The Way to Programming
The Way to Programming
I am attempting to crack the new cobaltstrike 3.x app. In prior 2.x builds the license was checked by a simple script written in the sleep language.
In the newer builds its compiled into a java class file (License.class). I unpacked the Jar decompiled the class file with DJ decompiler.
I made edits to the class file that *should* skip the check. I don’t know enough about Java to be sure. Would someone mind checking my work?
I’m not sure if I need to keep or patch out getTimeSinceStart()
. I didn’t grep the class files to check for additional checkLicenseGUI() or checkLicenseConsole().
isTrial()
returned true I’ve changed it to return false. Does anyone know how to re-compile this using DJ or the like.
package common; import aggressor.Prefs; import javax.swing.JOptionPane; // Referenced classes of package common: // CommonUtils public class License { public License() { } private static long getTimeSinceStart() { Prefs options = Prefs.getPreferences(); today = System.currentTimeMillis(); start = options.getLongNumber("cobaltstrike.start.int", 0L); if(start == 0L) { options.set("cobaltstrike.start.int", (new StringBuilder()).append(today).append("").toString()); options.save(); start = today; } difference = (today - start) / 0x5265c00L; return difference; } public static void checkLicenseGUI() { // getTimeSinceStart(); // if(difference > life || today - start < 0L) { // JOptionPane.showMessageDialog(null, "Your Cobalt Strike trial is now expired.\nPlease purchase a license and use the\nsoftware update feature to continue.\n\nFor details, visit:\nhttps://www.cobaltstrike.com/", null, 0); // System.exit(0); } else { // long left = life - difference; // String form = (new StringBuilder()).append(left).append(" day").toString(); // if(left != 1L) // form = (new StringBuilder()).append(form).append("s").toString(); // CommonUtils.print_warn((new StringBuilder()).append("This is a trial version of Cobalt Strike. You have ").append(form).append(" left of your trial. If you purchased Cobalt Strike. Run the Update program and enter your license.").toString()); // JOptionPane.showMessageDialog(null, (new StringBuilder()).append("This is a trial version of Cobalt Strike.\nYou have ").append(form).append(" left of your trial.\n\nIf you purchased Cobalt Strike. Run the\nUpdate program and enter your license.").toString(), null, 1); } } public static boolean isTrial() { return false; } public static void checkLicenseConsole() { // getTimeSinceStart(); // if(difference > life || today - start < 0L) { // CommonUtils.print_error("Your Cobalt Strike trial is now expired. Please purchase a license and use the software update feature to continue. For details, visit: https://www.cobaltstrike.com/"); // System.exit(0); } else { // long left = life - difference; // String form = (new StringBuilder()).append(left).append(" day").toString(); // if(left != 1L) // form = (new StringBuilder()).append(form).append("s").toString(); // CommonUtils.print_warn((new StringBuilder()).append("This is a trial version of Cobalt Strike. You have ").append(form).append(" left of your trial. If you purchased Cobalt Strike. Run the Update program and enter your license.").toString()); } } private static long life = 21L; private static long today = 0L; private static long start = 0L; private static long difference = 0L; }
You can simply edit the return value and bypass the check.
If you delete that function, you need to edit every part of the code in which it’s called. Editing a return value is preferable to editing a lot more parts of code. For larger functions you must also check that the function will do other things beside the return value. A function may be used for things outside its return value.
private static long getTimeSinceStart() { return 0; //mmmm free bytes }
When obfuscated .NET/ISIL and Java are annoying to RE and patch only because no matter how skilled you are you still have to manually do everything unlike PE level protections where worse case there is encryption and VM and a decryption handler.
If you can’t do TAGES, SecuRom, UbiSoft protections you’re pretty much a wannabe in the scene. I can’t do them but it’s because I’m one person and not a team who can spend weeks or months on them.. Oreans is the hardest protector outside AAA game stuff and dongles.
Sign in to your account