NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.
Lets talk piracy, jerks and utter opsec failure. Here comes another installment of "jcase tracks a pirate". Some of your might remember the epic first installment from years ago before XDA had to censor it. It was hilarious.
Many of you know I've been in the hospital with my daughter, she is doing well but still on oxygen. While here at the hospital yesterday, a well known developer released an xposed module that acted as a crack for TimePIN. This is ridiculous, as I was freely giving away licenses to anyone who asked (this is now coming to a stop for, as I am a bit overwhelmed with life right now).
When apps are cracked, they not only potentially hurt the income of the developer, but they also waste the developer's time. In this case his module caused odd queries to my licensing server, as well as a spike in crash reports to the Google Play server, which appears to be related to xposed tampering with TimePIN.
Now lets track this guy. First, we have a new XDA account, that has absolutely no posting history. Obvious puppet account. Next we have secondary information linking this account to directly to a well known Xposed module developer (for now I am going to leave out the details of this link, for now). The link here is very solid. Strike one.
The account that this one is related to, is a developer that develops on Xposed. His modules match the style of coding used, as well used the same version of tools to build and sign them. Strike two.
Know how apps are signed with certificates? This can point to a specific developer. If you are going to make cracks, sign with a leaked key like the Superuser key or one of the AOSP keys. This less than bright developer signed it with his debug key. I was able to get friends at companies maintaining large databases of apps and app signatures to run a check for me. The crack's certificate matched a build of an application containing the dev's name. You are out!
This is a developer that complained about someone using his Apache licensed, opensource code in a paid app on the market. He complained about the xposed repo allowing cracks for pandora (I can't find one on the repo). He talked about how much he appreciates donations, every penny.
This developer goes by the name Nottach on XDA, he is known for roms and the popular Xposed module NottachXposed. +Gaelan Bolger I'm not sure why you did this to me, or how I am related to your pandora rant, but not only do you completely fail at opsec, you are an asshole. You had no reason to target me in your rant about some pandora cracking module. Thank you.
I love how the Android/Dev community blasted his post out there. So great!
For what it's worth, Pandora Patcher did exist (dev'd by gamer765). It used to be here but has been removed:
He had to do this... 'Just-in Case'..
+Christopher Avery Yes, even if that is true. Publicly putting into a public place really hurts the devs. Non-dev type will just not care as long as they save their $2. =\
+Christopher Avery not affording is no excuse in this case, I openly offered free licenses for it. On reddit, on G+, on Twitter and at the time of his releasing the crack I offered the free licenses right in the app description. Take that excuse else where on this one.
There is no need to crack this as it does not add mission critical features to the app by purchasing it. Pandora on the other hand still limits your skips even after you buy pandora ONE. That company deserves to be cracked. This independent developer does not.
Kudos to you chainy in tracking down the person responsible. Don't let it get ya down. Ya got many people whom admire your work on the Android platform. We all look out for ya sonny. Best wishes for your daughters recovery. She's in the best place.
+Justin Case Kudos to you.
BTW - how does one buy the full version of TimePIN?
WOW! I hope you've learned what a sore loser you are +Gaelan Bolger
Press menu, or hit the three dots in the upper left corner and click upgrade
Hey you reap what you sew as the saying goes. Thanks for taking the time to share during your busy schedule.
+Jonas Eisele thanks, I 'm still not used to in-app way of buying, I was expecting a separate vrsion in the market, my bad
U need to have an extra brain to b like this guy though
+Michał Dwużnik separate version would just be wasteful in this case. I will make it more apparent in future builds
+Justin Case thanks. However - whatever way works for your income :>
That nonsense about not everyone cant afford apps so they should get it free by +Christopher Avery is loony. If you can't afford it then you cant have it period. Ur not entitled to anything you want. I can afford my apps but I can't afford that Ferrari I really want. Should I get one for free?? Where ppl get off talking about software like its different from tangible products is so fucked up. These devs work every bit as hard writing them and debugging them as anyone making a tangible product. And in this case its super fucked up when the dev was already giving his hard work away to anyone who took the time to ask.
Another blow to the development community. This sucks. I use a lot of chainfire's apps and for this to happen just makes it harder on all of the developers. Love your stuff Chainfire, keep them coming.
+Paul Dupras the funny thing is when people have flagships like GS4's and they complain about paying 1$ to support a Dev for nonessential features. That 1$ is about 1/2000 of the amount that you would pay for just having that phone over two years.
+David Middleton omg what website is that??? That is so damn useful especially with the PA community XD
Edit: I got it. That is really cool though.
+David Middleton No need for the sarcasm, thanks anyways.
+Paul Dupras Wow. that was my exact analogy. Right down to the Ferrari.
Are you a mind reader....or am I (since you posted long before I read this)?
as for analogy -> (well, the root 'anal' is not without reason...)
'copyright infringment' is by far not the same action as 'theft' (and 'piracy', BTW...)
Well, there's one small benefit coming from this mess: I'm buying this app. Didn't know about it til now.
Man what an effect public shaming has. G+ profile gone, Market profile gone, XDA account disabled... Mess with the bull, you get the horns!
