2007年10月3日星期三

[原]oxygen.xml.editor.8.2.keygen&patch

今天下了一个好插件,处理xml的,注册机混淆了,研究了下jvm的opcode,把oxygen的xml editor(eclipse plugin)注册机发上来,
只要把plugin下的oxygenEclipse.jar中的ro.sync.D.A.class反编译一下,替换里边的数组为注册机中的数组,这个注册机就能用了.代码:

package cn.com;
import java.io.*;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import sun.misc.BASE64Encoder;

public class OxygenKeygen {

public static void main(String args[]) {
BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(System.in));
try {
System.out.println(z[5]);
System.out.println(z[7]);
System.out.println(z[5]);
System.out.println();
String s = a(bufferedreader, z[3]);
String s1 = a(bufferedreader, z[6]);
System.out.println();
System.out.println(z[5]);
System.out.println(z[4]);
System.out.println(z[5]);
System.out.println();
System.out.println((new OxygenKeygen(s, s1)).d());
System.out.println();
System.out.println(z[5]);
} catch (Exception exception) {
exception.printStackTrace();
}
try {
bufferedreader.close();
} catch (IOException _ex) {
}
}

private static PrivateKey a() throws InvalidKeySpecException, NoSuchAlgorithmException {
PKCS8EncodedKeySpec pkcs8encodedkeyspec = new PKCS8EncodedKeySpec(d);
return KeyFactory.getInstance(z[23]).generatePrivate(pkcs8encodedkeyspec);
}

private static String a(String s) {
StringBuffer stringbuffer;
int i;
int j;
boolean flag;
flag = f;
stringbuffer = new StringBuffer(s);
i = stringbuffer.length();

for (j = 0; j < i; j++) {
char ch = Character.toUpperCase(stringbuffer.charAt(j));
if (z[2].indexOf(ch) == -1)
stringbuffer.setCharAt(j, '_');
}
return stringbuffer.toString();
// if(!flag) goto _L2; else goto _L1
// _L1:
// z[2]; //z[2]
// _L7:
// Character.toUpperCase(stringbuffer.charAt(j)); //z[2],CH
// indexOf();
// -1;
// JVM INSTR icmpne 53; // 判断ch是否在z[2]中,在goto L4,continue;不在则break到line:102
// goto _L3 _L4
// _L3:
// break MISSING_BLOCK_LABEL_46;
// _L4:
// continue; /* Loop/switch isn't completed */
// stringbuffer.setCharAt(j, '_'); //maybe here is MISSING_BLOCK_LABEL_46;
// j++;
// _L2:
// if(j < i) goto _L1; else goto _L5
// _L5:
// stringbuffer.toString();
// if(flag) goto _L7; else goto _L6
// _L6:
// return;
}

private static String a(BufferedReader bufferedreader, String s) throws IOException {
boolean flag;
flag = f;
Object obj = null;
// _L2:

String s1;
do {
System.out.print(s);
System.out.flush();

s1 = bufferedreader.readLine();
} while (s1 == null || s1.trim().length() == 0);
// _L4:
// // JVM INSTR ifnull 6;
// // goto _L1 _L2
// _L1:
// s1.trim();
// if(flag) goto _L4; else goto _L3
// _L3:
// if(flag) goto _L6; else goto _L5
// _L5:
// length();
// JVM INSTR ifeq 6;
// goto _L7 _L2
// _L7:
// s1;
// _L6:
return s1;
}

public OxygenKeygen(String s, String s1) {
b = null;
c = null;
b = s;
c = s1;
}

private String b() throws Exception {
StringBuffer stringbuffer = new StringBuffer();
stringbuffer.append(a(b));
stringbuffer.append(a(c));
stringbuffer.append(a);
stringbuffer.append("0");
stringbuffer.append(z[16]);
stringbuffer.append(a(z[20]));
stringbuffer.append(a(z[22]));
stringbuffer.append(a(z[21]));
return stringbuffer.toString();
}

private String c() throws Exception {
Signature signature = Signature.getInstance(z[0]);
signature.initSign(a());
signature.update(b().getBytes(z[1]));
return (new BASE64Encoder()).encode(signature.sign());
}

private String d() throws Exception {
StringBuffer stringbuffer = new StringBuffer();
stringbuffer.append((new StringBuilder(z[8])).append(b).toString()).append('\n');
stringbuffer.append((new StringBuilder(z[13])).append(c).toString()).append('\n');
stringbuffer.append(z[11]).append(a).append('\n');
stringbuffer.append(z[15]).append('\n');
stringbuffer.append(z[9]).append(z[16]).append('\n');
stringbuffer.append(z[18]).append(z[20]).append('\n');
stringbuffer.append(z[12]).append(z[10]).append('\n');
stringbuffer.append(z[19]).append(z[14]).append('\n');
stringbuffer.append((new StringBuilder(z[17])).append(c()).toString());
return stringbuffer.toString();
}

private static final String a;
private String b;
private String c;
private static final byte d[];
public static boolean e;
public static boolean f;
private static String z[];

