[Reprint] talking about Java program cracking

By galaxypilot)
Statement: If reposted, ensure the integrity and source of the article.

I am interested in cracking Java programs recently. I have practiced some software in several industries, and I have some tips to share with cainiao! Note that it is just a bit of experience,
This article does not involve software cracking. For beginners to crack, mistakes are inevitable. Please enlighten me!
Go directly to the topic and start with the following aspects for Java:

I. Decompilation
There are many tools and GUI tools are used. The Jad under the command line can easily terminate the entire file because it cannot decompile a method or a line of code.
Compilation, but the GUI tool can handle it. Although some code after decompilation is difficult to understand, it is much better than JVM. In addition, most GUI tools have
The batch decompilation function makes it easy to store decompiled files directly with the. Java suffix.
Ii. method call
Developers with high security awareness will confuse their programs with high quality. The following is an example.
Public static object getremoteejbhome (string oooooo00oo0o0o0oooooo, class oo0ooo0o0o0oo0o00oooo)
Throws namingexception
{
Try
{
If (ooo0o0o0o0oo0oo00ooo0 = NULL)
Ooo0o0o0o0oo0oo00ooo0 = oooooooo0oo0oo0oo0o ();
Object oooooo00000ooo0o000 = portableremoteobject. Narrow (response. Lookup (oooooo00oo0o0o0oooooo), oo0ooo0o0o0oo0o00oooo );
Object OBJ = oooooo00000ooo0o000;
Return OBJ;
}
Catch (namingexception oo0ooo0ooo0oo0oooooo0)
{
System. Out. println (oo0ooo0ooo0oo0oooo0. getmessage ());
Throw oo0ooo0ooo0oo0oooo0;
}
}
This is the best obfuscation effect I have ever seen. variables are composed of case-insensitive O and digits, and it is basically impossible to understand such a program.
People will think of replacement with meaningful variables. Of course this is also a method, but if the class file that the application includes is written, the workload
Is quite large. B/S structure authorization is generally in the form of files, of course, it must be encrypted. Like the license below
The asymmetric encryption algorithm makes it easier to analyze the composition of the license. The public key is directly written in the class file.
Bytes
Bytes
D75c207f68baa352f550d8f19876ffa255864fde8a7e5939202e9f
So we can use eclipse to create a Java project, add the jar of the application to the library search path of the project, and write a class to call the decryption method.
Analyze the plaintext license again. Of course, you can also call other methods. From the call parameters and the final return values, we can probably guess the role of this method,
It is also useful to deal with high-quality obfuscated code. Of course, I just give two simple examples here. In fact, there are still many wonderful uses of "method call,
Take it easy!
3. Add code for the class
In most cases, decompilation only allows us to look at the author's ideas. If we want to modify the decompilation code and then compile it into a class
It does not work. In addition, sometimes the program must run in its own environment. Otherwise, some classes cannot be correctly initialized and "method calls"
It does not play any role. Those who have worked on Java must know Javassist. This Library provides enough methods for you to directly modify the class file
You Need To Know About bytecode. We can use this library to solve the above problems. The following is a Class I wrote to modify bytecode.
Complete. You may need to make some modifications as needed.
Import java. Lang. Reflect .*;
Import ipvsist .*;
Import java. Io .*;
/**
* <P> title: Java bytecode modification class </P>
* <P> Description: obtains information about the class or modifies the class. </P>
* <P> copyright: Copyright () 2005 </P>
* @ Author pilot
* @ Version 1.0
*/
Public class modifyclass {
Private Static int call_method;
Private Static string _ class;
Private Static classpool pool;
Private Static ctclass cc;
Private Static string [] CLAS;
/**
* Method for modifying bytecode
* @ Param CLAS [0] Method Name of the class to be modified
* @ Param CLAS [1] modify location Definition
* @ Param CLAS [2] specifies the line number parameter when code is inserted using the insertat method.
* @ Param CLAS [3] modify content
* @ Return
*/
Private Static void modifymethod ()
{
String _ method;
_ Method = CLAS [0];
Try
{
Ctclass [] Param = new ctclass [4];
// Param [0] = pool. Get ("");
// Param [1] = pool. Get ("");
// Param [2] = pool. Get ("Java. Lang. String ");
// Param [3] = pool. Get ("Java. Lang. String ");