+Ashley Hutchinson oh there certainly was a need for sarcasm. Besides he gave you what you needed right?
Side note about affording apps, I have only been following the android dev community and chainfire for about 2 years now and from what I've seen at least chainfire almost always if not always has a slimmed down version for free. Everyone that I've tried for free I have ended up purchasing. That being said. I appreciate all that you do for android and will more than likely be buying many apps to come! Loving pryfi so far and can't wait till I get some extra cash for the paid version. Best wishes to you and your family chainfire!
+Michał Dwużnik OK then at your job we will randomly take away payment for hours worked. So you always have to work 50 hours, but some weeks a random person says thanks for your work then takes an hour or two of your pay. Would you like to work for free for those hours?
Well played +Chainfire , we don't need this kind of people hangin' around.
+Paul Dupras what a retarded way of thinking. You are as screwed up in the head as the politicians that created digital laws. The reason why a Ferrari is different than a program is because once a program is created it cost nothing to reproduce. Its just like music or a movie, it's unique to the creator yet what it is isn't really tangible.
I don't know how to argue this. You're using a program given to you for free saying that it's loony for someone to think everyone should be able to get the most out of their hardware for free. people have and always will pay for services they want if they can afford it. I don't see how you can't see that in your everyday life. They get them from the market.
Its stupid to argue about whether or not Digital should be viewed the same way as a Ferrari. Its not the same and should not be treated the same
+Daniel Quah ? that is a technical article i wrote a few years back detailing failures in the original LVL release, it resulted in better documentation, better understanding by fellow developers, and improvements in LVL. At the time LVL was being hailed as the end all to Android piracy, many developers touting it as the holy grail. Publication upset a few developers, but mainly those too ignorant to see that LVL alone is not a solution in anyway.
+Walter Francis Last guy did the same thing, deleted everything he could. Even talked the forums into changing his username.
+Justin Case have a Coke on me!
This just inspired me to upgrade. Good job and sorry to see someone waste a good dev's time like that.
+Christopher Avery okay you are the one that makes no sense.
Every app a Dev makes takes time and effort.
Time and Effort = money
You cannot argue in favor of Pirating of software and other media. You can justify it with things like profit margins and greedy businesses (Pandora for example). However, you just can't say oh yeah pirating is fine because what they made is not tangible and therefore is free and open to all.
+Christopher Avery So if you can't afford the app you must be able to have it for free because it's on the Web? Loving the logic... Sorry but if people can't afford a couple of pounds then I think their priorities are wrong as having a smart phone is a 'luxury' and having a mobile contract is also a luxury. I'm sorry I don't buy it, hardly any of these people cant afford it they simply choose not the pay and would rather pirate it because piracy isn't enforced as well as theft.
The only difference with stealing a Ferrari is that it's physical and has a production cost, remove the production cost and it still technically isn't free as it required millions in R&D which were meant to be recuperated on the profits.
Nope no way you're going to push that successfully you sound like you do pirating yourself :P (if you don't then I apologise!).
The whole world runs on money as does the Internet but there note is that you aren't hindered too learn on the Internet. You can be poor but as long as you have access to the Internet you can teach yourself everything for free.
Think my post lost the point I was bored waiting... TL DR : Lies nothing should require to be free just because someone can't afford it, we work via money you paid for luxuries which is what this is...
+Christopher Avery okay that makes a lot more sense now. That's a novel thought I see where you are coming from.
+lee perring he doesn't mean everything should be free just that because of the way the internet works you can usually find it for free. Now I don't agree with some of what he said. I would modify his statement by saying that the internet allows us to find cheaper alternatives to things.
chainfire whats wrong with your daughter. I have to ask
Two thumbs up chainfire! Love many of your apps and love paying for them. And it is a grand thing that you offer your apps for free to those who can't pay, even worse those that can pay but don't that are cheapasses with flagships phones and have no honor. I especially love paying for the apps you dont have to ask for licenses and are offered for free on sites like xda cause I know my couple bucks helps keep the apps and potential bucks flowing. Good day.
+Keith Bluhm I Still have it and it works. Also able to delete it and re downloaded it also.
I agree that cracking apps waste developers time. It however doesn't cost a dime let alone a single penny to make an app. The only patching I do is the removal of Google Ads. But when you develop for an open platform. People usually rend to lean on that for a legal way out of getting into trouble. Because you can't pirate things given away for free.
+Dez Litten first I want to apologize for the language, but you are full of shit. Almost 200 test devices total now, http://i.imgur.com/ophvnvb.jpg Go ahead and tell me it doesn't cost anything to design, engineer, produce and test an app. Thats like saying it doesn't cost any thing for an Dr to give you a physical. Education, material, time, testing, equipment. That rack of devices is a good year's salary. Please tell me again how it costs nothing.
People need to learn than what the apache license is, how it applies and what it applies to.
Just use open source software. Build an apk. Post it for free. Who says it has to be in the Android market?
