WeChat number: public bugstack wormhole stack | blog: bugstack. Cn precipitation, share, grow, and focus on the original project cases, to share knowledge in the most easy to learn programming way, let oneself and others to learn something. Projects completed so far include; Netty4. X practical thematic cases, using Java to achieve JVM, javaAgent-based full link monitoring, handwritten RPC framework, architecture design thematic cases, source code analysis, etc. You use the sword πŸ—‘, I use the knife πŸ”ͺ, good code is burning 😏, hope you don’t hesitate to use πŸ’¨!

First, introduction

It’s 2020, for a programmer;

2020 = 1024 + 996 | 404 + 404 + 404 + 404 + 404
2021 = 1024 + 997
2022 = 1024 + 9106
2023 = 1024 + 9107.20Xx = terrible from this yearCopy the code

When you have a New Year’s Day, cool weekend, early in the morning to go to work, pick up the cup, add some new (salary) water, open the computer, put away the trouble, the small feet, the mouth. All set. All set. All right! Lu code! Ah!!!!!! IDEA Duang Duang Duang, expired!

Brain a hot hurriedly search broken decoding;

  • First, failure
  • Second, failure
  • Third, failure
  • .
  • The NTH, finally, cracked three months, first use, first use, later!

Probably most of the partners are searching a variety of a bunch of a string of broken decoding to stick to the inside, one by one try to finally passed. But also a part of the old driver is not search broken decoding, they use JAR package to crack, valid for 100 years.

So! This article does not want to guide users to use the cracked version, like IDEA so excellent, in fact, to provide you with a lot of choices;

  1. It’s free if you’re a student
  2. There are community edition and flagship edition, and you can use the community edition Free, open-source
  3. General big company has legitimate edition to authorize, can use
  4. You can also apply for the IDEA license if you have an open source project

Therefore, use the community version for personal development, do not use cracking.

Good! Back to the topic, this article will focus on why you can break it with a Jar package, and finally demonstrate how to break it with a Jar. You can learn the following in the following sections;

  • Java Agent is a non-hard-coded proxy class, also known as the probe technique
  • ASM bytecode programming is simple to use
  • Project package to load additional JAR methods
  • Finally, there is a cracking demo, suitable for personal learning only

Ii. Case project

We through a case project to simulate the cracking process is how to do it, in fact, every version of the IDEA is enhancing the protection mechanism, cracking is more and more difficult.

β”‚ β”œβ”€ SRC β”œβ”€ main β”‚ β”œβ”€ Java β”‚ β”œβ”€ org.itstack. Demo β”‚ β”œβ”€ org.itstack β”‚ β”” ─ ─ meta-inf β”‚ β”” ─ ─ the MANIFEST. The MF β”” ─ ─ the test β”” ─ ─ Java β”œ ─ ─ the jetbrains. Ls. NewLicenses β”‚ β”” ─ ─ DecodeCertificates. Java β”” ─ ─ Org. Itstack. Demo. Test β”” ─ ─ ApiTest. JavaCopy the code

3. Environment configuration

  1. JDK 1.8
  2. The IDEA of 2019.3.1
  3. Asm -all 3.3.1

Four, the code

In this example, we simulate IDEA with a DecodeCertificates class, which is used for authorization code verification. Then the emulation authorization was cracked through our Java Agent programming.

1. Introduction to Java Agent

Since JDK1.5, the JVM has provided agent technology to build an application-independent agent (known as an agent) that can assist in monitoring, running, and even replacing programs on other JVMS. You can use it to implement VIRTUAL machine-level AOP capabilities.

2. ASM is introduced

ASM is an open source application framework for analyzing, creating, and modifying JAVA bytecode. There are a number of apis available in ASM for bytecode manipulation of the contents of a class. Unlike traditional BCEL and SERL, ASM provides a more elegant and flexible way to manipulate bytecode. ASM has been used by a wide range of open source application architectures, such as Spring, Hibernate, etc.

