Jul 14, 2012

Please read: A personal appeal from in-appstore.com founder ZonD80

Hello everyone. Developers, u're welcome.

I want to shed some light on some of the obvious things:

First. I did not steal any money. Nobody lost at least one cent from their iTunes store accounts. If you claiming, that money was stolen via in-app purchases, u're wrong. Zero in-app purchases were made in real appstore via this service.

Second. I did not hack anything. I just wrote app-store replacement. And it's a big idea to create yet another world of apple for our iDevices.

Third. Developers, your profits depends on quality of your apps. You have millions of loyal users, that won't use this service.

Forth. I did not steal or collect any passwords. For now, logging is total disabled.

Fifth. It's a good reason to proof, that something is not perfect. I helped everyone to move forward. Developers - to protect their apps. Apple - to improve their protocols. And, of course, hackers.

PS: Dear hackers, SourceCode will be available in couple of weeks.

125 comments:

  1. What about actually getting it up and running again, man? Don't give up now!

    ReplyDelete
  2. "transaction failed
    your purchase could not be completed at this time"

    plz fix

    ReplyDelete
  3. DNS 91.224.160.136 работает,но покупки совершать не возможно,везде как будто блок по этому адресу.

    ReplyDelete
  4. Getting started updated, apple banned ip of our last server. Read instructions again.

    ReplyDelete
    Replies
    1. The the IP address listed on the Getting Started page remains the same as before: 91.224.160.136 What's the new one?

      Delete
    2. Yeah what’s the new IP?

      Delete
    3. what's the new IP ZonD?

      Delete
    4. you should send the copy of the code to Saurik (Jay Freeman) as ask for his legal advice its time to teamup

      Delete
  5. hi,
    Mr.ZonD80
    can u please confirm whether hack still working because its saying "transaction failed your purchase could not be completed at this time"
    or cannot connect to store...

    ReplyDelete
  6. We need one more new DNS.

    ReplyDelete
  7. ZonD Eighty,у меня проблема : я всё делал по НОВОЙ инструкции и когда в CSR Racing пытаюсь купить что-то там присылается уведомление,что всё куплено,хотя ничего не куплено. Кстати говоря,у меня обнулили там все деньги,которые были вчера и сегодня утром

    ReplyDelete
  8. Кстати, именно CSR Racing легко ломается. Покупаешь валюту с помощью iAPFree или iAPCracker, потом блочишь весь трафик. Покупаешь машины, анблочишь траффик. Деньги откатываются, а машины нет :)

    ReplyDelete
  9. GodLight
    А у меня небольшая проблемка : iOS 6 Beta 2 iPad 3
    И на компе Mac OS X Mountain Lion GM, на котором не работает Absinthe

    ReplyDelete
    Replies
    1. Виртуальная машина?

      Delete
  10. you are getting famous!

    just found this article on foreign news portal!

    http://littleskylark.com/blog/in-app-purchase-hacked-by-zond80-possible-negative-effects/

    ReplyDelete
  11. Just because this guy is Russian and smart does not mean he is malicious and will steal your iTunes passwords.

    I bet those saying "They got hacked" are the developers of those apps.

    Anyways, this method worked for me. Spasibo!

    In-app purchases are fucking bullshit and nickel and dimming. Fuck devs that implement that feature. Either give the users a full app or don't, don't fucking nickel and dime them, assholes!

    ReplyDelete
    Replies
    1. Also, if he was a malicious hacker, he would not be out so publicly.

      Delete
    2. u r right... DEVS are getting Jealous :P fu**ing AssHoles :P we loved their apps but we dont love to waste more money to update or buy something from the app :P

      Delete
    3. LOL at ZonD posting as Anonymous.

      Delete
    4. LOL @ you thinking he is ZonD, Ethical Hackers would never hide behind the names like you are doing.


      and yes they are not stealing any information i tried this app and it worked fine with me.

      Delete
  12. This comment has been removed by the author.