+Dez Litten I didn't even mention the cost of a developer account, $25 is nothing compared to the other costs. Please do continue to tell me how it costs nothing. I thinking +Chainfire or +Jared Rummler, who I'm sure have more than I invested in it, would agree as well. Hell I didn't even go into software costs, opensource doesn't cover all needs.
+Justin Case this answers a question I've had for a very long time. Do devs really have all those devices to test on or do they just send it to someone to test? And well as seen by the wall of devices you guys do in fact debug on the devices yourselves.
Just how I would go about it if I were to develop for it if I could. Do what you want. But i would just make it in free software. And host it as a downloadable apk file. I didn't say I knew anything about it. Just saying I've seen it done before. My cousin runs cyanide and he don't pay for anything. So why anyone has to pay anything to create apps has me confused.
+Dez Litten so you are schooling me on app development when you are not a developer? Runs Cyanide? Only Cyanide app I know of is the one I wrote. Anyone who says it costs nothing to design, engineer, develop, test and deploy doesn't know what they are talking about. Like I said, costs nothing for a doctor to do a physical right?
I wonder what the compromise on this would be. Dev community with the "hacker" community (used lightly for lack of a better group name)? It could revolutionize even the real world economy.
But I'm not as far fetched to say it costs nothing to make a program. You need hardware to test or even create software. And true talent can be seen in the program, and talent should be rewarded. Developers are revolutionizing the world. But the only way to do that is if the whole world is included.
There is a whole world of developers that developed solely for the purpose of notoriety. If only the money driven economy didn't suck so bad.
+Christopher Avery yep, and even opensoruce software requires funds to write, look at how much money is put into Linux or Android, hint it is a hell of a lot.
No one's trying to out do you in anything. I'm just simply speaking my opinion on how I'd go about things. No need to freak out. I'm not flipping out in you.
+Dez Litten I'm not flipping out, I'm just flabbergasted that you are sitting here and honestly saying it costs nothing to develop an app
I've seen it done. I am an administrator on that site I posted. And our programmer did it all the time. Just using visual Basic. We didn't have to pay anyone. Sure we accept donations as anyone would. But we didn't have to pay anyone to make anything.
+Dez Litten funny, I recall spending about several hundred dollars on visualbasic back in the 90s. PC development is not the same as app development
Why did you buy it? We just downloaded it for free.
+Dez Litten because I am not a pirate? and it wasn't free in the 90s.
I know it wasn't. But he was.
+Xda Garwynn why do people keep saying that. Time only equals money if you're getting paid for that time. By that logic just for using the app or learning to use the app I should be getting paid for it, or receive a discount because I'm using my time.
Time does not equal money, it never has and never will. But if You have a formula for how much blood sweat and tears actually converts over to money
let me know. Otherwise that's just an idea in your head that should just stay in your head. It's not the way this world works or the digital world works.
You're just as far fetched as somebody who believes every piece of work a developer creates should be free. You compare something that doesn't really exist and want to keep the same rules as to something that does exist, as if they are the same.
+Xda Garwynn I'm so glad that you have experience in the matter, but the rule of law that you want to apply doesn't make sense in a world that doesn't really exist.
There is no bigger greed than to take something that cost absolutely nothing to reproduce, and say you would rather the program die than everyone get it. In no way should any community believe this is good for society. And it's apparent the same laws can't be followed, so there's no use in trying to pretend we all should.
Its your way of thinking that's screwed up, society should not accept others to go without just because one person has control of it. In the real world it's hard to imagine, with the online community, it's reality.
Don't take a broken system that doesn't even work in the real world and try to apply it to the digital world. If developers are going to move the world forward then they need to start thinking forward.
It costs me nothing to fix a blown head gasket, i however lack the know how so i pay someone to do it. i also lack the knowledge on how to make android apps that do things i want them to, so i pay someone else to.
+Xda Garwynn I would love to see that but I don't advocate for that. it's not possible, at least not yet.
I don't view myself as having all the answers. I'm a logical thinker, all I do is weigh things. I just know that more hours have been spent fighting for freedom on the Internet than you have ever thought about putting into developing a program. And that money and greed is never good for society, yet it just sounds like everyone keeps promoting it.
Be upset, and understandably you should be. but something you did was great enough to catch the eye of someone who wanted the world to share it.
The only thing I want is the forward thinkers of today, who are revolutionizing the world along with groups like Anonymous, actually be forward thinkers. And to know the difference between needing to survive with money and letting money control your way of thinking. The internet is not a place to continue business as usual, even though most people that just use it for social sites think of it that way. The Internet is a thriving community, made up of people who work hard to keep things free and equal for everyone.
What will do of this app?...what help can provide it from us?...what kind of app is this?
costume rom Android 4.4 for galaxy s4
+Andrew G "working the same amount of hours for less pay" is called being put on salary vs hourly. ;)
IS this for real. Some guy thinks all software should be free!!!??? How do you pay your mortgage, car etc... This is democrat thinking/socialist. Hint: it does not work.
God when will people Learn. Pirating is stealing!
Keelhaul the filthy landlubbers, make the bastards walk the plank, with a bottle of rum and a yo ho ho.
And the Knights Templer were the first pirates.