TA的每日心情 | 开心 2021-3-12 23:18 |
---|
签到天数: 2 天 [LV.1]初来乍到
|
作者:舵手
申明:如转载请保证文章的完整性
来源:www.blogjava.net/galaxyp/
软件下载:www.e-t.com 软件简介:
Jshrink extracts the minimal set of java class files for an application, removes unused code and data, obfuscates symbolic names, finalizes code for optimized execution, and stores the results in a Java arcHive .jar file.
Jshrink typically reduces program size by 30-40%. Jshrink obfuscated code is much harder to comprehend when decompiled, a claim that can be readily verified using Jshrink"s built-in Java decompiler. What at first
glance seems to be meaningful names in Jshrink obfuscated code are often reused system names, a Jshrink obfuscation technique called semantic recycling.
一直没怎么用过,闲来无聊想研究下它的功能,用jshrink打开一个class文件双击提示“Missing license key, see www.e-t.com/jshrink.html to request evaluation license”,以前申请了一个试用的license key,恢复过系统,早丢了。java写的,反编译出来看看,解压jar,并反编译所有的class文件,类被混淆过,这里要注意的是,有些方法混淆后名称和类名一样,但千万不要把它当作构造函数,否则可能会带来一点麻烦。在整个源代码中查找上面的报错字符串,居然没找到。在解压后的目录里找了一下,发现I.gif挺可怀,打开一看果然是加密了的东东,并不是gif文件,在I.I.class反编译源代码中果然发现了I.gif,如下:
InputStream inputstream = (new I()).getClass().getResourceAsStream("" + "I" + "." + "g" + "i" + "f");
即然建立输入流读取方文件,肯定有解密过程,分析原代码后写出一个解密代码:
import java.io.InputStream;
public class I
{
static byte COWY[];
static String append[] = new String[256];
static int close[] = new int[256];
public String td(int i)
{
int j = i & 0xff;
if(close[j] != i)
{
close[j] = i;
if(i < 0)
i &= 0xffff;
String s = new String(COWY, i, COWY[i - 1] & 0xff);
append[j] = s;
}
System.out.println(append[j]);
return append[j];
}
public static void main(String[] args)
{
try
{
InputStream inputstream = (new I()).getClass().getResourceAsStream("" + "I" + "." + "g" + "i" + "f");
//这里他用"I" + "." + "g" + "i" + "f",如果我们直接查找I.gif,肯定没有结果,所以当搜索I.gif没找到时,
//一定要试试这种方法,还有数组形式存放。
if(inputstream != null)
{
int i = inputstream.read() << 16 | inputstream.read() << 8 | inputstream.read();
COWY = new byte;
int j = 0;
byte byte0 = (byte)i;
byte abyte0[] = COWY;
while(i != 0)
{
int k = inputstream.read(abyte0, j, i);
if(k == -1)
break;
i -= k;
for(k += j; j < k; j++)
abyte0[j] ^= byte0;
}
inputstream.close();
}
}
catch(Exception exception) { }
I i = new I();
for (int j=0; j<7200; j++ )//为什么这个j最大值为7200,因为大概查看了一下源代码中调
//用I.I.I()这个方法的最大值就是这个,试图加大后,抛出异常。
{
System.out.print(j+":");
i.td(j);
}
}
}
当上面的循环体里j为4088时字符串是Missing license key, see www.e-t.com/
jshrink.HTML to request evaluation license,在整个原代码是搜索4088,发现只在A.class中有,
switch(getViewRect)
{
case -1:
case 0: // " |
|