LoveCTOJava Decompiler
Java Decompiler是一个不错的java反编译工具,使用非常简单,打开任意.class文件就能看到你熟悉的java代码。下载地址:
https://pan.baidu.com/s/10hhajl0XXgHspVBsc99hjA
破解x-pack-core-6.3.2.jar方式
网上有很多地方可以下载到破解后的x-pack-core-6.3.2.jar,但授人以鱼不如授人以渔,破解方法很简单,使用Java Decompiler反编译插件查看代码,只需要修改org.elasticsearch.license.LicenseVerifier类和org.elasticsearch.xpack.core.XPackBuild类即可。
- 新建一个maven工程,新建两个包名org.elasticsearch.license和org.elasticsearch.xpack.core。
- 在工程下面新建一个lib目录,把elasticsearch-6.3.2 中lib目录下的jar包复制到lib目录中
- 把x-pack-core-6.3.2.jar解压后去掉LicenseVerifier.class和XPackBuild.class文件(一定要去掉),再压缩成x-pack-core-6.3.2.zip最后重命名为x-pack-core-6.3.2.jar,并放入到工程的lib目录下
- 把整个lib目录下的jar包加入到classpath
- 在org.elasticsearch.license包下新建LicenseVerifier类,代码见后文
- 在org.elasticsearch.xpack.core包下新建XPackBuild类,代码见后文
- build后,把target下的jar包中的LicenseVerifier.class和XPackBuild.class文件复制到3中解压的x-pack-core-6.3.2.jar的对应目录下(替换原来两个class文件所在的位置),注意包路径,不要搞错了
- 把3中解压的x-pack-core-6.3.2.jar的对应目录下(7中替换过两个class文件后的)的所有文件压缩成x-pack-core-6.3.2.zip后再重命名为x-pack-core-6.3.2.jar,这个最后的jar就是我们破解后的。
破解org.elasticsearch.license.LicenseVerifier
解压x-pack-core-6.3.2.jar,在解压目录的\org\elasticsearch\license下找到LicenseVerifier.class文件,使用Java Decompiler查看是这样的:
package org.elasticsearch.license;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.Signature;
import java.util.Arrays;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Collections;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.ToXContent.MapParams;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.core.internal.io.Streams;
public class LicenseVerifier
{
public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData)
{
byte[] signedContent = null;
byte[] signatureHash = null;
try {
byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
int version = byteBuffer.getInt();
int magicLen = byteBuffer.getInt();
byte[] magic = new byte[magicLen];
byteBuffer.get(magic);
int hashLen = byteBuffer.getInt();
signatureHash = new byte[hashLen];
byteBuffer.get(signatureHash);
int signedContentLen = byteBuffer.getInt();
signedContent = new byte[signedContentLen];
byteBuffer.get(signedContent);
XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap("license_spec_view", "true")));
Signature rsa = Signature.getInstance("SHA512withRSA");
rsa.initVerify(CryptUtils.readEncryptedPublicKey(encryptedPublicKeyData));
BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
while ((ref = iterator.next()) != null) {
BytesRef ref;
rsa.update(ref.bytes, ref.offset, ref.length);
}
int i = ((rsa.verify(signedContent)) &&
(Arrays.equals(Base64.getEncoder().encode(encryptedPublicKeyData), signatureHash))) ?
1 : 0;
return i;
}
catch (java.security.NoSuchAlgorithmException e) {
}
finally {
Arrays.fill(encryptedPublicKeyData, 0);
if (signedContent != null)
Arrays.fill(signedContent, 0);
if (signatureHash != null)
Arrays.fill(signatureHash, 0);
}
}
public static boolean verifyLicense(License license) {
byte[] publicKeyBytes;
InputStream is;
try {
is = LicenseVerifier.class.getResourceAsStream("/public.key"); ByteArrayOutputStream localByteArrayOutputStream1 = null;
try { out = new ByteArrayOutputStream();
Streams.copy(is, out);
publicKeyBytes = out.toByteArray(); } catch (Throwable out) { } finally {
if (is != null) if (localByteArrayOutputStream1 != null) try { is.close(); } catch (Throwable localThrowable) { localByteArrayOutputStream1.addSuppressed(localThrowable); } else is.close();
}
} catch (IOException ex) {
throw new IllegalStateException(ex);
}
return verifyLicense(license, publicKeyBytes);
}
}
我们把其中的两个方法相关的代码去掉,直接返回true,修改后的代码如下:
package org.elasticsearch.license;
public class LicenseVerifier
{
public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData)
{
return true;
}
public static boolean verifyLicense(License license) {
return true;
}
}
破解org.elasticsearch.xpack.core.XPackBuild
解压x-pack-core-6.3.2.jar,在解压目录的\org\elasticsearch\xpack\core下找到XPackBuild.class文件,使用Java Decompiler查看是这样的:
package org.elasticsearch.xpack.core;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.CodeSource;
import java.security.ProtectionDomain;
import java.util.jar.Attributes;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason="looks up path of xpack.jar directly")
static Path getElasticsearchCodebase()
{
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(String shortHash, String date)
{
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static
{
Path path = getElasticsearchCodebase();
if (path.toString().endsWith(".jar")) try {
JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0])); Manifest localManifest1 = null;
try { manifest = jar.getManifest();
shortHash = manifest.getMainAttributes().getValue("Change");
date = manifest.getMainAttributes().getValue("Build-Date"); } catch (Throwable manifest) { } finally {
if (localManifest1 != null) try { jar.close(); } catch (Throwable localThrowable) { localManifest1.addSuppressed(localThrowable); } else jar.close(); }
} catch (IOException e) {
throw new RuntimeException(e);
}
String shortHash = "Unknown";
String date = "Unknown";
CURRENT = new XPackBuild(shortHash, date);
}
}
修改后的代码如下:
package org.elasticsearch.xpack.core;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason="looks up path of xpack.jar directly")
static Path getElasticsearchCodebase()
{
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(String shortHash, String date)
{
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static
{
String shortHash = null;
String date = null;
Label_0157 : {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
主要去掉了static内部相关验证jar包的代码。
相关资源下载地址
x-pack-core-6.3.2.jar相关的依赖、jar包、本文相关的实例工程、Java Decompiler反编译工具等,都在下面的链接里可以获取到:
链接:https://pan.baidu.com/s/1EPvYxGv-R7P87ZfeTnNbew 密码:b067
