La herramienta denominada ‘In-Appstore for OS X’ utiliza técnicas de suplantación de identidad (spoofing), instalando dos certificados locales y asignando DNS a un servidor controlado por el hacker que simula ser una réplica del Mac Store con el fin de simular la validación de la compra.
El hacker ha anunciado 8,5 millones de transacciones suponemos la mayoría para el hack de la App Store, lo que aumentará con este hack para Mac.
Apple ya ha enviado a los desarrolladores de iOS una actualización para su sistema de validación que impida el hack, mientras que la solución al de ordenadores llegaría con el lanzamiento del nuevo OS X Mountain Lion.
Os dejamos con la guía de cómo hacer funcionar In-AppStore:
Go back to in-appstore
Getting started to receive your in-app for free on OS X
10.7+ (Lion), 10.6.8 does not have in-apps!
Usage of this manual means that's you agreed with the Terms Of Service
Enabling in-appstore is simple. It takes only 4 steps:
- installation of CA certificate
- installation of in-appstore.com certificate
- changing DNS record in wi-fi settings
- Running application with support of Grim Receiper (to save your original AppStore receipts)
Lets begin!
First
- Export as *.pem
- Format: Page Source
Click twice on first certificate. KeyChain Utility should open. Click "Always Trust", then enter your local credentials and click "Update Settings":
Third
Download Grim Receiper. That's the tool to keep your original receipts in safe place (locally, of course) during you are using in-appstore.com.
Mount, copy Grim Receiper.app to some folder.
Fourth
From this step you can continue, if you already used in-appstore on OS X before.
Open System Preferences->Network and set DNS of your network to the one of following IPs: 94.228.221.10, 91.224.160.136 (more to come):
Select network->Advanced->DNS->Click "+"->Fill IP->Okay->Apply
U're done!
You should run Grim Receiper every time you are using in-appstore.com!
Open Grim Receiper. Click "Just let me do smth". Drag your application where you want to "buy" in-apps on it and on in-app purchase you will get this message:
Click like. Enter random credentials. Enjoy!
Attention
If you see default app-store "Are you sure to purchase?" you ARE NOT CONNECTED TO IN-APPSTORE.COM. Please re-read instructions and try to setup service again.
Project is in beta stage. So there are restrictions:
After "purchasing" you must unset DNS. You can set it again without certificates installation to access in-appstore again. (just select DNS and click "-"):
Help us!
Help the project by bitcoin 15GCBL7gHbf2p8bapozSrZhNaXdrKUWRFF. Thanks.
Go back to in-appstore
Help the project by installing dnsmasq server by this config http://91.224.160.136/dnsmasq.conf
Fuente: muyseguridad