    ReplyDelete
  13. I can never get to "do you love apple?" popup with newstand subscriptions, can get that with every other app but newstand apps keep refreshing!

    ReplyDelete
  14. Not working, billing servers lost or failed to connect to iTunes Store. Maybe I should wait for the new DNS ip.

    ReplyDelete
  15. i can easily purchase any APPS :D THANK YOU ZoNd :D

    ReplyDelete
  16. can't connect the server! why don't you fix this?

    ReplyDelete
  17. Can Apple identify me and punish for this action or am I completely anonymous?

    ReplyDelete
    Replies
    1. of course they can

      Delete
    2. They will do it for sure.
      So I Would not do this.

      Delete
    3. Nope apple cant know jackshit if you disable "Diagnostics & Usage"

      Settings\About\Diagnostics & Usage and select Don't Send


      Jailbreak you're device and get Firewall ip and then you can block them out completely from gaining access

      Delete
    4. But I don't want to jailbreak my device, so they can find me?
      Or is your first solution 100 % secue?

      Delete
  18. You're as low as crooks come.

    I write apps to sustain my family with a baby to feed and a teenager going to college soon. I depend on in-app payments for extra content (it's reference/study apps, not games).

    Now people are getting my content for free.

    FUCK YOU ASSHOLE. I HOPE YOU ROT IN RUSSIAN JAIL.

    BTW: "For now, logging is total disabled" is total bullshit. Once a crook always a crook. I pity those who used your service.

    ReplyDelete
    Replies
    1. fuck you! if I buy your app once, why should I pay extra for extra content?
      you just write an app and hope to earn enough money for your children to go to college? fuck you and wish you rot in hell

      Delete
    2. i totally agree with you once pay why pay extra is true, they are just like bloodsuck, FUCKING AMERICANS SAW A RUSSIAN PROVED HOW STUPID YOU ARE :D

      Delete
    3. I'm not American you idiots, can't you see this affects everyone?

      Delete
    4. get a real job or get a big insurance policy and go die so your kids can be right and live happily coz if you really are a developer you should know using ur own servers to verify in-app purchases then you are able to dodge the bug.

      Delete
    5. Cry me a river...

      Here's an idea, stop ripping people off with in-app purchases.

      Delete
    6. @FuckApple easy of you to say when you live off your parents allowance. this crook is saying he'll even crack server-based authorisation.

      @Anonymous I'm not ripping people off, I'm giving them choice. I sell reference guides, people buy only the topics they want otherwise I'd have to sell the whole thing for a lot of money.

      this seriously fucks my life you can't believe how much. i'm not some megacorp with money to spare

      Delete
    7. @anonymous
      If this is harming you so bad making money then why dont you fucking STOP RiPPING US USERS OFF WITH IAP AND GET A REAL JOB NOT JUST SITTING IN FRONT OF A COMPUTER ALL DAY. Im shocked you have a family as all you do is bitch like i fucking KID.

      Delete
    8. @Brett Embury

      Different anonymous.

      You are an entitled little shit. That is all.

      Delete
    9. You fucking dev. You chose to have children, it's not our fault, so don't come crying about your fucking baby. Get a real job, get a second one if you have to. Why don't you decide a fair price and sell a full app, imagine if book publishers started selling their books in little pieces, you have to pay an additional amount for every little piece of the book.

      Delete
    10. Holy crap you are a moron Anonymous. His business model is actually cheaper for you and you are bitching at him for being greedy? The amount of stupid on the internet is astounding!

      Delete
  19. You must suck at CSR, I paid $2.99 and cleared all the levels with all cars except the Audi special CSR.


    Hacking games for higher scores is for losers.

    ReplyDelete
    Replies
    1. Its not an hack its a security flaw, wait inapp purchase = hacking? since whn? lol what moron you are stupid americans

      Delete
    2. You are such an idiot. Man in the middle attacks are considered hacking. Oh right, you have a blind hatred of americans (which is made very obvious from all your posts). Anyone with blind hatred of anything is mentally challenged.

