Down entry method X should deal with self-signed certificate cracking attack

Downstudio Studios in 3 Month 30 Day gets message - drop input method X subscription cracked,Malicious users can modify Apple's Purchase Receipt content for any length of subscription without actually paying。

Most in-house apps,We responded the first time.。

This crack is primarily for apps that are locally communicating with Apple servers to decrypt receipts (considering that the crackscript has a generic Rewrite for in-house purchases),Any app that communicates directly with Apple's servers will theoretically be hacked directly);There are also many apps that also ignore local security,Although they communicate with their own servers,,Does nun verification do not,So it's been cracked, too.。

In 4 Month,We started to get a lot of user feedback on the user base,We're actually making security improvements.,To protect the rights of paying users。

Now,Down input method X is brokered through its own server,to ensure that the decrypted information from Apple is complete and consistent.;Other than that,When communicating between the input method and the server,The transfer data is also verified by rsA Asymmetric Certificate Signature,Mate timestamp,to make sure the data received is correct、Complete、Untampered by an intermediary。

Eventually,After confirming that the new version is effective in avoiding being cracked by this technology,We've shut down all of the old download channels so far (that is,,Deny users to grab legacy from the App Store),Avoid the continued use of technology hacks by malicious users by returning older versions。

Thanks to those users who first informed me。


Extended reading: