Neek2000 @ SMTHNEEK @ sina.com ============================================ ===============================
Write in front: Write this document to let everyone know more about Java technology, not to teach you how to crack the Java program; there is no sin of the weapon, you must see it is a good person to use it or the bad guys use it.
First let's take a look at the anti-encryption of the Java program, that is, the usual Crack process, only understanding this process, we can effectively encrypt our program.
Usually we get the CRACK package of the Java program, one is a Keygen (registration code generator), a replacement modification;
Let's take the first first. When we found a keygen, we always admire the people who made Keygen, I think he is very powerful, but you analyze carefully, why can he make Keygen? Only he is very clear about the encryption algorithm of this Java program; what are this kind of person? One is the person inside the company, that is impossible, unless the inner, still, it is guess, anti-push, this might? Oh, it is more impossible, where is this algorithm come from? Oh, it is often the secret itself. It is the secret itself ... I will think about it. How do Java applications know if the registration code you entered is correct? Oh, then you will start from the app ... The encryption algorithm you get it, natural keygen is not here ... (But this is also listed, if it is used, the public key secret key is encrypted, there is no The way, only the second method can be used.)
This approach is only suitable for alignment as long as a registration number, anything else, the classic representative Borland JBuilder & Optimizeit Suite
Look at the second, why should I use a replacement to modify? What we have modified? Don't think, definitely is part of the license verification, why don't we find an encryption algorithm like above? There are two reasons: (1) Use the above ways; (2) Java program not only wants Key, there are other license configurations; encounter this situation, we will find the class for license verification, modify the replacement Ok.
This approach is used in any situation, the classic representative bea WebLogic
After the above analysis, our problem is concentrated. The key is how to find part or encryption algorithms for license verification, we need 3 tools: one is the standard JVM :) provided by Sun, one is your patience And careful :), one is JAD (classic Java anti-compilation tool). The first step is to position, this is also the most critical step, we use together for jbuilder edition as an example, start together, first look at what is the same? Hey, I will ask me to License; OK, each relationship, exit; find to start the ba file, find its boot command: java ....., OK, give a parameter when Java started: "-xrunhprof : CPU = Times ", save, start, still to License, exit, this time, we can find that there is a" java.hprof.txt "file in this directory, open it, it is the JVM I want. DUMP file, a lot of content, it doesn't matter, it seems slowly.
We can see a lot of familiar things in this file: java. * / Com.sun. * / Javax. * Wait, but this is not our concern, we want com.togethersoft. * Or some no packages Name zd.d, etc. (Insert almost all Java applications will confuse, in fact, the principle of confusion is also very simple, let's talk about it.) Let's find a license is related, SERACH, 嘿, Sure, 474 line: com.togethersoft .ToGether.Impl.ide.license.licensesetup.execute ([Dashopro-V2-050200]: unknown line) Compile, see, this is not confused, but uses a ZAE class, this looks that the name knows confused, ignore it first, then look at the following IDELICENSEACCESS.SETLICENSE (ZAE1), OK then find IDELICENSEACCESS, haha, In this apartment, all license verifications are this class, and the object-oriented thought is good, huh, huh :)
After the positioning is set, the next thing is to modify these two classes according to the method of guess, shield the actual content of the Execute method in the licensesetup, modify the IDELICENSEACCESS, so that more authentication returns True, then compile, replace it; don't be too happy too early This is not yet, you have to be responsible! ! Starting Together, Sure enough, don't license, there is a startup screen, go in, but a gray, what is going on, look at the console, a bunch of mistakes, it doesn't matter, it is afraid that it is wrong, find the root source, and an IDELICENSEUTIL class Out of a problem, refurbishment, modify, and replace; this is getting it. Start, test it, ok. In this way, a Java application is set. See it is actually very simple.
Let's talk about confusion, you may know that there is no confusing Java's class anti-compilation back to connect the name and variable name will not change. What is the reason? This is to tell the structure of the Class file. Simply, the Class file contains another constant pool, which stores the names of variables and methods, etc., and the Class related things, what we usually say Confusion is to use a tool to use the Dongdong's Huo Huo, so you can cheat the anti-compiler and you, huh, why is it sometimes compiled back to compile the reason.
Go back and talk about the encryption of the Java program; from the above two methods, the Java program seems to be no perfect way to encrypt, in fact, we must follow some principles to effectively protect your products.
Principle 1. Try to use the public key and the secret key to encrypt; in principle, do not use object-oriented ideas in encrypted verification :) Write the verification method in the various corners of the program, and labeled Private Final Void, let the compiler Process your in-inline method for you; principle three, as much as possible :) Find a better obfuscator;
Just these, if you have any questions about the encryption of the product, I can provide consultation, huh, huh :)