3. Start our simulation hack

JetbrainsCrack. Java & Agent operation class

/ * * * blog: http://bugstack.cn * public: bugstack wormhole stack | situ more high-quality dry * Agent class, all programs start as long as the configuration - javaagent: will all come to * / premain method
public class JetbrainsCrack {

    public static void premain(String args, Instrumentation inst) {
        System.out.println("* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *");
        System.out.println("* Official account: Bugstack wormhole Stack *");
        System.out.println("Blog: https://bugstack.cn *");
        System.out.println("* You use the sword, I use the knife, good code is burning! *");
        System.out.println("* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *");
        inst.addTransformer(new MethodEntryTransformer());
    }

    static class MethodEntryTransformer implements ClassFileTransformer {

        private Logger logger = LoggerFactory.getLogger(MethodEntryTransformer.class);

        public byte[] transform(ClassLoader loader, String className, Class<? > classBeingRedefined, ProtectionDomain protectionDomain,byte[] classfileBuffer) throws IllegalClassFormatException {

            try {
                if (className.equals("com/jetbrains/ls/newLicenses/DecodeCertificates")) {
                    ClassReader cr = new ClassReader(classfileBuffer);
                    ClassNode cn = new ClassNode();
                    cr.accept(cn, 0);
                    List<MethodNode> methodNodes = cn.methods;
                    for (MethodNode methodNode : methodNodes) {
                        if ("decodeLicense".equals(methodNode.name)) {
                            InsnList insns = methodNode.instructions;
                            // Clear the command
                            insns.clear();
                            insns.add(new VarInsnNode(Opcodes.ALOAD, 1)); // Store the locally specified reference on the stack
                            insns.add(new InsnNode(Opcodes.ARETURN));          // Return data of the reference type from the method
                            // The access is complete
                            methodNode.visitEnd();
                            ClassWriter cw = new ClassWriter(0);
                            cn.accept(cw);
                            byte[] bytes = cw.toByteArray();
                            // Output bytecode to Class
                            this.outputClazz(bytes);
                            // Return the latest bytecode
                            returncw.toByteArray(); }}}}catch (Exception e) {
                return classfileBuffer;
            }

            return classfileBuffer;
        }

        private void outputClazz(byte[] bytes) {
            // Output class bytecode
            FileOutputStream out = null;
            try {
                out = new FileOutputStream("ASMDecodeCertificates.class");
                logger.info("ASM class output path: {}", (new File("")).getAbsolutePath());
                out.write(bytes);
            } catch (Exception e) {
                e.printStackTrace();
            } finally {
                if (null! = out)try {
                    out.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }

    }

}
Copy the code
  • So in this class you can see that there’s a premain method, which is the entry into the program after it’s been processed by the Java Agent, and all the information classes and methods go into this entry
  • Then we use inst.addTransformer(new MethodEntryTransformer()); Add our own processing logic, which also uses bytecode programming techniques to proxy the class process. This process is similar to the logic we develop to monitor method execution time without hard coding
  • MethodEntryTransformer implements the transform method of ClassFileTransformer, which is the process of actually manipulating bytecode.
    • In this kind of method you will first need to find our authorization code check com/jetbrains/ls/newLicenses/DecodeCertificates, each version of the IDEA, at the same time authorization logic check is different also
    • If (“decodeLicense”.equals(methodNode.name))
    • The next step is to process the bytecode, which is a little rough, and simply erase the instructions from the original method. Then use new VarInsnNode(opcodes.aload, 1) to store the locally specified reference on the stack
    • We then return our input directly, new InsnNode(opcodes.areturn), and return the data of the reference type from the method. In the past old version of IDEA cracking is relatively simple, directly the final need to crack the content can be returned, which describes the use of the IDEA of each software
    • To finally return our processed bytecode to the method, return cw.tobytearray (); This time although your big ye or your big ye, but your big niang is not your big niang
  • In order to verify the test we will change the bytecode code (big girl) output to the project directory, that is, a class file, later test verification

Java & Simulation IdeAIU-15.0.1 Software license code verification class

public class DecodeCertificates {

    public String decodeLicense(String usingKey) {
        // Simulate the authentication code
        return "usingKey is error:"+ usingKey; }}Copy the code
  • So this class is pretty simple and it just simulates that there’s a method for verifying authorization codes

5. ApiTest. Java & Test classes

/ * * * blog: http://bugstack.cn * public: bugstack wormhole stack | situ more high-quality dry VM parameters * * test class configuration Idea VM options: - javaagent:E:\itstack\GIT\itstack.org \ itstack - demo - code \ itstack - demo - code - the idea \ target \ itstack - demo - code - idea - 1.0 - SNAPSHO T.jar */
public class ApiTest {

    private static Logger logger = LoggerFactory.getLogger(ApiTest.class);

    public static void main(String[] args) throws Exception {
        DecodeCertificates decodeCertificates = new DecodeCertificates();
        // Analog usingKey: Subscription is valid until July 8, 2089
        String license = decodeCertificates.decodeLicense("Subscription is active until July 8, 2089");
        logger.info("Test result: {}", license); }}Copy the code

