热爱技术,追求卓越
不断求索,精益求精

教你使用Java Decompiler破解x-pack-core-6.3.2.jar,让你轻松使用es的高级特性

Java Decompiler

Java Decompiler是一个不错的java反编译工具,使用非常简单,打开任意.class文件就能看到你熟悉的java代码。下载地址:

https://pan.baidu.com/s/10hhajl0XXgHspVBsc99hjA

破解x-pack-core-6.3.2.jar方式

网上有很多地方可以下载到破解后的x-pack-core-6.3.2.jar,但授人以鱼不如授人以渔,破解方法很简单,使用Java Decompiler反编译插件查看代码,只需要修改org.elasticsearch.license.LicenseVerifier类和org.elasticsearch.xpack.core.XPackBuild类即可。

  1. 新建一个maven工程,新建两个包名org.elasticsearch.license和org.elasticsearch.xpack.core。
  2. 在工程下面新建一个lib目录,把elasticsearch-6.3.2 中lib目录下的jar包复制到lib目录中
  3. 把x-pack-core-6.3.2.jar解压后去掉LicenseVerifier.class和XPackBuild.class文件(一定要去掉),再压缩成x-pack-core-6.3.2.zip最后重命名为x-pack-core-6.3.2.jar,并放入到工程的lib目录下
  4. 把整个lib目录下的jar包加入到classpath
  5. 在org.elasticsearch.license包下新建LicenseVerifier类,代码见后文
  6. 在org.elasticsearch.xpack.core包下新建XPackBuild类,代码见后文
  7. build后,把target下的jar包中的LicenseVerifier.class和XPackBuild.class文件复制到3中解压的x-pack-core-6.3.2.jar的对应目录下(替换原来两个class文件所在的位置),注意包路径,不要搞错了
  8. 把3中解压的x-pack-core-6.3.2.jar的对应目录下(7中替换过两个class文件后的)的所有文件压缩成x-pack-core-6.3.2.zip后再重命名为x-pack-core-6.3.2.jar,这个最后的jar就是我们破解后的。

破解org.elasticsearch.license.LicenseVerifier

解压x-pack-core-6.3.2.jar,在解压目录的\org\elasticsearch\license下找到LicenseVerifier.class文件,使用Java Decompiler查看是这样的:

package org.elasticsearch.license;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.Signature;
import java.util.Arrays;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Collections;
import org.apache.lucene.util.BytesRef;
import org.apache.lucene.util.BytesRefIterator;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.xcontent.ToXContent.MapParams;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.core.internal.io.Streams;

public class LicenseVerifier
{
  public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData)
  {
    byte[] signedContent = null;
    byte[] signatureHash = null;
    try {
      byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
      ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
      int version = byteBuffer.getInt();
      int magicLen = byteBuffer.getInt();
      byte[] magic = new byte[magicLen];
      byteBuffer.get(magic);
      int hashLen = byteBuffer.getInt();
      signatureHash = new byte[hashLen];
      byteBuffer.get(signatureHash);
      int signedContentLen = byteBuffer.getInt();
      signedContent = new byte[signedContentLen];
      byteBuffer.get(signedContent);
      XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
      license.toXContent(contentBuilder, new ToXContent.MapParams(Collections.singletonMap("license_spec_view", "true")));
      Signature rsa = Signature.getInstance("SHA512withRSA");
      rsa.initVerify(CryptUtils.readEncryptedPublicKey(encryptedPublicKeyData));
      BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();

      while ((ref = iterator.next()) != null) {
        BytesRef ref;
        rsa.update(ref.bytes, ref.offset, ref.length);
      }

      int i = ((rsa.verify(signedContent)) && 
        (Arrays.equals(Base64.getEncoder().encode(encryptedPublicKeyData), signatureHash))) ? 
        1 : 0;

      return i;
    }
    catch (java.security.NoSuchAlgorithmException e) {
    }
    finally {
      Arrays.fill(encryptedPublicKeyData, 0);
      if (signedContent != null)
        Arrays.fill(signedContent, 0);

