El hacker ruso que hackeó la App Store para dispositivos iOS sigue haciendo de las suyas y bajo un procedimiento similar, ha logrado eludir la seguridad de la tienda de aplicaciones para el sistema operativo de escritorio Mac OS X.

La herramienta denominada ‘In-Appstore for OS X’ utiliza técnicas de suplantación de identidad (spoofing), instalando dos certificados locales y asignando DNS a un servidor controlado por el hacker que simula ser una réplica del Mac Store con el fin de simular la validación de la compra.

El hacker ha anunciado 8,5 millones de transacciones suponemos la mayoría para el hack de la App Store, lo que aumentará con este hack para Mac.

MacStore hack Mac Store hackeada, aplicaciones gratis para Mac OS X

Apple ya ha enviado a los desarrolladores de iOS una actualización para su sistema de validación que impida el hack, mientras que la solución al de ordenadores llegaría con el lanzamiento del nuevo OS X Mountain Lion.

Os dejamos con la guía de cómo hacer funcionar In-AppStore:

Go back to in-appstore

Getting started to receive your in-app for free on OS X

10.7+ (Lion), 10.6.8 does not have in-apps!

Usage of this manual means that's you agreed with the Terms Of Service

Enabling in-appstore is simple. It takes only 4 steps:

installation of CA certificate
installation of in-appstore.com certificate
changing DNS record in wi-fi settings
Running application with support of Grim Receiper (to save your original AppStore receipts)

Lets begin!

First

Navigate Safari to liks with these certificates: First, Second. Save it using CMD+F and selecting:

Export as *.pem
Format: Page Source

Then click "Save" and "Don't Append":

MacStore hack Mac Store hackeada, aplicaciones gratis para Mac OS X

Your desktop should look like this:

Second

Click twice on first certificate. KeyChain Utility should open. Click "Always Trust", then enter your local credentials and click "Update Settings":

Click twice on second certificate and install it just like first one.

Third

Download Grim Receiper. That's the tool to keep your original receipts in safe place (locally, of course) during you are using in-appstore.com.
Mount, copy Grim Receiper.app to some folder.

Fourth

From this step you can continue, if you already used in-appstore on OS X before.
Open System Preferences->Network and set DNS of your network to the one of following IPs: 94.228.221.10, 91.224.160.136 (more to come):
Select network->Advanced->DNS->Click "+"->Fill IP->Okay->Apply

U're done!

You should run Grim Receiper every time you are using in-appstore.com!
Open Grim Receiper. Click "Just let me do smth". Drag your application where you want to "buy" in-apps on it and on in-app purchase you will get this message:

Click like. Enter random credentials. Enjoy!

Attention

If you see default app-store "Are you sure to purchase?" you ARE NOT CONNECTED TO IN-APPSTORE.COM. Please re-read instructions and try to setup service again.

Project is in beta stage. So there are restrictions:

After "purchasing" you must unset DNS. You can set it again without certificates installation to access in-appstore again. (just select DNS and click "-"):