IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Eh?
Written in Java, ergo easy to crack?

Care to defend that?


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Reverse compilers exist.
If an obfuscator hasn't been used on the code, then a reverse compiler can basically give you the source code back again. Compilation isn't a one-way street with Java.
Regards,

-scott anderson

"Welcome to Rivendell, Mr. Anderson..."
New Even without decompilers
jar -tf will give you a nice list of class names and javap is quite useful for getting the public interface you need to reproduce.



"Whenever you find you are on the side of the majority, it is time to pause and reflect"   --Mark Twain

"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."   --Albert Einstein

"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses."   --George W. Bush
Expand Edited by tuberculosis Feb. 23, 2005, 02:01:26 AM EST
New Sure, you can crack anything
ifn' you have the [link|http://www.google.com/search?q=java+decompilers&ie=UTF-8&oe=UTF-8|source code].

Plus, the license checker is typically its own class. You just have to unjar the thing, write a new class with the same name and interface, have it accept anything, return true, whatever. Compile that into a .class file and rejar the mess.

Voila - cracked app.

OK, what about obfuscation I hear you say. What about it? You'll still have source code - recompile and run the thing in the debugger - get to the bit where it asks for a license - interrupt the program, check the stack and you're there. You now know the point in the code where the license is checked. Typically, there will be telling string constants around as well. Even if these are encrypted somehow, there will usually be a nice call to System.exit() to guide you.

If you're going to ship Java, you might as well ship the source.




"Whenever you find you are on the side of the majority, it is time to pause and reflect"   --Mark Twain

"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."   --Albert Einstein

"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses."   --George W. Bush
New WXP OOBE was cracked within days of release.
And that sure ain't written in Java, nor was the source available.

This goes double for every game and Windows app ever written.


Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Yes, but its much harder
you have to understand machine code and you need special tools. The skills are beyond the average developers.

Java hacking requires no extra skills - the regular dev tools suffice and you don't even need to understand the byte code.



"Whenever you find you are on the side of the majority, it is time to pause and reflect"   --Mark Twain

"The significant problems we face cannot be solved at the same level of thinking we were at when we created them."   --Albert Einstein

"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses."   --George W. Bush
New Martellibot said it best: web services is where it's at
[link|http://groups-beta.google.com/group/comp.lang.python/browse_frm/thread/3c18beacfa709eb6/997f51e5c34b9d68?&&d#997f51e5c34b9d68|http://groups-beta.g...#997f51e5c34b9d68]


The Sig:
"Despite the seemingly endless necessity for doing
so, it's actually not possible to reverse-engineer intended invariants
from staring at thousands of lines of code (not in C, and not in
Python code either)."

Tim Peters on python-dev
     Eh? - (pwhysall) - (6)
         Reverse compilers exist. - (admin) - (1)
             Even without decompilers - (tuberculosis)
         Sure, you can crack anything - (tuberculosis) - (3)
             WXP OOBE was cracked within days of release. - (pwhysall) - (1)
                 Yes, but its much harder - (tuberculosis)
             Martellibot said it best: web services is where it's at - (FuManChu)

It’s an insidious time-gobbler.
94 ms