      if (signatureHash != null)
        Arrays.fill(signatureHash, 0); 
    }
  }

  public static boolean verifyLicense(License license) {
    byte[] publicKeyBytes;
    InputStream is;
    try {
      is = LicenseVerifier.class.getResourceAsStream("/public.key"); ByteArrayOutputStream localByteArrayOutputStream1 = null;
      try { out = new ByteArrayOutputStream();
        Streams.copy(is, out);
        publicKeyBytes = out.toByteArray(); } catch (Throwable out) { } finally {
        if (is != null) if (localByteArrayOutputStream1 != null) try { is.close(); } catch (Throwable localThrowable) { localByteArrayOutputStream1.addSuppressed(localThrowable); } else is.close();  
      }
    } catch (IOException ex) {
      throw new IllegalStateException(ex);
    }
    return verifyLicense(license, publicKeyBytes);
  }
}

我们把其中的两个方法相关的代码去掉,直接返回true,修改后的代码如下:

package org.elasticsearch.license;

public class LicenseVerifier
{
  public static boolean verifyLicense(License license, byte[] encryptedPublicKeyData)
  {
      return true;
  }

  public static boolean verifyLicense(License license) {
      return true;
  }
}

破解org.elasticsearch.xpack.core.XPackBuild

解压x-pack-core-6.3.2.jar,在解压目录的\org\elasticsearch\xpack\core下找到XPackBuild.class文件,使用Java Decompiler查看是这样的:

package org.elasticsearch.xpack.core;

import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.CodeSource;
import java.security.ProtectionDomain;
import java.util.jar.Attributes;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;

public class XPackBuild
{
  public static final XPackBuild CURRENT;
  private String shortHash;
  private String date;

  @SuppressForbidden(reason="looks up path of xpack.jar directly")
  static Path getElasticsearchCodebase()
  {
    URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
    try {
      return PathUtils.get(url.toURI());
    } catch (URISyntaxException bogus) {
      throw new RuntimeException(bogus);
    }
  }

  XPackBuild(String shortHash, String date)
  {
    this.shortHash = shortHash;
    this.date = date;
  }

  public String shortHash() {
    return this.shortHash;
  }

  public String date() {
    return this.date;
  }

  static
  {
    Path path = getElasticsearchCodebase();
    if (path.toString().endsWith(".jar")) try {
        JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0])); Manifest localManifest1 = null;
        try { manifest = jar.getManifest();
          shortHash = manifest.getMainAttributes().getValue("Change");
          date = manifest.getMainAttributes().getValue("Build-Date"); } catch (Throwable manifest) { } finally {
          if (localManifest1 != null) try { jar.close(); } catch (Throwable localThrowable) { localManifest1.addSuppressed(localThrowable); } else jar.close();  }
      } catch (IOException e) {
        throw new RuntimeException(e);
      }


    String shortHash = "Unknown";
    String date = "Unknown";

    CURRENT = new XPackBuild(shortHash, date);
  }
}

修改后的代码如下:

package org.elasticsearch.xpack.core;

import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;

public class XPackBuild
{
  public static final XPackBuild CURRENT;
  private String shortHash;
  private String date;

  @SuppressForbidden(reason="looks up path of xpack.jar directly")
  static Path getElasticsearchCodebase()
  {
    URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
    try {
      return PathUtils.get(url.toURI());
    } catch (URISyntaxException bogus) {
      throw new RuntimeException(bogus);
    }
  }

  XPackBuild(String shortHash, String date)
  {
    this.shortHash = shortHash;
    this.date = date;
  }

  public String shortHash() {
    return this.shortHash;
  }

  public String date() {
    return this.date;
  }

  static
  {
    String shortHash = null;
    String date = null;
    Label_0157 : {
        shortHash = "Unknown";
        date = "Unknown";
    }
    CURRENT = new XPackBuild(shortHash, date);
  }
}

主要去掉了static内部相关验证jar包的代码。

相关资源下载地址

x-pack-core-6.3.2.jar相关的依赖、jar包、本文相关的实例工程、Java Decompiler反编译工具等,都在下面的链接里可以获取到:

链接:https://pan.baidu.com/s/1EPvYxGv-R7P87ZfeTnNbew 密码:b067
赞(1)
未经允许不得转载:LoveCTO » 教你使用Java Decompiler破解x-pack-core-6.3.2.jar,让你轻松使用es的高级特性

热爱技术 追求卓越 精益求精