To Top

Apple Fighting Borodin’s In-App Purchase Hack

We had written about how a Russian hacker named Alexey V. Borodin who devised a hack to circumvent Apple’s in app purchase system to download the paid content for free and seems like Apple has already started to feel the heat. Apparently, 30,000 requests have already been served and the numbers are continuing to grow.

Apple has been taking some steps in order to shut down the in app purchase hack that has been unleashed for the iPhone, iPad and iPod touch. The company has been investigating the issue and it appears Apple has taken some initial steps to fight the problem, but hasn’t been visibly successful.

Recently Apple decided to put a ban on the IP address that Borodin’s server was using. The server used to authenticate the in-app purchases bought using the method he devised. The same server collected the information listed below:

-restriction level of app
-id of app
-id of version
-guid of your idevice
-quantity of in-app purchase
-offer name of in-app purchase
-language you are using
-identifier of application
-version of application

In order to stop damage the hack was doing, Apple went as far as shutting down the original server in order to prevent third party authentication. Apple apparently has also put a copyright claim on the tutorial video that Borodin published containing all the details that are required in order to have the hack working. PayPal has blocked Borodin’s account in connection with solicit donation. Despite all this trouble, Borodin has decided to fight back.

Borodin has outwardly moved the server to a different country as Apple was able to successfully shut down his original servers by compelling his hosting company in Russia. For strange reasons, Apple has decided not to contact the hacker, Borodin, directly. As an answer to Apple’s continued effort to shut him down, Borodin has updated the codes which was used to process the transaction and the new method is a bit tricky to stop for Apple. The new method doesn’t use Apple’s servers to process part of the transaction, but the new off shore servers are able to use its own authentication and transaction process, making it even harder for Apple to put a block on it unless it patches the flaw in its system itself, which is also hard. Despite all warnings from Apple, people around the world continue to use the hack and as requests are pouring in, the servers have already received more than 30,000 requests. The method for hack to work remains the same:

1. Install two certificates: CA and
2. Connect via Wi-Fi network and change the DNS to
3. Press the Like button and enter your Apple ID & password.

It is advised that iPhone, iPad and iPod touch owners to avoid using the hack now and in the future due to the privacy and legal concerns that surround the hack.

More in Apple