      Delete
  20. While this definitely points to a flaw in the system, this is directly affecting the one thing people need - money.

    While the end user doesn't feel they should be nickel and dimed with in-app or upgrade charges the developer needs to have a steady source of income to provide further updates to the application or create new applications.

    Even the most basic of applications take time for coding, designing, testing, etc etc. Time = Money in cases of application development.

    How would you feel if your boss decided to come into your job one day and say that you weren't getting paid this week but you still have to work. This is essentially how to developers should be feeling right now.

    @ZonD Eighty - I have nothing against what you have done for two reasons. #1 I respect your coding knowledge as I don't have the knowledge to code anything on that level. #2 You exposed a pretty major flaw in the App Store purchase system.

    While I question what you plan to do with it by providing the source code to the public, I'm not going to get into a morale battle with you. I hope you make the right decision.

    ReplyDelete
    Replies
    1. well said dude you couldn't have said it better, its just some stupid american white ass assholes things too high and might and talks crap, must have pissed him off and might be the reason for him to make the code public, people needs to understand like the many Jailbreakers he was just trying to get attention of apple and developers what can be done and should be prevented.

      Delete
  21. I don't have a jailbreak and I didn't use this method, but I HATE in-app purchase.Developers, just set fucking price without this shit. it's becoming like robbery year after year with this fucking in-app purchase system.
    ZonD80, you are really smart.

    ReplyDelete
  22. thanks for exposing a flaw publicly...i love ur ethical hacking...

    ReplyDelete
    Replies
    1. ethical hacking is giving the developer warning before coming out with the info publicly.

      nothing ethical about this.

      Delete
    2. its better to have security flaw in hands of good hackers than malicious hackers...thats what ethical means..opinion differs of course..

      Delete
    3. Do you know him personally? How are you sure he's not malicious, because he gave you access to free shit? Oldest trick in the hustler's book.

      Delete
    4. Dont cry what information he gave is his something he found and wants apple to appreciated by many of the developers for highlighting this issue also if he did submitted this information to apple secretly we all know apple wouldn't have given him the credit and he wouldn't be that famous, October 5, 2011 Steve Jobs dies and its all over the news, October 12, 2011 Sir Dennis Ritchie was found dead and no one really cared you FUCKIN MORONS HAVE NO RESPECT FOR THE FOUNDERS JUST ALL YOU PEOPLE ARE AFTER IS MONEY

      So i respect the one who found this major security flaw and decided to share in public, ZonD80 you are amazing thanks for this :)
      ZonD80, i guess is a slight chance for apple inc might want you in their payroll.

      Delete
    5. shut up dickhead, I had a little led candle next to my K&R C book. what did you do?

      that has nothing to do with this. Dennis Ritchie wouldn't do this sort of shit.

      this is more in common with Steve Jobs who was a phone phreaker and made blue boxes to hack the phone network when he was younger

      Delete
    6. He probably sat in his sad little dark corner all mad at the world, looking for ways to justify anything he felt like doing.

      Delete
  23. Fix this, i got "connection failed".

    ReplyDelete
  24. Вы даете России дурную славу

    ReplyDelete
    Replies
    1. Наоборот, ZonD80- первый кто сломал железную защиту in-app purchase без джейлбрейка, а пользоватся этим или нет это личное дело каждого.
      да и лишний повод для apple не засиживаться на лаврах и хвалиться самым совершенным магазином.

      Delete
    2. Россия и так в жопе с ее братьями онанюгами у власти. И так все ржут на ней. Не ссы, из-за хакера который указал Apple на то, что они сосунки, хуже не станет, возможно тока лучше.

      Delete
    3. Это не ошибка, просто кража

      Delete
  25. There are a few possibilities here.

