Cracking a java application
#1
Intro
This tutorial will cover the very basics of cracking a java application. A basic understanding of java is also strongly advised.

Tools
A decompiler:
JDGUI - (Download: https://github.com/java-decompiler/jd-gu...-1.3.0.jar )

I recommend JDGUI as it's fast and easy to use. (If you will be reversing a heavily obfuscated program, I'd highly recommend using FernFlower.)
A Java bytecode editor
dirtyJOE - (Website that has download: http://dirty-joe.com/ )

Written in C++, so you will need to use WinE for this if you are on a linux platform.
The application
Application - (Download: http://ge.tt/6zELapK2/v/0 )

This is a basic application I wrote that we will be cracking.
Understanding what the application does
Once you download the application (mentioned in the Tools section), double click jd-gui-1.3.0.jar and drag the Application.jar and drop it on top of the opened Java Decompiler window.
Once you've done this, open up the package (net.greysec.crackme), and click the class called Application.
Once you've done this, the decompiled source to Application will appear.

[spoiler=Decompiled jar]
[Image: ZytJ4of.png?1]
[/spoiler]

From a brief look at the application's decompile source, we can tell that this checks a boolean (that happens to always be false in this case) and gives an output according to the booleans value.
Since we want to manipulate the application into thinking we are a premium user, we will be modifying it into thinking we are a premium user.
Cracking the application
This is where our java bytecode editor, dirtyJOE, that we downloaded earlier will come into play. Open up the Application.jar with your archive manager (such as 7Zip, WinZip, Archive Manager) and go to net -> greysec -> crackme -> Application.class

Extract Application.class to your desktop (or somewhere convenient).
Now, run dirtyJOE.exe and press File, then press Open... and open up Application.class (dirtyJOE only supports editing classes, which is why we had to extract the class from the jar)

Once you have opened the class, you will see 4 tabs, named "Overview", "Constant Pool", "Fields", and "Methods".
For now, we only need to focus on the "Methods" tab. Press the "Methods" tab.
[spoiler=What we have right now]
[Image: MEPizwb.png]
[/spoiler]

Now, in this image under the methods tab we see three options.
These options are "<clinit>", "<init>", and "main".

<clinit> refers to the static initialization block
Spoiler(Show)
Code:
static {
System.out.println("I'm called when the class is first references, but only once!");

<init> refers to the class' constructor method.

main simply refers to the method name main (public static void main(String[] args)

After you click main, you will many java bytecode instructions. If you don't have a solid understanding of how java bytecode works, I'd recommend reading up about it (http://www.javaworld.com/article/2077233...asics.html is a decent starter guide).

The first thing I noticed when I opened the method up were the strings. ldc "~~~Enterprise Quality Applications~~~" was one of these strings. "nice", and "it's not going to crack itself" were others.

find the instruction ldc with the value of "nice", and go up two instructions. You should be on top of the instruction named 'ifeq'. The instruction 'ifeq' means if(boolean). Since the boolean that ifeq is talking about is always false, ifeq will always goto pos 00000019.
To crack this, we will change ifeq to ifne. The instruction 'ifne' means if(!boolean).
Changing the instruction from 'ifeq' to 'ifne' will result in the System printing to the console "nice", instead of "it's not going to crack itself".

Double click the 'ifeq' instruction, and a window called Code Editor should appear. In this window, find the 'ifeq' instruction again, and double click it.
A text area with '99 00 0E' should appear. '99' is the opcode (the bytecode instruction). '00 0E' refers to the position it should move to. Modify '99' (which stands for IFEQ) to '9A' (which stands for IFNE).

Press ENTER to save, save the class and exit out of dirtyJOE.

This has just changed the method
Code:
boolean b = false;
if(b) {
nice!
} else {
not cracked!
}
to
Code:
boolean b = false;
if(!b) {
nice!
} else {
not cracked!
}

Replace our modified Application.class with the one inside of Application.jar, and now run Application.jar.
If you have followed the tutorial up to here correctly, the console should print out 'nice!'.

As you have learned, cracking java application that have no obfuscation is usually very easy, and even cracking java applications with an obfuscator such as 'ProGuard' (which only obfuscates class/method/field names) usually will not take long to get around. For heavier obfuscated jars, such as jars obfuscated with ZKM / Allatori, I highly recommend using a deobfuscator on these before attempting to even decompile. For jars such as these, use FernFlower as your decompiler, and use one of the many deobfuscators out there to first deobfuscate the jar.
Reply
#2
I'll be honest I've never cracked a Java program before and probably a week ago I found a Java program that I wanted to crack and release it but that was just a thought for the moment. Here I am now just casually browsing GreySec and I see this post - now I'm going to follow it and do what I should of done a few days ago.

Thanks for this tutorial, badvibes!
Reply
#3
(07-31-2015, 08:51 AM)#Limitless Wrote: I'll be honest I've never cracked a Java program before and probably a week ago I found a Java program that I wanted to crack and release it but that was just a thought for the moment. Here I am now just casually browsing GreySec and I see this post - now I'm going to follow it and do what I should of done a few days ago.

Thanks for this tutorial, badvibes!

you're welcome!
if you need any help pm and i should be able to help. if its a paid product there's a chance it might be heavily obfuscated, so i can run one of my older deobfuscators on it.
Reply
#4
Thank you for this tutorial!
I guess this also maybe usefull for reverse engineering APK files.
I'll try this asap.
Reply
#5
It'll be my first time trying to crack anything. I found a very useful java application for college so I'll take my chances. Thanks for the info!!
Reply
#6
Hi @LOSTINSAUCE can you help me crack a jar file which is obfuscated?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Need help cracking java application toggy80 1 4,802 11-27-2018, 11:58 AM
Last Post: enmafia2
  Cracking a Java CrackMe Palm 8 14,024 04-22-2018, 01:54 AM
Last Post: vibes part 4