Java cracking, reversing applets


by El Latigo

25 November 1998

courtesy of fravia+'s page of reverse engineering



Hi there fravia+,



I'm writing you in order to (try to) contribute with all those great

essays about reverse engineering. I have cracked other programs and 

never emailed any essay; but this time, i think that this is going 

to be usefull because this time its java, and i found very little about

java reverse engineering on the web.

Ok, the targets are those beautiful www.opencube.com applets.

they are great,and you can download them...but theres one little thing,

you wont be able to use them in your website if they are not registered. 

When you upload the file to your webserver, and try to see the

page where the applet is embeded all you will get is a nasty phrase

which reads 'invalid notice tag'.

"Ahi!" -you say- "this high tech applet wont work!"

But if you send money to the guys at opencube, they will send you  a

couple of 'key' files called 'ocekey.class' and 'ocjwkey.class'

and when you replace the files you had downloaded with those they sent

you... voila! the applets work.

Of course,when you buy the applets, they tell you to specify a domain so

they can make those applets 'workable' within your domain. The thing is

simple, all you ëcrackersí have  to do is in some way, change the url

those demo applets are registered to...

How can you do that? VERY easy, remember that everything is possible 

in this software world of us... if you use your head.

Ok now, i did decompile that ëkeyí class using JAD, a very

powerful ë.class-to-.javaí decompiler which can be found at :

ftp://Meurrens.ML.org/pub/Java/codeEngineering/jadnt15.zip

Well, in fact the game is already almost over, all you have to do is 

decompile using jad (jad ocekey.class);  

the jad decompiler will make a ocekey.jad file which is the 

ocekey.class source code (cool huh?).

After that you open the file and see that little and poor class file 

that is trying to prevent you from using an applet... the source of 

the ocekey.class is the following:



import java.net.URL;



class ocjwkey

{



    public static String getKey(String note, URL u)

    {

        String regURL = "www.opencube.com";  <------- bad guys :)

        int i = 1;

        while(Character.isDigit(note.charAt(note.length() - i)))

            i++;



        if(u.getProtocol().equalsIgnoreCase("file") ||

u.getHost().equalsIgnoreCase(regURL))  <---vital part :)





            return note.substring(0, (note.length() - i) + 1).trim();

        else

            return "-1";

    }



    ocjwkey()

    {

    }

}



Yahooooo! Look at the regURL variable... what do we have here? Oh

yes you guessed it mr cracker! The url for the applet! Now you have two

options: you know, 1) you can change the url for the applet to work on your

own site or 2) you modify the source for it to work on ANY web site ...

If you choose the first option, I don't need to tell you what you should do, 

since it is jolly obvious, but if you choose the second option you have 

to delete the following lines :





1) if(u.getProtocol().equalsIgnoreCase("file") ||

   u.getHost().equalsIgnoreCase(regURL))



2) else



3) return "-1";





After this, you recompile the ocekey.class and replace the old one with

the cracked one.

Well, that's it actually! Easy easy cracking... right?

The other 'key'  class, is quite similar, i won't explain it here, tackle 

that one yourself! (an easy reversing task)



Enjoy java cracking, it's easy, it's great fun, it's interesting.



El Latigo



Ps: If you dont know how to compile a .java file, then you shouldn't be

reading this at all, come back later... :)



Ps2: You can download the target applets from  

http://www.opencube.com/colgo



User Name: cu2248

password:  homefree



But, please, remember to delete them after having cracked them / played 

with them... this is only for study purposes of course. In fact we 

are not here in order to steal this or that specific software, we 

are here in order to MASTER software, in order to LEARN how to use 

any software whatsoever whenever we like, however we like and 

for any purpose we want, changing it on the fly if needs be, cracking 

it black and blue if we fancy it. 



redhomepage red links red anonymity +ORC redstudents' essays redacademy database redbots wars
redantismut redtools redcocktails redjavascript wars redsearch_forms redmail_fravia
redIs reverse engineering illegal?