Architect Posted March 7, 2010 Report Share Posted March 7, 2010 Its a measure of a companies sucess that sooner or later, hackers willl try to crack products. FlexiSPY is no diffrent. There are people out there who have attempted to offer cracks and hacks, but as yet,we have not come across anything that actually works. Sure, you see FlexiSPY on torrents and so on, but just examine the file extensions and file size, and you will soon see that that whats being offered is a trojan virus that installs on your PC. If you are vile enough to try to steal our products, then we have no sympathy if your computer is turned into a spam automaton for Viagra retailers ;-) However, nothing is impossible, so if anyone actually knows of a working crack that can be used by the masses, please let us know, and we will pay up to $5,000 for proof that will allow us to shut it down. This offer also applies to any security exposure that may exist in the web account. Your security is of the utmost importance, so help us make FlexSPY the most secure spy phone software around. 1 Quote Link to comment Share on other sites More sharing options...
pow Posted March 11, 2010 Report Share Posted March 11, 2010 To whom do I speak regarding a security hole I've discovered? Quote Link to comment Share on other sites More sharing options...
Tudor Posted March 11, 2010 Report Share Posted March 11, 2010 Well, you can ask any good programmer in Symbian C++: its more easy to code a brand new app. instead trying to crack FlexiSPY or any other compiled Symbian app. Its just not possible. Also there is no app. to get source code from a .sis or .sisx app., no effective (yet) unpacking app. Yes, on the market are a few apps. that pretend they can do the job, as SISWare or UnmakeSIS. Personally I was trying some reverse engineering (ethical hacking) using Siscontent, one of the best app. No way editing apps. All you can do is just deleting Symbian signature, which is making that app. even useless. Supposing that someone can crack FlexiSPY, there is no way to use that app.: nobody can generate a web account on FlexiSPY server. So, no captured events to read on. On the other hand, coding a brand new app. as FlexiSPY is very hard. For FlexiSPY programmers (by the way, they are one of the best I know), it takes few good years to reach the perfection. And you are still thinking of improvements... Being registered on Symbian Foundation Forums, I found out that from 5th of January 2010 they had changing Test Criteria for signed apps. Now its even more difficult to "sneak" some special features of an app. Hacking Symbian is something else. S60 v3 and v5 (OS 9.x) devices can be hacked to remove the platform security introduced in OS 9.1 onwards thus allowing users to install "unsigned" files (files without certificates validated by Symbian) and allowing access to previously locked system files. This allows changing of how the operating system works, allowing hidden applications to be viewable, etc. Until now, there is no app. available for Symbian OS which can stop the OS internal clock and date, as Time Stopper or RunAsDate is doing for Windows. Obviously, the main target for this apps. is to run forever a trial or a time limited app. Please let me know if I'm wrong. Cheers, Tudor. Quote Link to comment Share on other sites More sharing options...
Christian Posted March 12, 2010 Report Share Posted March 12, 2010 To whom do I speak regarding a security hole I've discovered? Hi Pow. If you believe you have found a security risk in any of our applications, we appreciate you not posting it publicly. Instead you can send either a PM or an email to either myself or this forum Admin. We would then investigate your report and follow up with you. Remember that you can always submit a ticket at our official Support Center for any issue, but we are also active here on the forums. This thread should probably be moved over to the customer only general chat area. Please keep in mind that FlexiSPY related general topics are probably better suited to the customer area. Thanks for your continued support! Christian Quote Link to comment Share on other sites More sharing options...
Christian Posted March 12, 2010 Report Share Posted March 12, 2010 Tudor you're very knowledgeable and helpful. I just wanted to say thank you for your active participation. We are very happy to have you as both a Reseller and a forum member! Quote Link to comment Share on other sites More sharing options...
Tudor Posted March 13, 2010 Report Share Posted March 13, 2010 My pleasure, Christian. Really. I'm doing this because I just like it. More than a hobby. It's a kind of passion. Thanks. Tudor. PS: because of FlexiSPY guys I feel sorry because I'm not a coder... Quote Link to comment Share on other sites More sharing options...
Architect Posted March 17, 2010 Author Report Share Posted March 17, 2010 Well, you can ask any good programmer in Symbian C++: its more easy to code a brand new app. instead trying to crack FlexiSPY or any other compiled Symbian app. Its just not possible. Also there is no app. to get source code from a .sis or .sisx app., no effective (yet) unpacking app. Yes, on the market are a few apps. that pretend they can do the job, as SISWare or UnmakeSIS. Personally I was trying some reverse engineering (ethical hacking) using Siscontent, one of the best app. No way editing apps. All you can do is just deleting Symbian signature, which is making that app. even useless. Supposing that someone can crack FlexiSPY, there is no way to use that app.: nobody can generate a web account on FlexiSPY server. So, no captured events to read on. On the other hand, coding a brand new app. as FlexiSPY is very hard. For FlexiSPY programmers (by the way, they are one of the best I know), it takes few good years to reach the perfection. And you are still thinking of improvements... Being registered on Symbian Foundation Forums, I found out that from 5th of January 2010 they had changing Test Criteria for signed apps. Now its even more difficult to "sneak" some special features of an app. Hacking Symbian is something else. S60 v3 and v5 (OS 9.x) devices can be hacked to remove the platform security introduced in OS 9.1 onwards thus allowing users to install "unsigned" files (files without certificates validated by Symbian) and allowing access to previously locked system files. This allows changing of how the operating system works, allowing hidden applications to be viewable, etc. Until now, there is no app. available for Symbian OS which can stop the OS internal clock and date, as Time Stopper or RunAsDate is doing for Windows. Obviously, the main target for this apps. is to run forever a trial or a time limited app. Please let me know if I'm wrong. Cheers, Tudor. Tudor, If you ever need a job in product development or QA, drop me a line!! Your customers must be pretty happy with you as a reseller:D Quote Link to comment Share on other sites More sharing options...
