise and kept updating the app as much as I can despite the tight schedule with school.

However, what's frustrating is how much attention the newly released InPic got from WPCentral, & WMPoweruser on its first release. Even recently, when they got reposting of photos when it have been on mine for months. InPic updated with multiple account support and the ability to repost Instagram photos | Windows Phone Central
Fine, I live with it and continue focusing on WP7.

That's until today that I've come to a conclusion on how much InPic was following on my recent updates. For instance, I released notifications around a month ago and 1 week later. It was released for InPic too! Just 2 weeks ago, they've even implemented reposting of photos that raised my suspicion. I've decided to take a look at their Windows 8 code only to confirm what I thought to be.
They are simply copy pasting code right off the reverse engineered version of my .XAP file for their own purpose without asking.

InPic, Instagram.Classes.GeneralClasses :
[C#] public ObservableCollection<InboxFeedViewModel> ParseInboxFeed(string HTM - Pastebin.com

My source code:
[C#] #region InboxFeed public static async Task<string> LoadUserInbo - Pastebin.com

I've since cancelled the certification of the official app until this gets ironed out.
http://forums.windowscentral.com/win.../229613-12.htm

Certainly, I cannot claim rights on other developers making Instagram or not. But stealing codes is another issue.
Please be my judge.

I'll be glad to release the source code of #2InstaWithMassiveLove and the latest binary file of InPic on Windows 8.

So what's the lesson learnt here? Protect your codes.

[berty6294]

Good lord! Thats ****ed up, I'm immediately removing their app from my surface!

[amitnahar]

Me too...
Didn't know that they will do things lyk this.



Sent from my Nokia Lumia 820 using Tapatalk

[Ultimateone]

Unbelievable

[Rafael Rivera]

If you want help in filing the appropriate paperwork to boot their *** off the marketplace, ping me. (rafael@withinwindows.com)

[asylumxl]

I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?

[1101x10]

I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?

I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?

[azcruz]

While I symphatize with your feelings, that's a serious accusation and will be difficult to prove, moreso that the codes are different and one can always point out similarities to make a point.

If I will be making an app to get Instagram feed, I would come up with something like what you posted without needing to see any code beforehand.

[asylumxl]

I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?

Using an online comparison tool there is mostly similarity in the syntax, which is to be expected. Couple of lines tops are identical.

[rudyhuyn]

OMG !!!!

I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

Study Instagram API is one thing, stole source code is an other

[Nogitsune Micah]

I never used either app but that truly is screwed up to do that. Hope you get it worked out.

[rudyhuyn]

XAP encryption can be removed with some windows phone 7 device (you retrieve directly unencrypted dlls)

[rudyhuyn]

Just a question, you spoke about copying codes from Instance and #2InstaWithMassiveLove but show only a #2InstaWithMassiveLove stolen code, what proof do you have for Instance ?

[12Danny123]

Tell Microsoft about this. Bet they'll wouldn't be impressed.

[schandlich]

http://www.red-gate.com/products/dot...smartassembly/

Red gate makes great tools.

[rudyhuyn]

SmartAssembly - .NET obfuscator, automated error reporting, and DLL merging

Red gate makes great tools.

They just copy/paste the code, even if the code is dotfuscated, they can copy/paste it

[12Danny123]

SmartAssembly - .NET obfuscator, automated error reporting, and DLL merging

Red gate makes great tools.

wow disappointing InPic. This isn't right at all. I bet you'll be angry if someone steals your coding. why use someone else's??

[schandlich]

They just copy/paste the code, even if the code is dotfuscated, they can copy/paste it

But it also means they don't know what they are pasting. Checks could be hidden in that. Its better than nothing. Where's Daniel been btw?

[1101x10]

OMG !!!!

I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

Study Instagram API is one thing, stole source code is an other

Have a closer look - it's not *exactly* the same code (even though it's decompiled) - Coincidence?

[LastBattle]

I've only recently started developing on Windows Phone, but I was under the impression that XAPs were encrypted when released on the market place. So how have they obtained your code and vice versa? Has someone distributed a development XAP to you?

Its only Windows Phone 7 apps that are affected, at the moment WP8 isn't vulnerable to this.
A simple search of ".XAP" will get you that. https://www.google.com/#q=%232instawithmassivelove+XAP

Yes, they are now encrypted on WP8. However the phone will still have to decrypt it eventually to read off the contents. So its only a matter of time before this affects WP8, unless your app is developed in language like C++.

If you want help in filing the appropriate paperwork to boot their *** off the marketplace, ping me. (rafael@withinwindows.com)

Thanks.. I'll contact you later.

