Removing Ads from Windows8 Apps

Two days ago I upgraded to Windows8 (Thank you Microsoft for your MSDNAA Platform!)
And to my suprise I actually like it a lot, especially the ease of installing applications through the Windows 8 Store. However what I didn’t like was that most free apps feature ads now, it’s pretty much: “Buy the app or get annoyed by ads!”
For this article I will be using the Windows8 version of the twitter-client named “metrotwit” – sorry to the folks at Pixel Tucker for using your app to illustrate this ‘issue’! But metrotwit is a great, beautiful and slick looking client and I can only recommend using it!
[Edit: I do admit that my original intention was to see if I could remove ads, but this article is not supposed to just show how to remove ads, it's more like a call for attention that the new system is not secure at all by illustrating the ease of modifying (almost) any app!]

So I did a little searching to see if I could locate the app and modify it, those were my steps how I removed the ads:


Step 1: Searching the Registry


Bingo! – There is the location of all Windows8 Apps!

 

Step 2: Taking ownership of the app-folder


Unfortunately I am not able to edit stuff in the app-folder right away, so I took ownership of the folder:

 

Step 3: Locating the files to modify


Within the folder of the metrotwit app there were quite a few files and folders, one that caught my attention was a folder called “views”. Inside the views-folder were a bunch of XAML-files, including one called “MainPage.xaml”.

 

Step 4: Editing the file


I opened MainPage.xaml and search for the term “Upgrade to Pro”, this was the label right below the ad. After that I located the visibility-property for the ad-container I just changed the binding to the variable “VerifiedProUser” – which I was not! :-) (see screenshot below) – the ads were gone! Other ways to removed the ads that have proven to work:

  • Set the width&height of the ad-container to 0px 0px
  • change the dom-location of the container so the element is blocked by other elements

But there are certain restrictions when editing those files, that I found out about:

  • The filesize has to stay the same, since there is a checksum of each file listed in the ‘AppxBlockMap.xml’ that is checked every time the application is launched. I was not able to regenerate the checksum, it uses the SHA256 algorithm but apparently with a salt to it, which was too much of a hassle for me to figure out
    UPDATE: I was messing around with some apps a little more today and just found out that you can remove just anything from the ‘AppxBlockMap.xml’ or delete this xml-file entirely => If no ‘AppxBlockMap.xml’ is present, no files will be checked for their checksum, which means that you can now freely add or remove code from any files without worrying about the filesize: Well done Microsoft!
  • If the XAML-Object contains an ‘x:Name‘ it cannot be commented out, this will cause the app to throw an error and not launch

The final step was saving the file and starting the application, and there you go: The ads were not visible any more!

I have tested this with several apps and with every app it was a fairly easy goal to accomplish.
What can developers do to prevent this? I’d say the question is: What should microsoft do to prevent this?
However, as a developer I would consider adding certain methods that check the visibility and location of an ad every couple seconds – I have not yet looked into modifying app-logic but I’d imagine this is not as easy as modifying a simple XAML-view.
Or developers can use C++ as this would require a disassambler to get to the source and even then it would be hard to modify stuff…or at least a lot harder than with XAML files.

Thoughts on this are welcome!

Update #2: Obviously there is a tool available that let’s you upgrade trial-versions of app to full-versions for free with on click of a button. I have not tested that tool yet nor would I encourage anyone to use it. But there is no doubt that many users will do so as it gains popularity(can you blame them?). But Microsoft should act quickly.

Update #3: As I got some feedback from people saying “it’s not nice to rip off developers [ect...]” – I do agree! But the point here goes way beyond that: If I am able to modify an app within 15 minutes – then a virus will be able to do the same. Imagine a virus adding some lines of code to the application logic and the next time I use the application all my data(that is accessible by the application) could be sent to an evil server – just to give one brief example.

  • Pingback: German developer makes it easy to remove ads from Windows 8 | MyCE.com

  • Pingback: Advertenties eenvoudig uit te schakelen in Windows 8-apps | fanSte.nl

  • http://wp7.resonance-studios.com molbal

    Eerm, this is called ‘Reverse engineering’, xaml is a part of the source and it is highly recommended not to mess with it. I think it’s also in every legal agreement that we must accept. If it was my program, I would be furious and ask for the immediate removal of the article.

    You should definitely ask MetroTwit guys first!

