前天正好要用到profiler,看到yourkit有新版,以前网上有流传它的破解版,而且还是SHOCK做的,我一向是很欣赏SHOCK的破解能力的,但看到只有破解版,估计也是不对称加密导致的。新版没有破解,所以就自己准备研究一下。
yourkit的license配置分成服务器分配和文件分配两种,我手头也没有正版的license,所以就用了一个试用版的,然后结合静态分析,得出了结论。
yourkit使用的是2048bit的RSA加密,因此只能进行破解,而不能直接作出鸡。要么绕过验证,不过谁知道有什么暗桩,一个是替换公钥,但得逆运算出解密过程。经过半天的分析,最终搞定。yourkit除了使用RSA加密外,还另外使用一点简单的字节操作来辅助加密,而且使用数据长度+数据的格式进行存放。通过替换公钥结合自己的逆运算程序,成功制作出鸡鸡。具体解密手法就不写在公开日志里了,避免不必要的麻烦。在破解中发现已经官方列为黑名单的序列号
fee4f9ffc7-9c4-56cd20fe-1
fee4fa02e3-9c4-56cd20fe-2
106a700fa63-fa4-6b225ec1-1
106a70231c0-fa4-6b225ec1-1
1065a343eca-fa1-209f65-1
106e6a3824f-fa1-2102216f-1
10a16a9b1f8-fa1-f3e53c09-1
109d4b8b34e-fa1-502818d-1
10388afd076-fa1-4ef925b0-1
10388afd2a7-fa1-4ef925b0-2
10bd8ee78c8-1389-3e066d9c-1
10e42727465-fa1-755c8290-1
10e427275c1-fa1-755c8290-2
10e4272771c-fa1-755c8290-3
10e42727878-fa1-755c8290-4
10e427279d3-fa1-755c8290-5
10fecc64d60-fd2-237aecd3-1
10fecc64eb6-fd2-237aecd3-2
10fecc6500b-fd2-237aecd3-3
10fecc65160-fd2-237aecd3-4
10fecc652b9-fd2-237aecd3-5
10fecc6e0ed-fd2-237aecd3-1
10fecc6e0ed-fd2-237aecd3-2
10fecc6e397-fd2-237aecd3-3
10fecc6e4eb-fd2-237aecd3-4
10fecc6e6cf-fd2-237aecd3-5
10fecc71cbe-fd2-237aecd3-1
10fecc71e17-fd2-237aecd3-2
10fecc71f6b-fd2-237aecd3-3
10fecc720c0-fd2-237aecd3-4
10fecc72215-fd2-237aecd3-5
10fa4658f38-fa1-19fc0566-1
10fa4659091-fa1-19fc0566-2
10fa46591ea-fa1-19fc0566-3
10fa4659340-fa1-19fc0566-4
10fa46594a6-fa1-19fc0566-5
11121c9473b-1389-56cf2070-1
11121c94890-1389-56cf2070-2
11121c949e8-1389-56cf2070-3
11121c94b3e-1389-56cf2070-4
11121c94c92-1389-56cf2070-5
110fde7689e-1389-ff119ba9-1
1134d8b3233-fa1-344586ac-1
1134d8b3388-fa1-344586ac-2
1134d8b34dd-fa1-344586ac-3
1134d8b3632-fa1-344586ac-4
1134d8b3787-fa1-344586ac-5
112569ad6f1-fa1-6b845474-1
112569ad846-fa1-6b845474-2
112569ad99b-fa1-6b845474-3
112569adaf3-fa1-6b845474-4
112569adc49-fa1-6b845474-5
11396136380-13ba-e5977822-1
1142567cea6-fa1-2f5c74c-1
1142567cffc-fa1-2f5c74c-2
1142567d151-fa1-2f5c74c-3
1142567d2a6-fa1-2f5c74c-4
1142567d3fa-fa1-2f5c74c-5
114b5d41d36-fa1-9bff4667-1
114f981d9bc-fd2-bb6a30df-2
115465ab8d3-fa1-3e7cfbfa-1
yourkit 7
All the rsa encryption in the world won't save yourkit from a combination of a demo license (which i've reversed, it includes the .class decryption key), and a patching of com.yourkit.f.n.a(string,boolean) to change the date comparison to IFNE to skip past expiration cheks, directly to the creation and return of the licensedata object.
all in all, "copy protection" of the nature seen in yourkit is a total waste of time. complicated and costly encryption, obfuscation and other assorted crap is simply defeated by modifying a single opcode. as usual.