I'd be interested to know this too. The Windows phone XAP's are encrypted and as far as I'm aware this hasn't been cracked yet. Or do you have a Windows 8 store version (which are not protected when installed).

Edit: I'm a bit bleary eyed at the moment but looking at both bits of code there are some similarity's (I realise theirs is a decompile) but it doesn't look like a straight copy and paste. Are you sure about your allegation?

Its the direct copy of the compiler optimized version of the code. It'll look the same once you decompile #2InstaWithMassiveLove and compare that same piece of code.

http://www.red-gate.com/products/dot...smartassembly/

Red gate makes great tools.

I have in fact purchased a copy of http://www.preemptive.com/products/dotfuscator/overview
It wasn't used in the recent version of the app due to the fact that its not working well with Telerik controls, causing the app to crash once launched. I'm still waiting for this to be fixed.

[rudyhuyn]

Have a closer look - it's not *exactly* the same code (even though it's decompiled) - Coincidence?

Coincidence? Definitely no

My own code doesn't look like #2Instawithmassivelove for example.


In this case :
same variable name, same regex, same behaviors, same algorithm, same custom enums, etc...

[rudyhuyn]

Just a note:

The copied function isn't a hard function, no security to solve, no secret, nothing hard, just take some times to work on regular expression. Everybody can do it with some times. I really don't understand why copy this specific function, in my opinion, they just wanted to save time and make it volontary. Not a good move. If they copied this function, in my opinion, it is not the only one

[LastBattle]

Just a question, you spoke about copying codes from Instance and #2InstaWithMassiveLove but show only a #2InstaWithMassiveLove stolen code, what proof do you have for Instance ?

I'll update you in a moment...

[LastBattle]

OMG !!!!

I wrote some articles about .Net reverse engineering and I'm 100% sure that LastBattle is right, this is exactly the same source code (the only differences are symptomatic of the .net compiler + decompiler).

Study Instagram API is one thing, stole source code is an other

Yes. Just 3 months ago, someone republished a version of #2Insta with a different app logo too.
Insta | Windows Phone Apps+Games Store (United States)

I added something on top of it to stop this guy from doing so while contacting Microsoft about it :)

Code:

        
publicstaticvoid CheckApp()

         {

#if
 DEBUG

            return;

#endif

            
// check if the 'Appcracked' exist

            
var ResourceStream = Application.GetResourceStream(newUri("Appcracked", UriKind.Relative)); // patching games-wp.com

            
if (ResourceStream != null)

             {

                 
MessageBox.Show("Please download the official app from the store.", "Error", MessageBoxButton.OK);


                 
MarketplaceDetailTask task = newMarketplaceDetailTask(); // make piracy to your advantage :)

                task.ContentIdentifier = 
"6f25e648-c923-443d-a678-1daa22f57fbf";

                 task.Show();

                 
thrownewException();

             }


             
Guid applicationId = Guid.Empty;


             
XElement elem = XDocument.Load("WMAppManifest.xml").Root.Element("App");

             
var productId = elem.Attribute("ProductID");

             
var title = elem.Attribute("Title").Value;


             
if (productId != null && !string.IsNullOrEmpty(productId.Value))

                 
Guid.TryParse(productId.Value, out applicationId);


             
string guidStr = applicationId.ToString();


             
if (guidStr != "d26cc335-5c38-45e7-908f-afcab445bddd" && // local testing app GUID

                guidStr != 
"0215d686-8224-42df-9ec6-74dd01846b45" && // paid app

                guidStr != 
"6f25e648-c923-443d-a678-1daa22f57fbf" && // free app

                guidStr != 
"95deed08-fbac-4e12-a4f3-558825a62afa" && // beta app

                guidStr != 
"2f8ae83b-cd4a-412c-a19a-869d65966de9") // beta 2 app

                
thrownewOutOfMemoryException("Unable to load images.");


             
// another

            
if (title != "#2InstaWithMassiveLove" && title != "#2InstaWithMassiveLove Free")

             {

                 
MarketplaceDetailTask task = newMarketplaceDetailTask(); // make piracy to your advantage :)

                task.ContentIdentifier = 
"6f25e648-c923-443d-a678-1daa22f57fbf";

                 task.Show();

                 
thrownewOutOfMemoryException("");

             }

         }

----

Same issue happened to Skinery Tiles, with a Chinese publisher re-publishing that again and again after it got removed by Microsoft.

http://www.windowsphone.com/en-us/st...8-56f5b1422eed

[azcruz]

My golly, scumbags...