Jrebel For Android 破解过程

Jrebel For Android 需要破解两个jar包
jr-android.jar和jr-android-ide-studio.jar

每个jar包中需要处理的class每个版本不同

我这里以1.1.8版为例演示破解过程

jr-android.jar中需要破解的文件为com/zeroturnaround/jrebel/android/b.class
a方法

  public static boolean a(UserLicense paramUserLicense, km paramkm)
  {
    if (paramkm.product == null) {
      throw new LicenseException("Missing product name.");
    }
    paramkm = (paramkm = kl.getByName(paramkm.product)).a();
    paramkm = paramkm;paramUserLicense = paramUserLicense;Object localObject = new BouncyCastleProvider();(localObject = Signature.getInstance("SHA1withRSA", (Provider)localObject)).initVerify(paramkm);((Signature)localObject).update(paramUserLicense.getLicense());return ((Signature)localObject).verify(paramUserLicense.getSignature());
  }

修改为

  public static boolean a(UserLicense paramUserLicense, km paramkm)
  {
    return true;
  }

参数中km paramkm每个版本都会不同,定位该方法位置为返回值为boolean,方法名为a,第一个参数类型为UserLicense

jr-android-ide-studio.jar中需要破解的文件为com/zeroturnaround/jrebel/android/dB.class
a方法

  public static boolean a(UserLicense paramUserLicense, PublicKey paramPublicKey)
    throws Exception
  {
    BouncyCastleProvider localBouncyCastleProvider = new BouncyCastleProvider();
    Signature localSignature = Signature.getInstance("SHA1withRSA", localBouncyCastleProvider);
    localSignature.initVerify(paramPublicKey);
    localSignature.update(paramUserLicense.getLicense());
    return localSignature.verify(paramUserLicense.getSignature());
  }

修改为

  public static boolean a(UserLicense paramUserLicense, PublicKey paramPublicKey)
  {
    return true;
  }

定位改方法位置为返回值boolean,方法名为a,第一个参数类型为UserLicense,第二个参数类型为PublicKey
这个方法修改时要注意记得处理异常表

实际中可以写成一个破解工具出来进行破解,我这里已经写了一个出来,不打算放出来,避免zeroturnaround公司修改算法,也请写出来了破解工具的同学不要放出来

标签: none

已有 27 条评论

  1. yanlu yanlu

    @ilanyu, 破解的方法我是通过比较反编译楼主破解包和原始包拿到的修改返回值为true,我猜测楼主破解这个plugin的初始方法是不是通过如下步骤?请指教:
    1、拿到试用版的license file(不知道通过什么方法分析license文件结构得出expire date和其它相关字段含义);
    2、试用版过期,会出现提示信息;
    3、搜索反编译的包,搜索内容是提示信息,找到license不合法的代码;
    4、回溯不合法代码,找到对应的判断代码;
    5、修改代码为return true,修改license file的expire date;
    6、重新打包;

  2. mo mo

    这个工具和AS2.0的Instant Run有啥区别?比Instant Run更好用?

    1. nirnull nirnull

      @mo
      You can read the difference here https://zeroturnaround.com/rebellabs/jrebel-for-android-and-instant-run-compared/

  3. zhenhappy zhenhappy

    写成授权服务器如何

  4. wenmin92 wenmin92

    Jrebel For Android 更新很快, 直接无限试用比较方便, 到期后只需删除相应的注册表项 HKEY_CURRENT_USER\SOFTWARE\JavaSoft\Prefs\jrebel-android, 和 C:\Users\username\.jrebel-android\jrebel-android.lic 即可重新注册, 注册邮箱什么的几乎可以随便填

    1. @wenmin92
      是的,直接试用比较方便
      https://headless.zeroturnaround.com/public/api/registrations/add-jra-evaluation.php?first_name=lan&last_name=yu&email=android1234567%40baidu.com®istered_via=Android+Studio
      改下这个url的参数,可以下载到jrebel-android.lic

      1. wenmin92 wenmin92

        谢谢分享, 这个是使用 "请求试用证书的接口" . 4个参数,
        first_name=
        last_name=
        email=
        registered_via=Android+Studio

        不过我这么做的时候, 貌似还是必须配合修改注册表相应的时间.
        还有, 上面我提到的仅仅删除好像不能成功, 只能修改 tt 和 te 两个键的值才行(时间).

      2. Lord CHEN Lord CHEN

        @ilanyu
        是直接用浏览器请求这个链接吗?

        1. @Lord CHEN
          修改里面的参数后,浏览器直接打开

          1. Lord CHEN Lord CHEN

            @[email protected]@Lord [email protected]
            用新的邮箱还是已经注册过的邮箱?

        2. @Lord CHEN
          新的邮箱,不需要确认的,随便输一个就行

          1. Lord CHEN Lord CHEN

            @ilanyu
            {"status":-1,"content":"Validation error","errors":{"email":"Email address [email protected]®istered_via=Android Studio is rejected. Please use different address","registered_via":"required"}}
            不行啊

          2. Lord CHEN Lord CHEN

            @ilanyu
            这个我知道,我换过很多邮箱,都是这样的

        3. @Lord CHEN
          返回值不是写了吗,这个邮箱用过了

        4. @Lord CHEN
          试了下,估计被封了

          1. Lord CHEN Lord CHEN

            @ilanyu
            有什么好方法,请及时在网站上面更新 :)

        5. @Lord CHEN
          在插件中申请试用,或者使用破解版

          1. Lord CHEN Lord CHEN

            @ilanyu
            我已经申请了使用,我就是想获得license

      3. Threshold Threshold

        I try it on mac ,it doesn't work. It is said that has expired. Does something i forget about it? Or some file should i delete it?

    2. @wenmin92
      用这个链接获得的授权文件,就是在应用中点申请试用,获得的那个文件,也是试用的授权,要永久的只有破解版,正版都没永久的

  5. CV CV

    用 ASM 写了个小工具来弄这个。

  6. Allenz Allenz

    1.2.12的校验方法变了

  7. Threshold Threshold

    Would me mind tell me use which tool to edit jar file?Would me please share your tool? Thanks !

    1. @Threshold
      jd-gui and JBE(Java Bytecode Editor)

  8. masterwishx masterwishx

    hi
    i cracked 1.2.30 and its worked (it was in lZ.class) i changed those 2 functions ....
    but now i cracked 1.3.6 (it was in md.class) and its not working !!!!
    i got license file from :
    ( https://headless.zeroturnaround.com/public/api/registrations/add-jra-evaluation.php?first_name=lan&last_name=yu&email=android1234567%40baidu.com®istered_via=Android+Studio ) with my nick and mail....
    and when i activating with my key i have "trial ends on 19.8.2016" so its not work ...
    and 1.2.30 not working too , i tried to delete "c:\Users\D......L\.jrebel-android\
    but still nothing ... maybe i need to do something more ??

    1. @masterwishx
      This method just cracked key verification, so you need a license file to activate the modified, you can find cracked version I give in.

  9. 干干 干干

    registry. 写在 HKEY_CURRENT_USER\software\jetbrains\vAny 如果安装的话.

添加新评论