Manifest.mf configuration is loaded at boot time

Manifest-Version: 1.0
Premain-Class: org.itstack.demo.JetbrainsCrack
Can-Redefine-Classes: true

Copy the code

7. Add the POM package to the ASM package

<! < plugins > <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-shade-plugin</artifactId> <executions> <execution> <phase>package</phase> <goals> <goal>shade</goal> </goals> </execution> </executions> <configuration> <artifactSet> <includes> <include>asm:asm-all:jar:</include> </includes> </artifactSet> </configuration> </plugin>Copy the code

5. Engineering testing

  1. Run ApiTest. Java directly, and the test results are as follows (authorization is not available);

    21:23:46.101[the main] INFO org. Itstack. Demo. Test. The ApiTest - test results: usingKey is error: Subscription is active until out8.2089
    Copy the code
  2. The second step is to package the project before testing. This is what you will see.

    [INFO] --- maven-install-plugin:2.4:install (default-install) @ itstack-demo-code-idea ---
    [INFO] Installing E:\itstack\GIT\itstack.org\itstack-demo-code\itstack-demo-code-idea\target\itstack-demo-code-idea-1.0-SNAPSHOT.jar to D:\Program Files (x86)\ apache maven - 3.6.2 \ repository \ org \ itstack \ demo \ itstack - demo - code - 1.0 the SNAPSHOT idea \ \ itstack - demo - code - idea - 1.0 - the SNAPSHOT. jar [INFO] Installing E:\itstack\GIT\itstack.org\itstack-demo-code\itstack-demo-code-idea\dependency-reduced-pom.xml to D:\ProgramFiles (x86)\ apache maven - 3.6.2 \ repository \ org \ itstack \ demo \ itstack - demo - code - 1.0 the SNAPSHOT idea \ \ itstack - demo - code - idea - 1.0 - the SNAPSHOT. pom [INFO] Installing E:\itstack\GIT\itstack.org \ itstack - demo - code \ itstack - demo code - the idea \ target \ itstack - demo - code - idea - 1.0 - the SNAPSHOT - sources. J ar to D:\ProgramFiles (x86)\ apache maven - 3.6.2 \ repository \ org \ itstack \ demo \ itstack - demo - code - 1.0 the SNAPSHOT idea \ \ itstack - demo - code - idea - 1.0 - the SNAPSHOT - sources.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [INFO] Total time: 3.080 s [INFO] Finished at: 2020-01-05T23:25:08+08:00 [INFO] ------------------------------------------------------------------------Copy the code
  • Here, itstack-demo-code-idea-1.0-snapshot. jar is our Agent package, and we copy our own path according to the actual situation
  1. Configure VM options: – javaagent:E:\itstack\GIT\itstack.org \ itstack – demo – code \ itstack – demo – code – the idea \ target \ itstack – demo – code – idea – 1.0 – SNAPSHO T.jar

  2. Run the ApiTest test and the correct results are as follows;

    23:29:42.803[the main] INFO org. Itstack. Demo. Test. The ApiTest - test results: usingKey is error: Subscription is active until out8.2089
    
    Process finished with exit code 0
    Copy the code
    • This process is how you use jar packages to crack IDEA. Understanding this technique can be used in many services that do not require hard coding, such as monitoring, debugging, etc
  3. Don’t forget we also output the new bytecode in the Agent, so let’s see what the class looks like at this point.

Before acting

public class DecodeCertificates {

	public String decodeLicense(String usingKey) {
		// Simulate the authentication code
		return "usingKey is error:"+ usingKey; }}Copy the code

After the agent

package com.jetbrains.ls.newLicenses;

public class DecodeCertificates {
	public DecodeCertificates(a) {}public String decodeLicense(String usingKey) {
		returnusingKey; }}Copy the code

6. To sum up

  • It is recommended that individuals use the community version, do not try to crack the respect IDEA, this article is only to learn javaAgent technology
  • ASM is a very powerful thing, and actually bytecode programming and Javassist are used a lot in the RPC framework together
  • I have written case articles about Java Agent in a thematic way, which can be referred to. Bugstack. Cn/itstack – dem…

7. Follow the public account