During the system development and debugging process, it is a "long and painful" process to wait for the system to be released because the need to constantly modify the code leads to the need to constantly publish the system. Is there any way to make the modified code take effect immediately without having to republish the system? Jrebel is a component that solves this problem and is a JVM plug-in that supports hot deployment of Java applications. With Jrebel, you can save a lot of valuable time for programmers.
Jrebel is a good thing, but it can't be owned for free. 10 People team use Jrebel one year, the official website price for $4150, you did not read wrong, is $ not ¥!
Jrebel byte code is confused processing, Google a bit of this information, get some inspiration, try to crack the latest version, crack success.
The crack process is basically the same, the main file is Jrebel.jar, Jrebel.lic. You can use the official website online to apply for 14 days of registration code, to generate Jrebel.lic.
Please do not leave the mailbox for the latest version, self-clothed, here only to provide ideas and methods.
01. Preparation Tools
Anti-compilation tool: Jd-gui
Class library for editing Java bytecode: Javassist
Idea Plugin Jrebel:jrebel Plugin for idea
JRebel Trial Registration Code request online: JRebel
02. Apply for trial registration code
Open the address of the application registration code, fill in the application information, after the successful application will generate a trial registration code, first saved up.
03. Register Jrebel Generate License.lic file
Idea when installation JRebel is complete, open Activation dialog, JRebel, IDE settings, settings, Paste license file from the Clipboard, paste the above trial registration code here. Confirmation will show that the registration was successful, but there is a time limit.
Close idea, Jrebel generated license.lic and installed Jrebel.jar extracted, first put to the C packing directory.
Jrebel.lic path: C:\Users\ Current user name \.jrebel\jrebel.lic
Jrebel.jar path: C:\Users\ Current user name \. Intellijidea13\config\plugins\jr-ide-idea\lib\jrebel\jrebel.jar
04. Decompile and View Userlicense.java
Open Jrebel.jar with the Jd-gui tool, and find the class:com.zeroturnaround.licensing. UserLicense, this is the class that the user license corresponds to. This class also provides three overloaded methods for deserializing (deserialization) UserLicense objects from Url,byte arrays and files, respectively.
Structure of the. JRebel license file
As can be seen from the above UserLicense, the UserLicense class has 5 member variables, the first of which is static, and the last is transient, which are not written to the file when the object is serialized (serialization). So the user license mainly include: signature, License and Datamap.
Use the methods in the class Loadinstance (file Paramfile) to test the license files in the attachment Jrebel.lic, find the deserialization (deserialization) The signature and license in the UserLicense object have a value, and the value of Datamap is null. After analysis, the license is deserialized into the Datamap object, which can be license by the user:
UserLicense UserLicense = userlicense.loadinstance (new File ("C:/jrebel.lic"New ObjectInputStream (new Bytearrayinputstream (Userlicense.getlicense ()));d atamap = (MAP) Ois.readobject ();
Through the above processing, you can clearly see the license information stored in the Datamap:
06. Create a new license file
License information is stored in the Datamap, so you can read the Datamap and modify the value, the simplest way is to directly become full version, or set to a permanent trial.
The trial version of the Datamap key is not all, some key temporarily unclear its role, there are some hidden key.
// Set the print comment at startup Datamap.put ( " comment " , " *** use for study only! * * " Span style= "color: #000000;" >); // set to commercial full version datamap.put ( commercial , " true ); // There are some other hidden fields //
A new license file can be generated by serializing the Datamap into a file.
The following steps can be used to serialize the UserLicense
Newnew ObjectOutputStream (BOS); Oos.writeobject (DATAMAP); byte [] Licensebuf = bos.tobytearray (); Userlicense.setlicense (LICENSEBUF); // Signature: userlicense.setsignature (signature); New ObjectOutputStream ( new Bufferedoutputstream (new FileOutputStream ("C:/jrebel-crack.lic") )); Oos.writeobject (userlicense);
07. Crack Signature Verification
As we all know, the asymmetric encryption algorithm is mainly two uses: one is signed (with their own key signature, the other party with their own public key verification), and the other is encryption (with the other party's public key encryption, the other side with their own key decryption). To crack the signature, I can think of nothing more than the following ways:
A> get the other's key (almost impossible)
B> understand the structure of the license file and then forge the signature. For example: Generate a pair of public and private keys, and then use their own key to sign the license, the signature information into the license, while replacing the original public key with its own public key
C> find the place to verify the signature, so that the verification result is always true (forged license can also be verified), the difficulty is to find the verification of the signature place.