    1. This hack actually works (or at least worked)
    2. This is a scam used to harvest passwords? Unlikely. Apple is responding in a typical way for a company who needs positive PR: silently fixing a problem that they won't admit existed.
    3. All these people claiming it is a scam are butthurt developers who are concerned about their content being taken for free.

    Developers, you should probably know that your profits will probably not be affected. The people who are using thisj hack probably had no intention of paying for your in-app purchases. The people who actually would pay for them most likely still are paying for them.

    ReplyDelete
  26. Hi. I have a free server you can use. i7 1 gbps 24 gb ram

    hit me jk9357@live.com

    ReplyDelete
  27. It's a scam to steal passwords and shit.

    ReplyDelete
  28. Вы заметили,что когда вы покупаете в CSR Racing много денег и золотых монет,то они обнуляются автоматически,когда заходишь в игру без специального DNS

    ReplyDelete
  29. as an user that wants a trial, I support In-Appstore.com!

    ReplyDelete
  30. I checked my csr racing and my 1 mil dollars was removed. Please guys reply if you had a similar experience.

    ReplyDelete
    Replies
    1. My money is still there, 3 million in total

      Delete
    2. I heard that too - Money / coins to zero and you no longer get rewarded for wins etc.

      Delete
    3. Don't be so greedy

      Delete
    4. Iap cracker works with CSR racing.

      Delete
  31. Server stops working!???July 14, 2012 at 6:29:00 PM GMT+4

    Is anyone successful in performing the hack right now? It said the the server couldn't be connected.

    ReplyDelete
    Replies
    1. Bandwidth is not enough at all, need more DNS

      Delete
  32. How do I know if I'm connected to the server??? I install the certs and change DBS settings but I never get the "LOVE APPLE" message :/

    ReplyDelete
  33. Does anyone know anything about getting it to work on newsstand???

    ReplyDelete
  34. Is server running right now?

    ReplyDelete
  35. Self entitled assholes don't tend to realize that what they are doing is wrong, they will do whatever they can to justify in their minds how their actions are ok. There were so many other things you could have done that would have actually been constructive. Grow up.

    Didn't hack anything...seriously? Man in the middle attack isn't hacking?

    Oh yeah, you didn't steal any passwords, take the word of a thief that he's not stealing from other thieves. What's that about honor and thieves?

    Fucking black hat, self entitled bullshit. You ain't robin hood here, you aren't stealing from the rich to feed the poor(you know, so they can actually survive), what you are doing is robbing the poor (how many devs are losing out on sales because of this...oh yes they are, and most of the indie devs are barely scraping by, they need every penny) to entertain the masses for free (because you know, they are bored). Really fucked up priorities there jack ass.

    If you really wanted to help "move things forward" there are ways of notifying apple of the flaw without doing this.

    Can't wait to see how badly you get fucked over this.

    ReplyDelete
    Replies
    1. +1
      I hear Siberia has great aluminium mines, maybe he'll be able to work for Apple after all.

      Delete
    2. Hey whiner why are you fuckin crying over here for? use you're real name or a name you are known with over internet, my name is FuckApple on internet and i totallly love it ohh btw developers wants to make $$ thn they can sell their inapp purchases at a cheaper rate for the country whos economy isnt that great most of the Asian cant buy many in app as its too expensive for them, you have any clue how much $1 US is for Indonesia? i guess not as you are born in a fuckin country which only is known for killing people and stealing so let me enlighten you kid 1.00 USD = 9,455.20 IDR and there are many more countries, something that developers needs to sort out.

      Delete
    3. Hey Indonesia

      Isn't that the country that shot all those innocent people in East Timor?

      http://www.etan.org/timor/SntaCRUZ.htm

      but except for a few genocide and one or two bombs killing tourists i'm sure you'r a really nice lot

      Delete
    4. Hey FuckApple, so you have the right to steal because you want to play a game but can't afford to? Seriously? I don't care what the exchange rate is, you still don't have the right to steal. It's not like it's something that you need to survive.

      You want to change how developers work in your country? Don't support them. Don't download, don't play, tell them why.

