We can then see this is definitely where the registration check and process is done. After we get RazorSQL class, we can rapidly find it imports another class called RegistrationUtil. Then at ClassUtil#findClass we can dump the binary we’re looking for. For this, we will use a similar approach: make ClearC instantiate a ClassUtil of our own, then get the binary of RazorSQL class and dump it. Here’s an example on how I did it, but you can find whatever methods suits you best (like dumping all classes without checking any names).Īfter fixing all compilation errors (tip: for very big classes, utils and logging, you can either comment the lines or remove everything and keep just the methods you need to use), our next objective is to get the code for com.rp. We continue to extract all required classes until we can get a basic compilation. We find out it extends RClassLoader, which we don’t have, so we need it too, and so on.
Using the same trick for FakeD as before, we get the binary for com.rp. We can see this invokes a custom ClassLoader to load com.rp., which looks like the actual main class. Note that that localD is a FakeD instance loaded with “file:/home/m0skit0/razorsql/data/run.ssql”. ClearC continues through the z() method, which creates other class instances that take control to create the GUI.
Ĭool, now we can launch RazorSQL like normal with our own ClearC class instead of load.c. After this, we’re going to inject our ClearC class instead of load.c. Again some straightforward fixes are needed to make it compile (like a private method in RazorSQL we cannot access). RazorSQL class and copy main method code. Needs some fixes: external JAR (downloaded), imports from load package when needed, replaced load.d with FakeD, and some other small code fixes that should be no problem for you. findClass() we can dump the class binary ( shown as CrackTest.dumpBinary() ) just before it is resolved for loading (so it must be totally decoded)īingo, now we got load.c code! We create a class called ClearC with this decompilation. We create a FakeD class that extends load.d and a simple main() to have a debuggable controlled RazorSQL run. URL var68 is file:/home/m0skit0/razorsql/razorsql.jarĬhecking load.d#da() we find it adds the URLs using load.h.URL var65 is file:/home/m0skit0/razorsql/data/run.ssql.Decoding these strings having this first decompilation is trivial, so I will just skip over this part. load.d#tx() returns a decrypted class that can be instantiated We find out that load.c class cannot be decompiled, so it is hidden somehow. The main JAR is razorsql.jar, so we go ahead and decompile it. This article resumes my short but interesting adventure, where I learned a couple of things. I really was not going to use it, but I couldn't resist the temptation of trying to crack it. One week ago I stumbled across RazorSQL, a nice looking multi-SQL engine client.
0 kommentar(er)