This blog hack is to use this way, but also the most simple way to crack jrebel at present.
To get to the next, simply look at the structure of the user UserLicense's Datamap, and then you need to find out which classes use the UserLicense class (this class is definitely needed to verify the signature). The simplest way to do this is to Jrebel.jar all anti-compilation, Windows case sensitive, prompt for changes, click Rename all, and then find the keyword userlicense
Only a few of the results of the lookup were used in the UserLicense class, and then in these classes the keyword getsignature ()was searched, and after filtering, it was found that only 1 classes were left (in the case of a non-versioned version, the class name would be different after obfuscation).
For Jrebel 5.2.2 Yes: com.zeroturnaround.javarebel.Av
For Jrebel 5.6.2 Yes: Com.zeroturnaround.javarebel.tP
For Jrebel 5.6.3 Yes: Com.zeroturnaround.javarebel.tR
The next step is to let the verification method return true. If you grope carefully, you will find that all return Boolean methods to invoke a most basic method, then we only need to modify this method to return true, that is, modify the use of getsignature () to get UserLicense entity class signature method.
For a class file modification, you need to use Javassit or Cglib or ASM. Here, the class file is modified using the Javassit method, and other modifications to the class method are studied.
08. Modify and generate a class file using Javassit
Download the Javassit jar package, create a new Java project in an IDE like NetBeans, and import the Javassit.jar. Create a new Main.java, take Jrebel 5.6.3 as an example.
Importjavassist. Classpool;Importjavassist. Ctclass;Importjavassist. Ctmethod; Public classMain { Public Static voidMain (string[] args)throwsException {Classpool pool=Classpool.getdefault (); //Get the jar file you want to decompile, set the pathPool.insertclasspath ("C:/jrebel.jar"); //get the file you want to decompile and modify, note the full pathCtclass cc1 = Pool.get ("Com.zeroturnaround.javarebel.tR"); //5.6.2 Ctclass cc1 = Pool.get ("Com.zeroturnaround.javarebel.tP");Ctclass[] params =NewCtclass[2]; //method corresponding to the parameterParams[0] = Pool.get ("Com.zeroturnaround.bundled.org.bouncycastle.crypto.params.RSAKeyParameters"); params[1] = Pool.get ("Com.zeroturnaround.licensing.UserLicense"); //get the method you need to modifyCtmethod method = Cc1.getdeclaredmethod ("a", params); //inserting the modifier, we let him return true directly (note: Returns true based on the specific return value of the method, because the return value of this method is Boolean, so the direct return is correct;)Method.insertbefore ("if (1!=0) return true;"); //Write SaveCc1.writefile (); //jar UVF Jrebel.jar com/zeroturnaround/javarebel/tr.class }}
After a successful run, the class file of the corresponding package name will be generated in your new project directory, and the generated Tr.class will be opened with Jd-gui to discover that our code has been added successfully.
09. Replace the class file in the jar package
Replace the jar package under the class file, many people will think of directly with WinRAR open replace, in general case, is feasible, but if the code of this jar is confused, there will be different case, the file name is the same, under WinDOS the file name is not case-sensitive. If you replace it directly with WinRAR, you will find that the replacement is not the one you want to replace.
Now there are 2 scenarios that can be done:
A> the jar package in Linux and replace it with a jar. This is more troublesome.
B> can be replaced directly with the Java Jar tool.
Jar UVF Test.jar Test.class
This will directly add the Test.class directly to the root directory of the jar package.
Jar UVF Test.jar Com/test/test.class
This allows you to replace the class file for the corresponding directory.
It should be noted here that the Test.class must be placed under the Com/test file, to correspond to the path of the jar, otherwise it will not find the file or directory, the jar package and the parent of the COM folder in the same directory.
Go back to the top-level package folder of the Tr.class we generated, using the cmd command jar UVF Jrebel.jar com/zeroturnaround/javarebel/tr.class Replace the Tr.class in the original jar package
10. Replace the corresponding file in the idea plugin
Replace our generated Jrebel.jar and jrebel.lic with the original file, and the resulting jrebel.lic can also be copied to the directory where Jrebel.jar is located.
Restart idea and you will find that Jrebel has been cracked successfully!
Intellij idea JRebel 5.6.3 manual hack method