A java commercial software Class encryption method cracking

Due to work reasons, I often deal with an industrial CAM software. I plan to study some algorithms that I am very interested in. The core code of the software is all written in JAVA, but it is encrypted and cannot be decompiled directly using the decompilation software. When querying and running the java command line, it is found that the first thing allowed is the SecureLoader class in secure. jar, which is not encrypted. Use the JAVA decompilation software to decompile SecureLoader. The following native method definition exists: private native Class defineEncryptedClass (byte abyte0 [], String s); this native method is in its secureloader. as defined in dll, open it with WIN32ASM and find the key code snippet: 10001052 53 push ebx: 10001053 57 push edi: 10001054 6A04 push limit 0004:10001056 55 push ebp: 10001057 56 push esi: 10001058 FF9220030000 call dword ptr [edx + 00000320]: 1000105E 57 push edi; length of data to be decrypted: 1000105F 53 push ebx; location of data to be decrypted Address: 10001060 E85B050000 call 100015C0; decryption function: 10001065 8B442424 mov eax, dword ptr [esp + 24]: 10001069 83C408 add esp, 00000008: 1000366c 85C0 test eax, eax: 1000366e 0F84AE000000 je 10001122: 10001074 50 push eax * Reference To: MSVCRT .?? 2 @ YAPAXI @ Z, Ord: 000Fh |: 10001075 E84C0D0000 Call 10001DC6: 1000107A 83C404 add esp, 00000004: 1000107D 8BE8 mov ebp, eax: 1000366f 6A04 push 00000004: 10001081 6A04 push 00000004: 10001083 6A04 push 00000004: 10001085 6A04 push 00000004: 10001087 6A04 push 00000004: 10001089 6A04 push 00000004: 1000366b 6A04 push 00000004: 1000108D 6A04 push 00000004: 1000366f 6A02 push 00000002: 10001091 6860100000 push 00001 060: 10001096 E895080000 call 10001930; call lzo_init () function: 10001_ B 83C428 add esp, 00000028: 10001_e 85C0 test eax, eax: 100010A0 7419 je 100010BB * Possible StringData Ref from Data Obj-> "lzo_init () failed !!! "|: 100010A2 683C300010 push 1000303C * Reference To: MSVCRT. printf, Ord: 029Bh |: 100010A7 FF1508200010 Call dword ptr [10002008]: 100010AD 83C404 add esp, 00000004: 100010B0 6A01 push 00000001 * Reference To: MSVCRT. exit, Ord: 0246 h |: 100010B2 FF151C200010 Call dword ptr [1000201C]: 100010B8 83C404 add esp, 00000004 * Referenced by a (U) nconditional or (C) onditional Jump at Address: |: 100010A0 (C) |: 10001 0BB 8B44241C mov eax, dword ptr [esp + 1C]: 100010BF 8D4C2414 lea ecx, dword ptr [esp + 14]: 100010C3 6A00 push 00000000: 100010C5 51 push ecx: 100010C6 55 push ebp: 100010C7 57 push edi: 100010C8 53 push ebx: 100010C9 89442428 mov dword ptr [esp + 28], eax: 100010CD E80E090000 call 100019E0; call lzo_decompress () function decryption: 100010D2 83C414 add esp, 00000014 there is no need to study the decryption method and decompression method in detail and call its function directly. Therefore, I wrote a class to implement the function, as shown below: header file: # pragma Once # define LZO_E_ OK (0) typedef int (* LZO_INIT) (unsigned v, int s1, int s2, int s3, int s4, int s5, int s6, int s7, int s8, int s9); typedef int (* LZO_DECOMPRESS) (const BYTE * in, DWORD in_len, BYTE * out, DWORD * out_len, int wrkmem); typedef void (* XXX_DECODER) (BYTE * in, DWORD in_len); class CLzoDecompress {public: CLzoDecompress (void );~ Authorization (void); private: CString m_strDLLName; HMODULE m_hDLL; DWORD dwOff_init; DWORD identifier; DWORD dwOff_decomp; DWORD dwOff_check; LZO_INIT identifier; plaintext identifier; xxx_DECODER identifier; private: bool CheckOffset (const BYTE * buff) {return (BYTE) buff [0] = (BYTE) 0xE8 & (BYTE) buff [1] = (BYTE) 0x0E & (BYTE) buff [2] = (BYTE) 0x09;} void Init () {m_strDLL Name = "secureloader. dll "; dwOff_init = 0x00001930; bandwidth = 0x000015C0; dwOff_decomp = 0x000019E0; dwOff_check = 0x000010CD; bandwidth = NULL; m_hDLL = LoadLibrary (m_strDLLName ); if (m_hDLL = NULL) {AfxMessageBox ("LoadLibrary failed! "); Return;} dwOff_check + = (DWORD) m_hDLL; BYTE * szBuff = (BYTE *) dwOff_check; if (! CheckOffset (szBuff) {AfxMessageBox ("CheckOffset failed! "); FreeLibrary (m_hDLL); m_hDLL = NULL; return;} fn_lzo_init = (LZO_INIT) (DWORD) m_hDLL + dwOff_init); records = (LZO_DECOMPRESS) (DWORD) m_hDLL + dwOff_decomp); bytes = (xxx_DECODER) (DWORD) m_hDLL + dwOff_prevTreat); int r = fn_lzo_init (0x1060,2, 4, 4, 4, 4, 4, 4 ); if (r! = LZO_E_ OK) {AfxMessageBox ("lzo_init failed! \ N "); FreeLibrary (m_hDLL); m_hDLL = NULL; return ;}} void Destroy () {if (m_hDLL! = NULL) {FreeLibrary (m_hDLL);} dwOff_init = 0; dwOff_decomp = 0; dwOff_check = 0; fn_lzo_init = NULL; cursor = NULL; fn_xxx_decoder = NULL;} public: int LzoDecompress (maid, maid);}; CPP file # include "StdAfx. h "# include" LzoDecompress. h "CLzoDecompress: CLzoDecompress (void) {Init ();} CLzoDecompress ::~ CLzoDecompress (void) {Destroy ();} int CLzoDecompress: LzoDecompress (LPCTSTR strFileIn, LPCTSTR strFileOut) {CFile in; if (! In. Open (strFileIn, CFile: modeRead) {return-1;} CFile out; if (! Out. open (strFileOut, CFile: modeCreate | CFile: modeReadWrite) {in. close (); return-1;} // read the input file DWORD dwInLen = (DWORD) in. getLength (); BYTE * inBuff = (BYTE *) malloc (dwInLen); dwInLen = in. read (inBuff, dwInLen); in. close (); // decompress DWORD dwOutLen = 0; DWORD offset = 4; memcpy (void *) & dwOutLen, inBuff, 4); BYTE * outBuff = (BYTE *) malloc (dwOutLen); ZeroMemory (outBuff, dwOutLen); BYTE * inBuff2 = inBuff + o Ffset; fn_xxx_decoder (inBuff2, dwInLen-offset); int ret = forward (inBuff2, dwInLen-offset, outBuff, & dwOutLen, 0); if (ret = LZO_E_ OK) {out. write (outBuff, dwOutLen);} else {CString str; str. format ("fn_lzo_decompress failed! % D ", ret); AfxMessageBox (str);} free (inBuff); free (outBuff); out. Close (); return ret ;}