Windows Phone Xap File Decompiler
Decompile WP7 xap file from market. Extract its contents using a program like 7zip and then use a standard.NET decompiler. Windows phone xap supporting OS 7.0. I am looking for a tool to extract from a XAP (Windows Phone app) file: Metadata such as version name, libraries, etc String resources Binary resources Dialog.
I am looking for a tool to extract from a (Windows Phone app) file: • Metadata such as version name, libraries, etc • String resources • Binary resources • Dialog definitions • Ideally: decompiled source code Ideally running on Linux, other systems acceptable. Ableton Live 9 Datafileshot. Context: I have released an Android app under the GNU-GPL, and today a user reported that there is a Windows Phone that looks exactly the same, exact same strings etc. I would like to check the strings resources and dialogs in more detail, and even the disassembled source code if possible, to check whether they just re-created the app or just ported it, which would violate the GNU-GPL as they did not release the modified source code.
You are both wrong. On so many levels. Even if someone were to have access to the file system, you still can;t do squat with the XAP, because: 1)Once the XAP is installed on a phone, the XAP is 'gone'. Any XAP downloaded from the marketplace is compiled to its native image (no MSIL!) thus it is nigh impossible to get the source code back at this point. 2)'signed' XAPs from the marketplace can not be 'unsigned' without knowing the microsoft certificate key (well technically, it is possible, but it is a time consuming process to break the encryption through brute force.maybe they asked the NSA to do it?!). 3)Even if someone were to unsign your XAP, they can't do squat with your source code because of 1.
4)You can not sideload (aka use the dev tools to install) a signed XAP. You did something at some point which compromised your source code, if you somehow find your app there. Also, a lot of developers create nice apps and willingly make them available outside the marketplace, to avoid the API restrictions MS placed in the SDK.
That's just crap. We all wish it was true but it's not. You dont know how distribution works, you don't know the purpose of MDIL (Hint: its not to make decompiling more difficult) but claim some weird stuff about spontaneous combustion of xaps and NSA bullshit.
You clearly don't know what's inside the.xap files, so please don't make silly assumptions. Samsung pretty badly messed up with their silly Diagnostics app, but it is not going to go away and atm it is extremely easy to access the.xaps and sideload/analyse them. I think MS should address this - there was a reason why the obfuscator was part of WP7. Also, AppStudio makes it way to easy to dev-unlock phones. For those who don't believe this, get yourself an ativ for a reality check.
It's makes for a very unpleasant experience, unless you believe in open source I suppose. An XAP contains binaries needed for the app to run. There is a difference between a signed XAP and an unsigned one. The unsigned XAP, which is originally produce by visual studio, still has its code in MSIL, and can be easily decompiled if it is not obfuscated. The signed xap, downloaded from the marketplace is all in native code.
Unless someone is really good at disassmebing ARM assembly, there is no way you can get the source code back. I checked the website you were talking about.
The XAPs stored there are mostly homebrewed. Most 'cracked' XAPs are WP7 ones. 'Most' does not imply the other Wp8 are cracked. However, your experience is your experience. If you are convinced you have written a native wp8 app (as apposed to wp7 app running on wp8) and you have not shared it by any other means then you should contact Microsoft directly. Sharing here is good, but if you are convinced of the paper trail of your app then you need to escalate it directly.
It may not be that ATIVS 'hack' exposes apps, it could be the people intercepting the app before marketplace, people working on marketplace, a leak in the marketplace, etc, etc. This forum is probably not the best place to get something like this examined. Contact them.