Ctmethod CM = cc. getdeclaredmethod (_ method );
If (CLAS [1]. tolowercase (). Equals (""))
{
// Add code to the end of the Method
Cm. insertafter (CLAS [3]);
}
If (CLAS [1]. tolowercase (). Equals ("B "))
{
// Add the code to the method Header
Cm. insertbefore (CLAS [3]);
}
If (CLAS [1]. tolowercase (). Equals ("I "))
{
System. Out. println (CM. insertat (integer. valueof (CLAS [2]). intvalue (), Clas [3]);
}
Cc. writefile ();
}
Catch (exception E)
{
E. printstacktrace ();
}

}
/**
* Add a method to the class
* @ Param CLAS [0] source method name
* @ Param CLAS [1] New Method Name
* @ Param CLAS [2] adds a type.
* @ Param CLAS [3] Method Content
* @ Return
*/
Private Static void addmethod ()
{
String _ oldmethod;
String _ newmethod;
_ Oldmethod = CLAS [0];
_ Newmethod = CLAS [1];
Try
{
Stringbuffer newmethodbody = new stringbuffer ();
If (CLAS [2]. tolowercase (). Equals ("C "))
{
// Add new method (copy)
Ctmethod oldmethod = cc. getdeclaredmethod (_ oldmethod );
Ctmethod newmethod = ctnewmethod. Copy (oldmethod, _ newmethod, CC, null );
Newmethodbody. append (CLAS [3]);
Newmethod. setbody (newmethodbody. tostring ());
Cc. addmethod (newmethod );
}
If (CLAS [2]. tolowercase (). Equals ("R "))
{
// Add new method (create)
Ctmethod newmethod = ctnewmethod. Make (CLAS [3], CC );
Cc. addmethod (newmethod );
}
Cc. writefile ();

}
Catch (exception E)
{
E. printstacktrace ();
}

}

Private Static void getmethods (){
Ctmethod [] CMS = cc. getdeclaredmethods ();
System. Out. println ();
System. Out. println (CC. getname () + "all methods of the class :");
For (INT I = 0; I <cms. length; I ++)
{
System. Out. println (CMS [I]. getname ());
}
}

Private Static void getfields (){
Ctfield [] CFS = cc. getdeclaredfields ();
System. Out. println ();
System. Out. println (CC. getname () + "all attributes of the class :");
For (INT I = 0; I <CFs. length; I ++)
{
System. Out. println (CFS [I]. getname ());
}
}

Private Static void delmethod (){
Try {
Ctmethod CM = cc. getdeclaredmethod (CLAS [0]);
Cc. removemethod (CM );
} Catch (exception e ){
E. printstacktrace ();
}
}
Public static void main (string [] ARGs ){
Stringbuffer Buf = new stringbuffer (500 );
Int C;
System. Out. Print ("Enter the operation class name :");
Try {
While (C = system. In. Read ())! = 13 ){

Buf. append (char) C );
}
_ Class = Buf. tostring ();
Pool = classpool. getdefault ();
Cc = pool. Get (_ class );
Buf. Delete (0, Buf. Length ());
System. out. println ("************************************* **********************");
System. Out. println ("available methods :");
System. Out. println ("1-modifymethod, 2-addmethod, 3-getmethods, 4-getfields, 5-removemethod ");
System. out. println ("************************************* **********************");
System. Out. Print ("select the call method :");
While (C = system. In. Read ())! = 13 ){
If (C = 10)
Continue;
Buf. append (char) C );
}
Call_method = integer. parseint (BUF. tostring ());
If (call_method = 1)
{
System. out. println ("************************************* **********************");
System. Out. println ("Call modifymethod method parameter :");
System. Out. println ("method name, insert location, row number, content ");
System. out. println ("************************************* **********************");
Buf. Delete (0, Buf. Length ());
While (C = system. In. Read ())! = 13 ){
If (C = 10)
Continue;
Buf. append (char) C );
}
Clas = (BUF. tostring (). Split (",");
Modifymethod ();
}
Buf. Delete (0, Buf. Length ());
If (call_method = 2)
{
System. out. println ("************************************* **********************");
System. Out. println ("Call addmethod method parameter :");
System. Out. println ("source method, target method, creation method, content ");
System. out. println ("************************************* **********************");
Buf. Delete (0, Buf. Length ());
While (C = system. In. Read ())! = 13 ){
If (C = 10)
Continue;
Buf. append (char) C );
}
Clas = (BUF. tostring (). Split (",");
Addmethod ();
}
If (call_method = 3)
{
Getmethods ();
}
If (call_method = 4)
{
Getfields ();
}
If (call_method = 5)
{
System. out. println ("************************************* **********************");
System. Out. println ("Call removemethod method parameter :");
System. Out. println ("method name ");
System. out. println ("************************************* **********************");
Buf. Delete (0, Buf. Length ());
While (C = system. In. Read ())! = 13 ){
If (C = 10)
Continue;
Buf. append (char) C );
}
Clas = (BUF. tostring (). Split (",");
Delmethod ();
}