    (Otherwise it’s a good article :) )

    • olsn

      Thanks for your comment :)
      I see your point and I was also wondering if I should include a real example to illustrade this or not, but this article is not intended to be a tutorial on how to remove ads for one specific application, even if it can be seen as such – I could have used just any application – I just used this specific app to point out that it is way too easy for practically ANYONE to modify anything in any app (if it’s written in html5) without deeper inside knowledge.

      You’re not limited to just remove or modify code, you can also add code and viruses could add malicious code…ect

      • http://wp7.resonance-studios.com molbal

        Thank you for your reply! I saw Long’s reply and now he says it’s OK, I think I might be too strict. I tought Windows Store apps are compiled and cannot be decompiled. I don’t know how Microsoft tought it’s OK like this.

  • http://www.metrotwit.com Long Zheng

    Hi. Long from MetroTwit here.

    As much as I would discourage people from doing this, you do highlight a good point which is that Windows Store apps are not protected at all installed onto user’s computers.

    This is bad for two reasons
    - The application code can be viewed and decompiled. This is an inherit problem in most managed platforms.
    - A third party (not a user but a malicious app with root access) could potentially modify the code of any installed application

    Thanks for the kind words about MetroTwit :)

    • olsn

      Hi,

      thanks for your reply!
      I have to admit that my original intention was to see if I could modify apps that are written in html5 (to unlock paid upgrades in games or to remove ads), but since I’m a developer myself I was quite shocked how easy it was to modify everything. If I had my own W8 application I would have used that one to illustrade the issue, but I’m glad you don’t mind using MetroTwit (sorry for not asking ;-))

      I was using MetroTwit on W7 before I upgraded wo W8 and it was more or less the reason for me to use twitter more actively, so keep on making great apps like MetroTwit! :)

  • evestraw

    but if the app was 1 or 2 dollar, would it be worth the hassle?

    i think the best way to prevent this is to have lower prices that you don’t even have to think to buy it you just do it, you dont even think to pirate it cause why bother to work for 2 dollars

    • olsn

      It is not! And I would not encourage anyone to use this to method just for the sake of being respectfull to the creator of the application!
      Besides: There is a tool available that let’s you upgrade any trial app to paid app for free (I have not testet it, I just read about this tool on other blogs)
      But the bigger issue here is the security of the user!

  • JasonE

    This is NOT a security issue. If an application has acquired the ability to read the registry, access the ProgramFiles\WindowsApps directory, take ownership, then edit the contents… then you were already OWNED…. This is like saying that once a burglar is IN MY HOUSE and HAS THE KEYS to all the doors, safes, etc (i.e. ADMIN access)… look what he can do to my valuables!!! IF anyone has a scenario where an application can gain FULL administrator access through a programmatic method (not a social engineering hack).. that is a serious issue which Microsoft takes very seriously.
    See: http://www.technologyreview.com/view/412510/inside-microsofts-security-updates and http://blogs.technet.com/b/msrc/

    • JasonE

      Follow up… I will say this is an ethical issue regarding stealing money from the developer of the software. This is the same issue that has plagued “Pay for” software since the beginning. Game and software patches that edited the assembly of a given binary to bypass security or activation checks, so the user can get more than the trial version is one factor. The other is that a given developer has said “I can make a living if you either 1. Pay for my software, or 2. Let me get paid by advertisers for the software”. If you choose to hack past the software protection for the reason of getting the “Pro” version without paying you have said “Dear developer, your effort was not worth the cost of your software”. The software that downloaded, liked enough to continue to use, liked enough to spend the time to hack out the ads, the software that was in the price range of 99 cents – 10 dollars…. hmmmm… Paying for software is how you show the maker you value their efforts.

      • olsn

        I agree with you on that one, that it’s “wrong” to do it – I’m a developer myself and I also would want all the people who use my software to pay for it or use the ads! – but the fact is, that a huge group of users won’t care about ethics or morals regarding the purchase of an app and tbh: I don’t think you can blame them if they choose “Hey, I can have it free by the click of a button, why should I pay money?!” – And for that reason I think Microsoft could do a better job making it more difficult to unlock or modify Apps, or at least in my opinion that’s what I would expect when paying $49 to register as a developer that my apps do get at least some decent protection and not a protection that equals zero.
        Another point is: Microsoft SHOULD care about this issue, since they’re loosing money as well if people upgrade to full versions for free or remove ads!

