网上传闻swf reader是破解最厉害的神器,可以内存抓取+doSWF反编译。所以去官网下了一个:
SWF_Reader_2.3
不出所料,demo版本没有反编译的功能。网上搜到一个哥们尝试了下:
http://blog.sina.com.cn/s/blog_6d0b766301011yv9.html
可是明显,按照做法,是破解不了的。估计换了算法,那只能用jd-gui去反编译这个jar了。
看到个关键文件:
d.a:
private static byte[] a(byte[] paramArrayOfByte)
{
byte[] arrayOfByte1 = { -21, 33, 76, 44, -11, -55, -90, 99, -79, 21, 34, -69 };
byte[] arrayOfByte2 = new byte[paramArrayOfByte.length - 512];
int i = 0;
int j = 0;
for (int k = 256; k < paramArrayOfByte.length - 256; k++)
{
int m = paramArrayOfByte[k];
arrayOfByte2[i] = (byte)(m ^ arrayOfByte1[j]);
i++;
j += 2;
if (j >= arrayOfByte1.length)
j = 1;
j--;
j--;
}
return arrayOfByte2;
}
这段代码就是作者玩byte,自定义一个编码规则。
另外:
public static boolean isFull()
{
Object localObject = { "j", "i", "n", "d", "a", "r", "K", "e", "i", "n" };
int i = 0;
for (int j = unique.length() - 1; j >= 0; j--)
{
if (unique.charAt(i) != localObject[j].charAt(0))
{
Main.Main.a = c.c;
break;
}
i++;
}
这段代码,作者自己搞了个key的验证。所以我知道构造license.java的内容是:
public static void main(String[] args)
{
try
{
FileOutputStream ostream = new FileOutputStream("t.org");
ObjectOutputStream p = new ObjectOutputStream(ostream);
Licence aa = new Licence();
aa.name = "pixysoft";
aa.surname = "pixysoft";
aa.nick = "pixysoft";
String bDate = "2099-06-08 12:00";
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
aa.buyDate = formatter.parse(bDate);
aa.unique = "jindarKein";
p.writeObject(aa);
p.flush();
ostream.close(); byte[] content = FileHelper.readToBytes("t.org");
for (byte b : content)
{
System.out.print((int) b + ",");
}
System.out.println(); byte[] dContent = new byte[content.length + 512];
for (int i = 0; i < 256; i++)
{
dContent[i] = 0;
}
for (int i = 0; i < content.length; i++)
{
dContent[i + 256] = content[i];
}
for (int i = 256 + content.length; i < dContent.length; i++)
{
dContent[i] = 0;
} content = a(dContent);
for (byte b : content)
{
System.out.print((int) b + ",");
}
System.out.println(); dContent = new byte[content.length + 512];
for (int i = 0; i < 256; i++)
{
dContent[i] = 0;
}
for (int i = 0; i < content.length; i++)
{
dContent[i + 256] = content[i];
}
for (int i = 256 + content.length; i < dContent.length; i++)
{
dContent[i] = 0;
}
// content = a(dContent);
// for (byte b : content)
// {
// System.out.print((int) b + ",");
// }
// System.out.println();
FileHelper.write("licence.file", dContent);
}
catch (Exception e)
{
e.printStackTrace();
}
} private static byte[] a(byte[] paramArrayOfByte)
{
byte[] arrayOfByte1 = { -21, 33, 76, 44, -11, -55, -90, 99, -79, 21, 34, -69 };
byte[] arrayOfByte2 = new byte[paramArrayOfByte.length - 512];
int i = 0;
int j = 0;
for (int k = 256; k < paramArrayOfByte.length - 256; k++)
{
int m = paramArrayOfByte[k];
arrayOfByte2[i] = (byte) (m ^ arrayOfByte1[j]);
i++;
j += 2;
if (j >= arrayOfByte1.length)
j = 1;
j--;
j--;
}
return arrayOfByte2;
}
其实也很简单,作者自己做个了密码表,然后对byte进行位异或操作。另外前后加入了256个空byte。我只要对license的序列化进行一次异或,就能够被程序解析。
得到的licence.file放到jar文件目录,即可,选择unproject模式,能够开启所有的menu。