EB00
August 4th, 2010, 03:41
Hi there,
I am working on a java-based target: XXX censored after realizing it's not allowed, sorry :|
All the application's functionality is located in the TunerStudioMS.jar archive. WinRar does a nice job of decompressing this file, but one should activate automatic renaming, as all the classes have been obfuscated and WinRar will overwrite ax.class with aX.class for example, at least this happened here.
I already stated that the classes have been obfuscated, however by doing a little greping for the registration failed message one can find that the check is done in
com\efiAnalytics\util\g.class
Using DJ Java Decompiler gives the following source:
Okay, the interesting line of course is:
String calcKey = v.a(i.a().trim(), j.a().trim(), h.a(), h.e(), k.a().trim());
We can infer from the source above that i.a() will give the first name, j.a() will give the last name and k.a() will give the email.
v.a(...) indeed is the calculation routine which could be easily ripped to build a keygen. But now here's the problem: I can't find the meaning of the other 2 parameters h.a() and h.e()
h is a class member of type r:
In addition to that DJ gives the hint:
So actually one should expect that the methods a() and e() are located in the file
com\efiAnalytics\util\r.class, right? The fun part is, that this is just the definition of an interface. Infact it extends the interface j which holds the abstract definitions of the methods I am looking for (a() and e())
Now of course my question: Where are the implementations of these methods? I did another grep for "implements r" and "implements j", but no hits. I would appreciate the help of one more experienced java reverser to solve this. Sorry for the long opener, but I wanted to share all what I've found out so far.
I am working on a java-based target: XXX censored after realizing it's not allowed, sorry :|
All the application's functionality is located in the TunerStudioMS.jar archive. WinRar does a nice job of decompressing this file, but one should activate automatic renaming, as all the classes have been obfuscated and WinRar will overwrite ax.class with aX.class for example, at least this happened here.
I already stated that the classes have been obfuscated, however by doing a little greping for the registration failed message one can find that the check is done in
com\efiAnalytics\util\g.class
Using DJ Java Decompiler gives the following source:
Code:
private void b()
{
String msg = "";
if(i.a().trim().equals("")
msg = (new StringBuilder()).append(msg).append("First Name\n"
if(j.a().trim().equals(""
msg = (new StringBuilder()).append(msg).append("Last Name\n"
if(k.a().trim().equals(""
msg = (new StringBuilder()).append(msg).append("eMail Address\n"
if(l.a().trim().equals(""
msg = (new StringBuilder()).append(msg).append("Registration Key\n"
if(!msg.equals(""
{
msg = (new StringBuilder()).append("You must provide the information used during registration for:\n"
JOptionPane.showMessageDialog(this, msg);
return;
}
String calcKey = v.a(i.a().trim(), j.a().trim(), h.a(), h.e(), k.a().trim());
if(calcKey == null || !calcKey.equals(l.a().trim()))
{
JOptionPane.showMessageDialog(this, "Invalid Registration Information!\nPlease be sure to select the correct Edition\nand use the name and email address\nExactly as presented in the registration.\nIt is case sensitive."
return;
} else
{
h.a(i.a().trim(), j.a().trim(), calcKey, k.a().trim(), ""
dispose();
return;
}
}
Okay, the interesting line of course is:
String calcKey = v.a(i.a().trim(), j.a().trim(), h.a(), h.e(), k.a().trim());
We can infer from the source above that i.a() will give the first name, j.a() will give the last name and k.a() will give the email.
v.a(...) indeed is the calculation routine which could be easily ripped to build a keygen. But now here's the problem: I can't find the meaning of the other 2 parameters h.a() and h.e()
h is a class member of type r:
Code:
private int n;
r h;
In addition to that DJ gives the hint:
Code:
// Referenced classes of package com.efiAnalytics.util:
// r, v
So actually one should expect that the methods a() and e() are located in the file
com\efiAnalytics\util\r.class, right? The fun part is, that this is just the definition of an interface. Infact it extends the interface j which holds the abstract definitions of the methods I am looking for (a() and e())
Code:
public interface r
extends j
{
public abstract void a(String s, String s1, String s2, String s3, String s4);
}
Code:
public interface j
{
public abstract String a();
public abstract String b();
public abstract String c();
public abstract String d();
public abstract String e();
public abstract String f();
public abstract String g();
public abstract void h();
public abstract String[] i();
}
Now of course my question: Where are the implementations of these methods? I did another grep for "implements r" and "implements j", but no hits. I would appreciate the help of one more experienced java reverser to solve this. Sorry for the long opener, but I wanted to share all what I've found out so far.