      If that doesn't do anything then make your own damn game and sell it to your country men at a price they can afford and own that market segment, or support local guys that do if you are unable to do it yourself.

      Or you can sit back, whine, and steal.

      There's absolutely no way you can justify stealing. It will just make the developers not give a shit about you, want to fight you, or charge more to make up for it.

      As for what country I'm born in, you have no clue, but you must think it's the US. Hint. I'm not American.

      As for kid? I'm probably older than you. Much much older. Grow up. Stop being an entitled whiner.

      Delete
  36. Is it working right now?

    ReplyDelete
  37. Now we will lose our jobs because you help bypass user paying foe our items.

    ReplyDelete
  38. I own a server in Russia, i can hook you up with trouble free offshore hosting. I'll host you for free. qeqe.only.me[@]gmail[dot[]com

    You are doing great good to the world. Lets keep this work going!

    ReplyDelete
    Replies
    1. LOL another one wanting in on the password sniffing

      Delete
    2. He has said you can enter a fake password or are you just a mad dev that wants to rip people off after charging for the app itself?

      Delete
    3. 99% of people will put in their real password, you know that right?

      Delete
    4. Am the original poster and in reply to [AnonymousJuly 14, 2012 9:44:00 PM]

      I own servers, you think am interested in going through all these fake passwords to find a working one in order to... what?? honestly i can't think what's the point? download your past apps? buy porn? buy more iphones??

      I hope you know that if you log into an iTunes account in a new device you need to verify the CVV digits.

      Just GTFO.

      Delete
    5. Shut up hacker u just want to steal passwords, what's in it for you to give your servers away?

      u know many passwords also work for iCloud, not just the app store. stop pretending that ur dumb.

      Delete
  39. someone tried it in TopEleven today or yesterday and was successful?

    ReplyDelete
  40. It is upto the user to choose if they want to use this hack.

    Why are the developers so mad , there are other iap bypass program for jailbroken phones .

    ReplyDelete
  41. Is it truth what this article is saying? Or is it a next trick of developers? I am anyways a but cleared!

    http://littleskylark.com/blog/in-app-purchase-hacked-by-zond80-possible-negative-effects/

    ReplyDelete
  42. I'm so proud of this guy for doing this :)
    Apple are assholes being mean! Apple should have better security! It's not this guys fault that apples security is shit! They should be thanking him for making apple aware!

    I would give this guy the best blowjob in his life for what he has done! Honestly, he would dream about it for the rest of his life, that's how much effort I would put in! He would be forever on a journey trying to find such a good blow job again but he would never succeed in finding it because most blowjobs are done without passion, I am so passionate about what he has done for the iOS community that I'd suck that thing like a vacuum with a virgin vagina as the vacuum nozzle!
    . You know how people say when your in a fight, and one little guy is angry at the other guy for sleeping with his girlfriend or something, even if the guy who was cheated on is a small little 90 pound weasel, and the other guy is a 300 pound bouncer, often anger wins, the little dude is SO angry that he beats the shit out of the jock because the little guy is filled with rage and angry passion..

    Well that's what it'd be like with me... The passion Im feeling would just make these magical blow job skills come forth, and I'm already great at blowjobs! I've been told by every boyfriend I've ever had that I am the best blowjob giver they've ever had! Even a guy who was in his 30s that has been with lots of experienced women! (I'm only 19) So I would be like the messiah of blowjob givers,
    My mouth would be like a warm tight place for your cock to park, like a good parking spot.
    I would be your slave for the night, whatever you want me to do, I'd do it .. Lick and suck your balls, lick your bum, ANYTHING to show my appreciation for being such a sexy intelligent man :)
    And the fact that you like video games is a huge plus! Then maybe after you ejaculate 10 times, we can play smurf ville together and get free smurfberries (but then I'd get turned on again and get back to sucking ) I want to suck the cum out of you like a yummy vanilla milkshake and make sure not a drop is wasted without first being tasted :)

    ReplyDelete
    Replies
    1. wow ... just wow...