} Catch (ioexception IOE)
{
System. Out. println ();
IOE. printstacktrace ();
System. Exit (0 );
}
Catch (notfoundexception NFE)
{
System. Out. println ();
NFE. printstacktrace ();
System. Exit (0 );
}
Catch (numberformatexception NFE)
{
System. Out. println ();
NFE. printstacktrace ();
System. Exit (0 );
}
}
}

The modifymethod method is used to insert one or more lines of code in a specified method of the class. When the parameter is A, it indicates to insert the line at the end of the existing Code of the method. When the parameter is B
It indicates inserting at the beginning of existing code in the method. When I is used, the table is inserted before the specified row of code. This row has no relationship with the row in the original code and the Insert Location.
The value returned for I is the actual insertion position. You can calculate the I value based on the actual insertion position. Found in actual cracking,
After inserting some code with this method, it will make the unreadable code of the original decompilation easier to understand. Of course, it may also make the code that is originally highly readable,
It becomes unreadable because you have inserted some statements. I often insert some system. Out. println () in the code of key methods to track
Program. You cannot directly use the Print Output Method to output local variables in the method body, but you can reference global variables.
If you want to operate on local variables, the method I know can only be re-built in this class. If there are other good methods, please give me some advice.
Addmethod adds a new method to the class. There are two ways to add the method, so we will not introduce it here.
Other methods will not be explained one by one. If you are interested, you can study Javassist. I believe you will write a class library with more powerful functions to modify the class file.
Iv. Class Modification
The RSA asymmetric encryption algorithm is often seen in the Process of cracking. The public key is often stored in the class file in hexadecimal notation (of course, there are also
To decrypt the encrypted information. A J2EE development platform that was recently cracked is like this. The license is encrypted with RSA,
After you understand the algorithm, you can build the license plaintext and generate a pair of RSA public/private keys. Then, you can use your own private key to encrypt the license civilization using RSA,
Use the hexadecimal editor to replace all the public keys in the program. (Of course, you can replace the public key with your public key, or you won't be able to decrypt it. Of course,
I am only talking about one aspect. Sometimes, some JVM commands may be used in the case of brute-force cracking. For example, you want to make a return false method return ture
Then you have to change the 03 AC at the corresponding location to 04 AC. You don't need to say it if you are sure about the location!
5. Read JVM commands
There is nothing to say. If you want to understand the process from JVM commands, you must be familiar with the JVM instruction set like a familiar assembly. You also need a tool to translate the class
Can't I use a hexadecimal editor to read the JVM instruction code? If so, you will be awesome. Here I will introduce the bcel tool, which can take the class
The result is as follows:
0 getstatic system. Out ljava/IO/printstream;
3 LDC "is one"
5 invokevirtual java. Io. printstream. println (ljava/lang/string;) V (string): void
8 getstatic system. Out ljava/IO/printstream;
11 LDC "is two"
13 invokevirtual java. Io. printstream. println (ljava/lang/string;) V (string): void
16 getstatic system. Out ljava/IO/printstream;
19 LDC "is three"
21 invokevirtual java. Io. printstream. println (ljava/lang/string;) V (string): void
24 getstatic system. Out ljava/IO/printstream;
27 LDC "is four"
29 invokevirtual java. Io. printstream. println (ljava/lang/string;) V (string): void
32 return
This is all the instructions of a method. If you are familiar with the JVM instruction set, you can understand what it is doing.

I found that there were not many articles on Java program cracking, So I briefly talked about some methods used in Java program cracking. Of course, there are still many
Inspired by experience, we cannot list them one by one. The essence of this article is to encourage others to write articles with higher technical content for these cainiao to learn.