static {
String as[];
as = new String[25];
as[0] = "1G\b\026\020\013{!c4#";
as[1] = "7[\017\037";
as[2] = " N\rd\"$H\001n-)C\007j(2^\033t37Y\036\177=;?x\025TV:\177\020_[/\026\nI\"";
as[3] = "0j.N\024\026}(S\016\raiI\006\017ji\035G";
as[4] = ".f*B\t\021js\007";
as[5] = "_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z_2t\032Z";
as[6] = "!`$W\006\fvi\007GB/i\007GB/i\035G";
as[7] = "_2t\007[\rW0@\002\f w\177*./\fC\016\026`;\007\021Z!{\007\013\013l,I\024\007/.B\t\007}(S\b\020/t\032Z";
as[8] = "0j.N\024\026}(S\016\ra\026i\006\017jt";
as[9] = ",z$E\002\020P&A8.f*B\t\021j:\032";
as[10] = ":B\005\n\"\006f=H\025NW\032k3OK,E\022\005h,U";
as[11] = "&n=BZ";
as[12] = "!`$W\b\fj'SZ";
as[13] = "!`$W\006\fvt";
as[14] = "Z#{";
as[15] = "&z;F\023\013`'\032J";
as[16] = "S?y\027";
as[17] = "1H\007\032";
as[18] = "!n=B\000\r}0\032";
as[19] = "4j;T\016\rat";
as[20] = "'a=B\025\022} T\002";
as[21] = "97e\007U?";
as[22] = "9W\004kJ'k S\b\020#i\1774.[dc\002\000z.@\002\020R";
as[23] = "&\\\b";
as[24] = "/BdC\003Ov0^\036";
z = as;

byte[] con=new byte[] {0x62,15,73,39,103};
for (int k = 0; k < z.length; k++) {
char[] ch = z[k].toCharArray();
// if (ch.length < 1) {
// if (k < 0) {
// }
//
// }
for (int i = 0; i < ch.length; i++) {
ch[i] ^= con[i%5];
}
z[k] = new String(ch);
}

// for (int l = 0; l < z.length; l++) {
// System.out.println("" + l + ": " + z[l]);
// }

// break MISSING_BLOCK_LABEL_343;
// local;
// toCharArray();
// JVM INSTR dup ;
// JVM INSTR arraylength .length;
// JVM INSTR swap ;
// int i = 0;
// JVM INSTR swap ;//ca,length
// JVM INSTR dup_x1 ;//len,ca,len
// 1; //len,ca,len,1
// JVM INSTR icmpgt 322;//len,ca
// goto _L1 _L2
// _L1:
// JVM INSTR dup ;//len,ca,ca
// i; //len,ca,ca,i
// _L4:
// JVM INSTR dup2 ; //len,ca,ca,i,ca,i
// JVM INSTR caload ;//len,ca,ca,i,ca[i]
// byte byte0;
// switch(i % 5)
// {
// case 0: // '\0'
// byte0 = 0x62;
// break;
//
// case 1: // '\001'
// byte0 = 15;
// break;
//
// case 2: // '\002'
// byte0 = 73;
// break;
//
// case 3: // '\003'
// byte0 = 39;
// break;
//
// default:
// byte0 = 103;
// break;
// }
// byte0; //len,ca,ca,i,ca[i],byte0
// JVM INSTR ixor ;//len,ca,ca,i,ca[i]^byte0
// (char); //len,ca,ca,i,char
// JVM INSTR castore ;//len,ca {ca[i]=char} *****
// i++;
// JVM INSTR swap ; //ca,len
// JVM INSTR dup_x1 ; //len,ca,len
// JVM INSTR ifne 322;//if (len!=0) len,ca
// goto _L3 _L2
// _L3:
// JVM INSTR dup2 ;
// JVM INSTR swap ;
// goto _L4
// _L2:
// JVM INSTR swap ; //ca,len
// JVM INSTR dup_x1 ;//len,ca,len
// i; //len,ca,len,i
// JVM INSTR icmpgt 245; //len,ca
// goto _L5 _L1
// _L5:
// JVM INSTR new #153 ; //len,ca
// JVM INSTR dup_x1 ; //ca,len,ca
// JVM INSTR swap ; //ca,ca,len
// String();
// intern();
// JVM INSTR swap ;
// JVM INSTR pop ;
// JVM INSTR ret 0;
a = (new SimpleDateFormat(z[24])).format(new Date());
d = (new byte[] { 48, -126, 1, 76, 2, 1, 0, 48, -126, 1, 44, 6, 7, 42, -122, 72, -50, 56, 4, 1, 48, -126, 1, 31, 2, -127, -127, 0, -3, 127, 83, -127,
29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34,
81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103,
80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125,
-10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57, 2, 21,
0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11, 2, -127, -127, 0, -9, -31, -96, -123, -42,
-101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114,
-70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122,
-117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92,
-15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42,
4, 23, 2, 21, 0, -106, -49, 66, -124, -79, -94, -48, -108, 26, -46, -57, -110, -117, 14, -38, 1, -77, -127, 0, 14 });
}
}

ps:今天上午又看了下注册原理,其实就是A.class里边是公钥,注册时程序将注册码base64decode为密文,然后再用公钥解开,明文内容应该和注册名一致;
而注册码是作者用用户的注册名+作者的私钥生成的.
因此只需要用程序生成一对密钥,私钥放入keygen里边,公钥放入A.class里边覆盖原来的公钥byte[],就ok了.这次终于明白签名注册的原理了 :-)

没有评论:

free counters