1

I have researched a lot about reverse engineering WP8 apps but nothing seems to work for apps that are digitally signed (Yes, I am talking about Apps from Windows App Store)

XAPSpy works with Windows Phone 7 only and may be, with unsigned WP8 apps(but I am not sure on this part).

Some answers of StackExchange says that Tangerine and Windows Phone App Analyzer can be used, but it doesn't seem to work with digitally signed apps.

Question :

Is it not possible at all, to reverse engineer WP8 apps collected from Store and perform security audit? TIA.

Regards,

node_analyser
  • 211
  • 3
  • 8
  • i think xap files are encrypted, so my guess is you would need to root/jailbreak the phone first, and then run the app under a debugger to be able to decrypt it. – Willem Hengeveld Dec 17 '14 at 12:02
  • but maybe the decryption is handled at installation time, in that case, you might be able to find the decrypted apps in a device backup. – Willem Hengeveld Dec 17 '14 at 12:03
  • Willem - The marketplace apps are digitally signed and PlayDRM encrypted. The "root/jailbreak" solution is true but as per my knowledge the jailbreak is not yet available for Windows Phone 8.

    I have been searching since long and have come to the conclusion that currently my question has no solution unless any jailbreak is available or else the device has a zero-day ;-). The only solution left is to get the Developer version of the app in order to proceed further.

     – node_analyser Dec 17 '14 at 12:21
  • possible duplicate of Reverse engineering apps for Windows Phone 7 and 8 – David d C e Freitas Jun 17 '15 at 09:52
  • David - Thank you Sir, but this no more works. I already came across this question during my research. You can read the first comment to that question. It is true, I tried it. New formats come encrypted and can't be simply renamed and opened. – node_analyser Jun 17 '15 at 11:28

0 Answers0