Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Java Cracking... (https://forum.exetools.com/showthread.php?t=7414)

deephousederek 04-23-2005 01:23

Java Cracking...
 
Hi All,

I've been attempting to crack a java program for the last few days, however all attempts have failed....

I've managed to decompile the decompilable parts, however the program uses a custom ClassLoader, and possibly a custom defineclass, or some other bytecode encryption when it goes to load important pieces of code, which are not decompilable at present.

I can decompile the classloader alright, but when I go to parse the bytecode array using the JOIE ClassInfo class I get an exception, I've also tried looking at the JavaAssist Classlibrary, and the BCEL classlibrary to try to decompile the returned class file. No luck however....

I've tried reflection as well on the class to try and find some methods, and variables, but the class file seems to be non standard....

Any help on this much appreciated....

The app is Poker Office, available here.... http://www.pokeroffice.com

The path details to the classloader, and encrypted bits is...

com/aetdata/security/c.class

Thanks in advance.....

D....

Mkz 04-23-2005 16:04

Quote:

Originally Posted by deephousederek
I can decompile the classloader alright, but when I go to parse the bytecode array using the JOIE ClassInfo class I get an exception, I've also tried looking at the JavaAssist Classlibrary, and the BCEL classlibrary to try to decompile the returned class file. No luck however....

How exactly did you do this? In memory?

Try the following approach:
Modify the c classloader to dump the classes it loads, just after decryption:
Code:

    public Class findClass(String s) {
        byte abyte0[] = a(s);
        dumpClass(s, abyte0);

Code:

    private void dumpClass(String name, byte[] cls) {
        try {
            name = name.replace('.', '/');
            name += ".class_ok";
            OutputStream os = new FileOutputStream(".../PokerOffice/" + name);
            os.write(cls);
            os.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

This will create the files *.class_ok wherever there are the *.xclass.
If you're curious to see the encryption password, just log it in the c constructor. They are passed to the poker.ProgramLauncher by the executable.

The dumped classes seems perfectly normal to me, they can be decompiled like the others.

If you need any tip finding the encrypted serial encryption just let me know ;)

deephousederek 04-25-2005 20:36

Cheers...
 
Hi Mks,

A big thank you for that, your suggestion was the only thing I didn't try, as I didn't think that it would work, came across similar info late at night, and was too tired to give it a go, when I went to look for the info again, couldn't find it :eek:

Anyway, cheers for that, will hopefully be able to find the serial stuff myself, have done some Java cryto work in the past ;) (Having said that I suppose we'll wait and see !)

D...

Mkz 04-26-2005 05:23

Just keep us posted

deephousederek 05-15-2005 00:19

Update
 
Hi Mks,

Succeeded in finding the encryption routines, attempted to remove checks and recompile, but looked to be too much hassle, as would have had to dump and recompile all dependents, and then change the classloader class....

Decided to rip the key checking code and create my own keygen instead 8-)

Only downside is that there are some online checks, which cause the generated serial to timeout if not checked after a while, not a big issue....

Attempted to work on these but ran into some problems with re-compiling the offending file....

It's in com/aetdata/net/NetUpdater.xclass

Any chance you might be able to have a look and give me some pointers ?

Thanks.....

D...

Mkz 05-17-2005 07:55

Quote:

Originally Posted by deephousederek
Attempted to work on these but ran into some problems with re-compiling the offending file....

You're probably talking about the reserved-words methods and fields.
You can recreate a totally new NetUpdater class, provided you keep the same interface (implements, constructor and the 2 public methods). All else can be removed, as well as these method contents. You might need to leave some code to reenable the serial, though, be it here or in the class that calls this one.

After you have a fixed file, you can either remove the exception (not an Exception :D) for this class in the classloader, to load a regular .class, or you can recreate the xclass so that everything else is untouched. If I recall correctly, the xclass is decoded with a symmetric algo (in com.aetdata.security.a), and you can easily find the algName and key by inserting some logs in the classloader. It is not in java code, it's propagated from the .exe.
After that you can recreate the .xclass from the .class.


All times are GMT +8. The time now is 18:12.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX