一、分析
由于aspose产品系列是没有做联网校验的,所以pj起来比较容易,只要找到核心逻辑,用javassist重新生成一下类即可.
核心类com.aspose.cells.License
通过以上代码可以分析出,通过setLicense
方法,设置许可证,然后经过一顿看不懂的操作,完成许可的验证.但核心逻辑只有几行代码
a = this; //设置对象为this,为了给其他对象调用,改属性是static的,但只有包权限
zbis.a(); //设置flag为false,具体啥用不晓得
private static Date j(String var0) //验证许可的过期时间
于是思路就是,重写掉setLicense
方法,在方法体里面保留以下代码
this.a = new com.aspose.cells.License();
com.aspose.cells.zbis.a();
重写private static Date j(String var0)
方法,使得返回的date为最大值
return new java.util.Date(java.lang.Long.MAX_VALUE);
最后用javassist进行修改,代码如下:
<!-- 字节码类库工具 -->
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.27.0-GA</version>
</dependency>
修改class中的方法:
package com.poi.javassist;
import javassist.ClassPool;
import javassist.CtClass;
import javassist.CtMethod;
/**
* 破解aspose
* @author
* @date 2020年5月22日 下午5:19:53
*/
public class Demo {
public static void main(String[] args) {
try {
ClassPool aDefault = ClassPool.getDefault();
//取得需要反编译的jar文件,设定路径
aDefault.insertClassPath("C:/in/aspose-cells-20.5.jar");
CtClass ctClass = aDefault.get("com.aspose.cells.License");
CtMethod ctMethod = ctClass.getMethod("setLicense", "(Ljava/io/InputStream;)V");
ctMethod.setBody("{ this.a = new com.aspose.cells.License();com.aspose.cells.zbis.a();}");
CtMethod kMethod = ctClass.getDeclaredMethod("k");
kMethod.setBody("{return new java.util.Date(4070880000000L);}");
//
// 获取String类型参数集合
/*CtMethod[] declaredMethods = ctClass.getDeclaredMethods();
for(CtMethod m:declaredMethods) {
System.out.println(m.getMethodInfo());
}*/
//CtMethod atMethod = ctClass.getMethod("a", "(Ljava/lang/String;Ljava/lang/String;ZZ)Z");
//atMethod.setBody("{ return true;}");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("C:/out/");//不能为根目录
} catch (Exception e) {
e.printStackTrace();
}
}
}
删除签名文件
删除*.RSA和*.SF签名文件
*.MF文件只保存如下:
Manifest-Version: 1.0
Application-Name: Aspose.Cells for java
Implementation-Title: Aspose.Cells for java
Copyright: Copyright 2001-2020 Aspose Pty Ltd
Bundle-SymbolicName: com.aspose.cells
Implementation-Version: 20.5.0
Release-Date: 2020-05-20
Specification-Vendor: Aspose Pty Ltd
Bundle-ManifestVersion: 2
Specification-Title: Aspose.Cells for java
Application-Library-Allowable-Codebase: *
Bundle-Vendor: Aspose Pty Ltd
Import-Package: javax.xml.parsers,org.w3c.dom,org.xml.sax,javax.crypto
;resolution:="optional",javax.crypto.spec;resolution:="optional",java
x.security.cert;resolution:="optional",com.sun.image.codec.jpeg;resol
ution:="optional",javax.imageio;resolution:="optional",javax.imageio.
metadata;resolution:="optional",javax.imageio.stream;resolution:="opt
ional",com.sun.media.imageio.plugins.tiff;resolution:="optional",java
x.media.jai;resolution:="optional",javax.print;resolution:="optional"
,javax.print.attribute;resolution:="optional",javax.print.attribute.s
tandard;resolution:="optional",org.apache.tools.zip;resolution:="opti
onal",org.bouncycastle.jce.provider;resolution:="optional"
Implementation-Vendor: Aspose Pty Ltd
Export-Package: com.aspose.cells
Minimum-JDK: 1.6
Bundle-Name: Aspose.Cells for java
Bundle-Version: 20.5.0
Caller-Allowable-Codebase: *
Permissions: all-permissions
Name: Aspose.Cells for java
Specification-Version: 20.5.0
Created-By: 1.8.0_172 (Oracle Corporation)
把jar包重命名为zip加压后,把生成好的class文件覆盖到里面,再压缩成zip后重名为jar
=========================================
aspose-cells-21.2
package com.poi.javassist;
import javassist.ClassPool;
import javassist.CtClass;
import javassist.CtMethod;
/**
* 破解aspose
* @author
* @date 2020年5月22日 下午5:19:53
*/
public class Demo5 {
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
//取得需要反编译的jar文件,设定路径
pool.insertClassPath("D:/aspose-cells-21.2.jar");
CtClass ctClass = pool.get("com.aspose.cells.License");
CtMethod ctMethod = ctClass.getMethod("setLicense", "(Ljava/io/InputStream;)V");
ctMethod.setBody("{ this.a = new com.aspose.cells.License();com.aspose.cells.zbje.a();}");
ctMethod = ctClass.getMethod("setLicense", "(Ljava/lang/String;)V");
ctMethod.setBody("{ this.a = new com.aspose.cells.License();com.aspose.cells.zbje.a();}");
CtMethod kMethod = ctClass.getDeclaredMethod("l");
kMethod.setBody("{return new java.util.Date(4070880000000L);}");
//
// 获取String类型参数集合
/*CtMethod[] declaredMethods = ctClass.getDeclaredMethods();
for(CtMethod m:declaredMethods) {
System.out.println(m.getMethodInfo());
}*/
//CtMethod atMethod = ctClass.getMethod("a", "(Ljava/lang/String;Ljava/lang/String;ZZ)Z");
//atMethod.setBody("{ return true;}");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
}
Manifest-Version: 1.0
Application-Name: Aspose.Cells for java
Implementation-Title: Aspose.Cells for java
Copyright: Copyright 2001-2021 Aspose Pty Ltd
Bundle-SymbolicName: com.aspose.cells
Implementation-Version: 21.2.0
Release-Date: 2021-02-04
Specification-Vendor: Aspose Pty Ltd
Bundle-ManifestVersion: 2
Specification-Title: Aspose.Cells for java
Application-Library-Allowable-Codebase: *
Bundle-Vendor: Aspose Pty Ltd
Import-Package: javax.xml.parsers,org.w3c.dom,org.xml.sax,javax.crypto
;resolution:="optional",javax.crypto.spec;resolution:="optional",java
x.security.cert;resolution:="optional",com.sun.image.codec.jpeg;resol
ution:="optional",javax.imageio;resolution:="optional",javax.imageio.
metadata;resolution:="optional",javax.imageio.stream;resolution:="opt
ional",com.sun.media.imageio.plugins.tiff;resolution:="optional",java
x.media.jai;resolution:="optional",javax.print;resolution:="optional"
,javax.print.attribute;resolution:="optional",javax.print.attribute.s
tandard;resolution:="optional",org.apache.tools.zip;resolution:="opti
onal",org.bouncycastle.jce.provider;resolution:="optional"
Implementation-Vendor: Aspose Pty Ltd
Export-Package: com.aspose.cells
Minimum-JDK: 1.6
Bundle-Name: Aspose.Cells for java
Bundle-Version: 21.2.0
Caller-Allowable-Codebase: *
Permissions: all-permissions
Name: Aspose.Cells for java
Specification-Version: 21.2.0
Created-By: 1.8.0_172 (Oracle Corporation)
=========================================
aspose-cells-23.6
同样根据 setLicense 方法设置许可证入手,反编译阅读源码。
根据关键代码进入 v_9 类中的 a 方法。
生成 License.class 文件
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.6.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.License");
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("setLicense", "(Ljava/io/InputStream;)V");
ctMethod.setBody("{ org.w3c.dom.Document document = null;com.aspose.cells.v_9 v_9 = new com.aspose.cells.v_9();v_9.a(document); }");
// 方法名和参数
ctMethod = ctClass.getMethod("setLicense", "(Ljava/lang/String;)V");
ctMethod.setBody("{ org.w3c.dom.Document document = null;com.aspose.cells.v_9 v_9 = new com.aspose.cells.v_9();v_9.a(document); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
生成 v_9.class 文件
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.6.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.v_9");
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("a", "(Ljava/lang/String;)I");
ctMethod.setBody("{ return 1; }");
// 方法名和参数
ctMethod = ctClass.getMethod("a", "(Lorg/w3c/dom/Document;)V");
ctMethod.setBody("{ com.aspose.cells.License.a = \"123\";a = this;com.aspose.cells.r98.a(); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
我这里使用的是,360压缩打开 aspose-cells-23.6.jar 文件,将 License.class 和 v_9.class 拖到对应的包路径下。
删除 META-INF 目录下的 *.RSA 和 *.SF 签名文件
修改 *.MF 文件只保存如下:
Manifest-Version: 1.0
Application-Name: Aspose.Cells for java
Implementation-Title: Aspose.Cells for java
Copyright: Copyright 2001-2023 Aspose Pty Ltd
Bundle-SymbolicName: com.aspose.cells
Implementation-Version: 23.6.0
Release-Date: 2023-06-08
Specification-Vendor: Aspose Pty Ltd
Bundle-ManifestVersion: 2
Specification-Title: Aspose.Cells for java
Application-Library-Allowable-Codebase: *
Bundle-Vendor: Aspose Pty Ltd
Import-Package: javax.xml.parsers,org.w3c.dom,org.xml.sax,javax.crypto
;resolution:="optional",javax.crypto.spec;resolution:="optional",java
x.security.cert;resolution:="optional",com.sun.image.codec.jpeg;resol
ution:="optional",javax.imageio;resolution:="optional",javax.imageio.
metadata;resolution:="optional",javax.imageio.stream;resolution:="opt
ional",com.sun.media.imageio.plugins.tiff;resolution:="optional",java
x.media.jai;resolution:="optional",javax.print;resolution:="optional"
,javax.print.attribute;resolution:="optional",javax.print.attribute.s
tandard;resolution:="optional",org.apache.tools.zip;resolution:="opti
onal",org.bouncycastle.jce.provider;resolution:="optional"
Implementation-Vendor: Aspose Pty Ltd
Export-Package: com.aspose.cells
Minimum-JDK: 1.6
Bundle-Name: Aspose.Cells for java
Bundle-Version: 23.6.0
Caller-Allowable-Codebase: *
Permissions: all-permissions
Name: Aspose.Cells for java
Specification-Version: 23.6.0
Created-By: 1.8.0_172 (Oracle Corporation)
=========================================
aspose-cells-23.10 同上aspose-cells-23.6
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.10.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.License");
// 方法名和参数
// CtMethod ctMethod = ctClass.getMethod("a", "(Ljava/lang/String;)Ljava/util/Date");//这是私有方法直接获取不到
// ctMethod.setBody("{ return new java.util.Date(4070880000000L); }");
// CtMethod[] ctMethods = ctClass.getDeclaredMethods("a");
// for (CtMethod ctMethod : ctMethods) {
// if (ctMethod.getName().equals("a") && ctMethod.getParameterTypes().length == 1 &&
// ctMethod.getParameterTypes()[0].getName().equals("java.lang.String")) {
// ctMethod.setBody("{ return new java.util.Date(4070880000000L); }");
// break;
// }
// }
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("setLicense", "(Ljava/io/InputStream;)V");
ctMethod.setBody("{ org.w3c.dom.Document document = null;com.aspose.cells.n86 n86 = new com.aspose.cells.n86();n86.a(document); }");
// 方法名和参数
ctMethod = ctClass.getMethod("setLicense", "(Ljava/lang/String;)V");
ctMethod.setBody("{ org.w3c.dom.Document document = null;com.aspose.cells.n86 n86 = new com.aspose.cells.n86();n86.a(document); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.10.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.n86");
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("a", "(Ljava/lang/String;)I");
ctMethod.setBody("{ return 1; }");
// 方法名和参数
ctMethod = ctClass.getMethod("a", "(Lorg/w3c/dom/Document;)V");
ctMethod.setBody("{ com.aspose.cells.License.a = \"123\";a = this;com.aspose.cells.f40.a(); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
=========================================
aspose-cells-23.11 同上aspose-cells-23.10
同样根据 setLicense 方法设置许可证入手,反编译阅读源码。
根据关键代码进入 c_m 类中的 a 方法。
a方法为验证的关键函数,验证失败就返回,错误消息放在 this.b = "错误消息"
最后函数结尾部分,执行验证成功后的逻辑。
public class Test {
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.11.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.License");
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("setLicense", "(Ljava/lang/String;)V");
ctMethod.setBody("{ org.w3c.dom.Document document = null;com.aspose.cells.c_m c_m = new com.aspose.cells.c_m();c_m.a(document); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
}
public class Test2 {
public static void main(String[] args) {
try {
ClassPool pool = ClassPool.getDefault();
// jar文件路径
pool.insertClassPath("D:/aspose-cells-23.11.jar");
// 类名
CtClass ctClass = pool.get("com.aspose.cells.c_m");
// 方法名和参数
CtMethod ctMethod = ctClass.getMethod("a", "(Ljava/lang/String;)I");
ctMethod.setBody("{ return 1; }");
// 方法名和参数
ctMethod = ctClass.getMethod("a", "(Lorg/w3c/dom/Document;)V");
ctMethod.setBody("{ com.aspose.cells.License.a = \"123\";a = this;com.aspose.cells.c8k.a(); }");
//这里会将这个创建的类对象编译为.class文件
ctClass.writeFile("D:/");
} catch (Exception e) {
e.printStackTrace();
}
}
}
我这里使用的是,360压缩打开 aspose-cells-23.6.jar 文件,将 License.class 和 c_m.class 拖到对应的包路径下。
删除 META-INF 目录下的 *.RSA 和 *.SF 签名文件
修改 *.MF 文件只保存如下:
Manifest-Version: 1.0
Application-Name: Aspose.Cells for java
Implementation-Title: Aspose.Cells for java
Copyright: Copyright 2001-2023 Aspose Pty Ltd
Bundle-SymbolicName: com.aspose.cells
Implementation-Version: 23.11.0
Release-Date: 2023-11-09
Specification-Vendor: Aspose Pty Ltd
Bundle-ManifestVersion: 2
Specification-Title: Aspose.Cells for java
Application-Library-Allowable-Codebase: *
Bundle-Vendor: Aspose Pty Ltd
Import-Package: javax.xml.parsers,org.w3c.dom,org.xml.sax,javax.crypto
;resolution:="optional",javax.crypto.spec;resolution:="optional",java
x.security.cert;resolution:="optional",com.sun.image.codec.jpeg;resol
ution:="optional",javax.imageio;resolution:="optional",javax.imageio.
metadata;resolution:="optional",javax.imageio.stream;resolution:="opt
ional",com.sun.media.imageio.plugins.tiff;resolution:="optional",java
x.media.jai;resolution:="optional",javax.print;resolution:="optional"
,javax.print.attribute;resolution:="optional",javax.print.attribute.s
tandard;resolution:="optional",org.apache.tools.zip;resolution:="opti
onal",org.bouncycastle.jce.provider;resolution:="optional"
Implementation-Vendor: Aspose Pty Ltd
Export-Package: com.aspose.cells
Minimum-JDK: 1.6
Bundle-Name: Aspose.Cells for java
Bundle-Version: 23.11.0
Caller-Allowable-Codebase: *
Permissions: all-permissions
Name: Aspose.Cells for java
Specification-Version: 23.11.0
Created-By: 1.8.0_172 (Oracle Corporation)
jar包安装到Maven仓库
cd D:\Works\idea\workspace\apache-maven-3.8.4\bin
mvn install:install-file -Dfile=D:/aspose-cells-23.11.jar -DgroupId=com.aspose -DartifactId=aspose-cells -Dversion=23.11 -Dpackaging=jar
Maven使用
<dependency>
<groupId>com.aspose</groupId>
<artifactId>aspose-cells</artifactId>
<version>23.11</version>
</dependency>