  • Pingback: All Tech Talk » How To: Remove Ads from Windows 8 Apps

  • BrianT

    Bottom line: Everything you can do in XAML you can also do in C# or C++. It is more hard work doing it that way but it can be done. Implement the adverts completely in code and it is much harder to remove them

  • KS

    This looks like it is easy to fix, but fixing it brings a performance penalty.
    The XAML files come from the XAP? This means you’re changing the intermediate files (which are not secured properly)
    I predict this will be a moving target
    - MS fix: check on intermediate files at startup from the XAP
    - Hackers attacking xaml files between startup check and application start
    - MS fix: check on intermediate files at load time
    - Hackers injecting code in the system API which will allow changes to the XAML
    - I can see Microsoft moving the intermediate files to a more secure filesystem.
    As long as executing code is changeble under x86 or system dll’s can be changed, this could be hacked. RT should be reasonably secure, because of it’s closed system.

  • Calvin

    How did you gain ownership of the folder anyway?

    • olsn

      That was about 3 or 4 clicks, it works the same way like any other system folder
      If you need instructions: Google will be full of that ;)

  • Alex

    Hi, which file is edited by the automatic tool? I haven’t found it..

    There is a way for a developer to fix this bug in anyway?

    P.S I’m a developer

    • olsn

      Developers can ad ads via the application logic and not via the layout-files, this is a little bit harder to decompile.

      Also you could ad periodic checks if certain dom elements are where they should be and if there are additional elements in some places.

  • deepak

    i tired doing the same, but i think the newer version has some changes ! cudn’t find the upgrade keyword anywhere inside files of VIEW FOLDER !

    any help?

    • olsn

      This article was not supposed to be a detailed tutorial that tells you every single click to remove ads for one specific app. It outlines the basics steps that can be used to modify any application with the example of removing an ad.

      I don’t intend to harm good, honest working developers. So This might sound harsh: If you cannot completely figure it out how to do things like that, you should maybe buy the app or support the developers by accepting ads.

  • fred

    Hmmmm I just got w8pro and there are ads. Looking at the top of this article was I wrong to assume that the non-Pro versions were the only ones with ads or am I being a bit slow?

  • nanuk

    hi can i copy a app from the windowsapps folder from my main computer and put it on my laptop without d/l it again?

    • olsn

      I believe this is not possible, as you will need the registry entries, you could try to copy those as well – if you had the app installed before it might work if the app doesn’t check for the version itself.

  • James

    Hi,

    I have no problems at all with paying for apps that I like in order to get rid of apps, BUT the ones that are driving me crazy are the BUILT IN Microsoft apps which have ads, like weather, etc. What the hell are they doing there? I BOUGHT the OS, it’s not free!

    Unbelievable.

    Along with the car-crash of a GUI, or should I say about 5 GUIs competing with one another and confusing the hell out of me, I’m soooo glad I have a Mac to go back to. So long, again, Windows.

  • Pingback: How You Could Remove Ads from Windows 8 Apps (And Even Unlock Paid Apps for Free) - Science & Tech | Tech wikiHow

  • Stephen

    Seems it does not work on Windows 8.1. Had an app changed successfully on Windows 8, after upgrading to Windows 8.1 the OS said the app is currupt. Had to re-install it. And now even with admin rights and being owner of the directory I can’t save the changes. Notices it on Windows 8.1 RT.

    Can you confirm this?

  • Nuts

    Bought my computer and the OS Windows 8 64-bit so it should not be covered with ads, Thanks for this guide :) I did upgrade to 8.1 but didn’t like it so went back to 8.
    Also disabled fast startup and added a 10 second timer to the bios/uefi so I can access the boot menu to click F9 then clicks on Fedora 20 and boots up to that :)
    So soon I might just get rid of the Windows Spam all together and just use Linux on my new HP Touch, and Touch works on Linux too :D
    Freedom and piece of mind ;-)

  • http://www.twitter.com/BobbyWibowoB Bobby Wibowo

    I don’t know why. But it seems to be impossible at Windows 8.1 to edit the file. I changed the owner to my account, but it seems to be impossible to edit anyway.

  • aditya sai

    hello i have developed an app which when i submit is showing me some adds at the bottom. how to resolve/remove adds from my application. will the above method suits to do so? if so where to find “AppxBlockMap.xml” file? in my app package