      Delete
    2. Wow man that's exciting. How about you blow him off while I force my 8" cock into his tight raspberry hole without lube?

      can you imagine that pirate cum filling your belly very quickly while i rape his insides? good no? you could suck off my dog as a dessert too.

      Delete
    3. Oh god, i've just got a boner lol

      Delete
  43. Just publish the source dude, Apple cannot ban all IPs out there... Anyone can get a VPS for 5bucks a month and share that with his buddies. Make it open source and no one can stop this ;))

    ReplyDelete
    Replies
    1. no one can stop this? the hack is not working anymore, apple already changed the purchase process. you dont know what you're saying. hackers always have a short time to enjoy their work because what they do is definitely ILLEGAL. too bad you're late. :p

      Delete
    2. May be you don't know what are you saying?
      Why iAPFree is still working?

      Delete
  44. As he been arrested yet?

    ReplyDelete
  45. кто нибудь напишите по русски,этот взлом закрылся?

    ReplyDelete
  46. Apple is not fair! Cloudon is not offered in may countries, hence apple to apple only

    ReplyDelete
  47. cannot connect to server.

    ReplyDelete
  48. hi anybody,
    why this hacker not jailed for this?
    is this legal?

    just curious to know answer.

    ReplyDelete
  49. This has created havoc in Apple. Now when I tried to update an already purchased applications, it is asking do u want to purchase this application.

    This is insane. I have already purchased this application and I'm just upgrading.

    ReplyDelete
  50. Hi,ZonD80
    Tks 4 your great building.
    I am form china. I cant use your program. Always open the store of games that get error messages "cant connect network". Please help me to solve it.
    Tks a lot.

    ReplyDelete
  51. IAP cracker works fine on CSR racing.

    ReplyDelete
  52. Well what a great way to play with poor devs lifes. Most of these devs (Including myself) making a living out of this. We have kids, We have a family to feed. Good work asshole hope you get sent to a prison where you get raped by inmates.

    And all the bitches stealing our shit for free please try and get a job and use your money to pay for it if you REALLY like our apps and the in-app purchases. We least have a JOB.. if you don't like in-app purchases why not DELETE our apps?

    Also good luck sending your login details to a "Russian hacker" who said we dont login details "FOR NOW" Right ill trust them.

    Yes go ahead donate him $10 but dont pay us $1 for something we spend time creating for your sorry asses.

    Fuck you all !

    ReplyDelete
    Replies
    1. fuck you developer

      Delete
    2. Fuck you hackers ;) How is it you can afford overpriced Apple gadgets but can't be bothered to pay 99 cents for dev's hard work?

      Delete
    3. I have to aggree with the devs here. They're hard working. Apple deservs to be fucked up with becuase Apple is like the most faggot company ever, but you fuck up with the devs.

      Delete
    4. Also, to those who said "fuck you developer": are you autistic or what? Do you fucking now how much time could developing an app costs?

      Note to faggots who want to reply something "fck you greedy capitalist": I'm a developer for onlnie platforms (so not Apple) in PHP language and most of my apps are released reely with source, under Creative Commons license, but that's only me. And I know how much could making an app cost. So please, respect those guys as well, $0.99 is not that much either.

      Delete
  53. เกรียน :)

    ReplyDelete
  54. Replies
    1. Dont ever give up soldier!

      Delete
  55. Though i am not a supporter of hacking, I must say mr. zonD's move did work as a wake-up call for apple concerning the appstore's security issues. My only regret is that it eventually went so far as to have apple almost implement serious sanctions and restrictions that would've killed the ipad application developer community if it was implemented.

    ReplyDelete
  56. dear zond80 i have a game in my android smartphone its called little empire i have your app freedom on my phone but it doesnt work in this game but on other games like bike race or subway surfer freedom works why does it not work in little empire??

    ReplyDelete