Tudor Posted March 18, 2010 Report Share Posted March 18, 2010 Thank you very much, Architect. I am honored to be invited, to be a part of FlexiSPY team. This is serious, I'll get back to you soon. Cheers, Tudor. Quote Link to comment Share on other sites More sharing options...
china-reseller Posted April 4, 2010 Report Share Posted April 4, 2010 If I can, I will provide a symbian9 pro-x sms (FSXSRS9) of crack instance Quote Link to comment Share on other sites More sharing options...
SKYEYE Posted May 3, 2010 Report Share Posted May 3, 2010 Guys, What's the use for someone to crack the application, if it still submits the data to the FS server? Another thing would be if someone would be able to relocate the traffic from the application to his own server... but then again, if someone's smart enough to hack the app ( or at lease to sniff the traffic and then install some additional app that would relocate this traffic to his server ) and set up that server, won't it be easier for him just to write such app ground up? Quote Link to comment Share on other sites More sharing options...
Architect Posted May 4, 2010 Author Report Share Posted May 4, 2010 Guys, What's the use for someone to crack the application, if it still submits the data to the FS server? Another thing would be if someone would be able to relocate the traffic from the application to his own server... but then again, if someone's smart enough to hack the app ( or at lease to sniff the traffic and then install some additional app that would relocate this traffic to his server ) and set up that server, won't it be easier for him just to write such app ground up? Totally agree with you. However, there were two reasons I posted this. 1. There is always a possibility that the system may have holes that allow security breaches, and in fact, we have already paid out this reward once for a identification of a very minor security hole. We now believe that the system is completely solid. With the introduction of the new architecture in July or August, we will be adding full mobile server communication encryption and also AES mobile data encryption. 2. There are many site that advertise FlexiSPY cracks, which are simply viruses and trojans. With this thread, perhaps those people searching for cracks will read posts like yours and see that its simply not feasible to get a crack for FlexiSPY Quote Link to comment Share on other sites More sharing options...
char Posted November 5, 2010 Report Share Posted November 5, 2010 Its a measure of a companies sucess that sooner or later, hackers willl try to crack products. FlexiSPY is no diffrent. There are people out there who have attempted to offer cracks and hacks, but as yet,we have not come across anything that actually works. Sure, you see FlexiSPY on torrents and so on, but just examine the file extensions and file size, and you will soon see that that whats being offered is a trojan virus that installs on your PC. If you are vile enough to try to steal our products, then we have no sympathy if your computer is turned into a spam automaton for Viagra retailers ;-) However, nothing is impossible, so if anyone actually knows of a working crack that can be used by the masses, please let us know, and we will pay up to $5,000 for proof that will allow us to shut it down. This offer also applies to any security exposure that may exist in the web account. Your security is of the utmost importance, so help us make FlexSPY the most secure spy phone software around. I reported some 5 months ago a security issue. When I googled one of your commends "tbdz", it brought me into this forum where people discussed about the use of flexispy. This put our users at risk. I just checked it again today, again it brough me right into thsi forum like 5 months ago. How could you not fix this issue for so long? Your web site should not disclose too much information on how to use this software, especially detalied command or such. Your forum should be designed in a such way, even there is a link on the wen, when clicked it will bring up the sign-in page, not anyone or everyone can access the forum. The forum can be accessed by none users should be lomited only to the software features and funtionality, not in any details on how to use it and problem/issue users experiencing. Quote Link to comment Share on other sites More sharing options...
Guest Ian Posted November 6, 2010 Report Share Posted November 6, 2010 We allow all users to sign up but we do have areas that only customers can access such as the peer-to-peer support section. I will inform my manager of what you have discovered. Thanks for letting us know. Quote Link to comment Share on other sites More sharing options...
Architect Posted December 14, 2010 Author Report Share Posted December 14, 2010 I reported some 5 months ago a security issue. When I googled one of your commends "tbdz", it brought me into this forum where people discussed about the use of flexispy. This put our users at risk. I just checked it again today, again it brough me right into thsi forum like 5 months ago. How could you not fix this issue for so long? Your web site should not disclose too much information on how to use this software, especially detalied command or such. Your forum should be designed in a such way, even there is a link on the wen, when clicked it will bring up the sign-in page, not anyone or everyone can access the forum. The forum can be accessed by none users should be lomited only to the software features and funtionality, not in any details on how to use it and problem/issue users experiencing. We take your point seriously, and I want to take this opportunity to let you know that we have improved our product so that these public commands are no longer used. Release date for this is around February, when the our products are refreshed using the new architecture ( codenamed Phoenix). Will post more here, and we will be looking for beta testers in January. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.