|
Tutorial : Cracking ImageMaze, another Java program. Date : 15th May 2000. Descriptions : This is another nice Applet which clearly demonstrates the power of Java. But, it is really a shame that there seems to be no-one who is aware how damaging a decompiler could be, if used for cracking purposes, or at least, hasn't taken any appropriate or effective actions to defeat decompilers (not even the original creators of Java, Sun Microsystems). Let's see what we COULD do with a decompiler and the source file. Protection : Java, shareware notice(s). Disclaimer : This file is used for educational purposes only. Any misuse of the information presented here is not my responsibility. This tutorial is copyright © ManKind. |
I will not explain much about Java in this tutorial. I will only concentrate on how to crack ImageMaze. To get more general information about Java, I would suggest you get my first Java tutorial entitled "Cracking SillyScroll 1.0, a Java program..." (mail me if you can't find it on the Internet). As you might know, the executable of a Java program (in this case, an Applet) is a file with class as extension (anything.class). Our target executable this time is ImageMaze.class, put Jad.exe into the same directory as the executable and open up a MS-DOS Prompt and enter the following command to decompile the executable :-
C:\PutInAppropriateDiskDriveAndDirectoryHere>jad ImageMaze.class
It will generate something like this :-
Parsing ImageMaze.class... Generating ImageMaze.jad
Open up ImageMaze.jad and what have you got there. The source file. I would like to remind you NOT to distribute the source file at ALL because that would damage the author (not to mention his family will probably starve to death). Keep it if you like but I would prefer you to DELETE it IMMEDIATELY after following this tutorial and use some security utility which will delete it forever and make it unretrievable if possible.
What could we do now that we have the source file? Good question! We want to crack this Applet so that it could be run from/on the internet. This is a demo version, so it originally can't be run from/on the internet but we are going to change that now. We could easily locate where the whole protection routine is with the source file and if what you guess is correct, then below should be the protection :-
String s2 = "SOFTSITE.DK";
String s1 = getDocumentBase().toExternalForm().toUpperCase().intern();
s2 = s2.intern();
if(s1.startsWith("HTTP")
&& s1.indexOf(s2) == -1)
{
java.awt.Container container = getParent();
Dialog dialog = new Dialog((Frame)container, "Site not licensed
to run Java Applet. Contact www.softsite.dk !", true);
dialog.reshape(300, 300, 410, 60);
dialog.setResizable(false);
dialog.setBackground(Color.red);
dialog.show();
System.exit(0);
}
Actually, there are currently three ways to crack a Java program.
1). Decompile the executable, view its source and fulfill some
of the conditions needed to be a registered user (the condition
could be key file, registry entries, .html file's parameter, etc.)
2). Decompile the executable, edit the source and re-compile it
to give full advantages to yourself (without limitations, etc.)
3). Debug it (unfortunately unexploited yet).
I will take the second approach. It's important to note that if you are going to crack a Java program using a decompiler and its source as your tools, its critical for you to know about programming languages, especially Java itself or its closest relative, C++ to be able to understand the code. I'll explain the above code line by line according to my own understanding and a little research I have done :-
String s2 = "SOFTSITE.DK";
This is simple. It is some sort of variable declaration. The next line :-
String s1 = getDocumentBase().toExternalForm().toUpperCase().intern();
This line is also a variable declaration. It retrieves the URL you entered in the address bar of your browser, converts it to external form (I don't yet understand this) and converts it to upper case (I can't understand the last part - .intern()). Here's the rest of the code :-
if(s1.startsWith("HTTP")
&& s1.indexOf(s2) == -1)
{
java.awt.Container container = getParent();
Dialog dialog = new Dialog((Frame)container, "Site not licensed
to run Java Applet. Contact www.softsite.dk !", true);
dialog.reshape(300, 300, 410, 60);
dialog.setResizable(false);
dialog.setBackground(Color.red);
dialog.show();
System.exit(0);
}
The first line indicates that the code inside the curly brackets ({}) will only be executed if the URL starts with HTTP (which means that if this Applet is run on the Internet and the site which the Applet is run on is not SOFTSITE.DK (this is a guess of mine, please inform me if I am wrong). The code after the first line will generate a nag window, load some of the nag's parameters and properties, display it and finally end the Applet.
Have you figured out how to crack it yet?. Since the code to display the nag and exit the Applet is all inside the curly brackets, I think we should launch an attack there. The easiest way to do that is to rip out all the bad_boy_code in the curly brackets. Just highlight the bad code, erase it and save the source. The source should like this now (btw, you can remove the first two variable declaration and even remove the "if" line altogether but remember the two curly brackets are part of the if command) :-
String s2 = "SOFTSITE.DK";
String s1 = getDocumentBase().toExternalForm().toUpperCase().intern();
s2 = s2.intern();
if(s1.startsWith("HTTP")
&& s1.indexOf(s2) == -1)
{
}
Now if we run the Applet on the Internet now, it should do nothing bad because we have erased ALL the bad code. Let's proceed to re-compile it back to an executable class file so that it can be executed. First, rename the ImageMaze.jad to ImageMaze.java, and please mind the case because this is very important in Java. I asssume you have the Java Development Kit installed and well configured (remember to set the PATH variable). Open a MS-DOS Prompt, go to the directory where the source file is and type the following command to compile the source (javac stands for JavaCompiler) :-
C:\PutInAppropriateDiskDriveAndDirectoryHere>javac ImageMaze.java
If you do it correctly there shouldn't be any error with the source, only 1 warning. Let's test if the crack works after the source file is compiled into an executable. Open the test.htm file with Internet Explorer or Netscape Communicator to test it locally first and later test it on the Internet (you should upload test.html, ImageMaze.class, drop.au and softsite.au in a same folder for the Applet to work). You should also compare the results with the original executable (hope you have it backed up). Its cracked. Following are two TEMPORARY (I don't know if and when it will be removed).
Cracked
Version
Original
Version
Another tutorial on Java cracking completed. It's actually not pure cracking at all since we have the source of our target but for the time being it works. I myself am not good at Java, so, I would be more than grateful if there is someone who could explain some code which I couldn't understand above to me (I will then update this tutorial). Though the crack is very simple, I hope what I present here could be useful for the cracking community. I am also looking forward to doing more tutorials on Java programs since Java is a significant programming language and is growing rapidly. Until then, do read my other tutorials first.
Thanks and greets to :-
+ORC, +HCU, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, CrackZ, cLUSTER, LaZaRuS, mISTER fANATIC, yes123, WhizKiD, Volatility, ACiD BuRN, Eternal Bliss, R!SC, Kwazy Webbit, +Mammon, MisterE, Shadow, ^tCM^, WaJ, Borna Janes, Kathras, AB4DS(Death), douby, Steinowitz, Lord Soth, Latigo, Lucifer48, NeuRaL_NoiSE, Fravia+, Latigo, Duelist, Alpine, flag eRRatum, Nitrus, +Frog's Print, Muad`Dib, Iczelion, Razzia, Warezpup, Bomber Monkey, llama and other crackers, individuals and organisations who have helped me, either directly or indirectly.