Crack Charles421 in Windows step
-
Download and install the latest Charles for Windows.
-
Copy D:\Charles\lib\charles.jar out to D:\
-
Download procyon to decompile charles.jar.
-
decompress and take the procyon-decompiler-0.5.30.jar to D:\
-
Open cmd.
-
Run the command to decompile charles.jar and save the output java documents to D:\output
D:>java -jar procyon-decompiler-0.5.30.jar -o output charles.jar
- Run the command below to find a keyword -- "Unregisted" as you know and I've got some significant results like this
D:\output>findstr /s /i "Unregistered" *.java
com\xk72\charles\oFTR.java: this.ecCn = "Unregistered";
com\xk72\charles\oFTR.java: this.ecCn = "Unregistered";
- So let's take a deep glance into oFTR.java. The first static field is stunning enough.
private static String Yuaz = "Thanks for looking at the source. Please register Charles if you use it.";
9.Focus on some remarkable methods:
public oFTR() {
this.lktV = false;
this.ecCn = "Unregistered";
}
public static boolean Yuaz() {
return oFTR.knIQ.lktV;
}
public static void knIQ() {
oFTR.knIQ = new oFTR();
}
public static String lktV() {
final oFTR knIQ = oFTR.knIQ;
switch (VSCw.Yuaz[knIQ.RvLX.ordinal()]) {
case 1: {
return knIQ.ecCn;
}
case 2: {
return knIQ.ecCn + " - Site License";
}
case 3: {
return knIQ.ecCn + " - Multi-Site License";
}
default: {
return knIQ.ecCn;
}
}
}
public static String Yuaz(final String s, final String s2) {
oFTR knIQ;
try {
knIQ = new oFTR(s, s2);
}
catch (LicenseException ex) {
return ex.getMessage();
}
oFTR.knIQ = knIQ;
return null;
}
According to methods above we guess:
- "knIQ" is a static oFTR singleton.
- "ecCn" is a String on behalf of a username.
- "lktV" is a boolean on behalf of if "ecCn" has been registered.
-
Download javassist to tweak into the bytecodes and even the source codes of charles.jar. Substantial time being used to translate the source java codes into bytecodes have been saved by taking advantage of javassist.
So now let's write down the oFTR tweak.
import javassist.*;
import java.io.IOException;
public class CrackCharles421 {
public static ClassPool pool = ClassPool.getDefault();
public static void main(String[] args) throws NotFoundException, CannotCompileException, IOException, ClassNotFoundException {
//Pick the class oFTR from global class pool.
pool.insertClassPath("D:\\charles.jar");
CtClass oFTR = pool.get("com.xk72.charles.oFTR");
try {
//Tweak the method "public static String lktV()"
//in order to return a decent user licence.
CtMethod ct = oFTR.getDeclaredMethod("lktV");
ct.setBody("return \"YourName\";");
//Tweak convenient constructors so that the ecCn and lktV
//which have been tampered will be used all the way.
CtConstructor[] cca = oFTR.getDeclaredConstructors();
cca[0].setBody("{this.ecCn = \"YourName\";\nthis.lktV = true;}");
cca[1].setBody("{this.ecCn = \"YourName\";\nthis.lktV = true;}");
//Write a class file represented by
//this oFTR object on a local disk.
oFTR.writeFile("D:\\");
} catch (Exception e) {
e.printStackTrace();
}
}
}
It's OK to check all the available API of javassist.
- Then we run such commands to evaluate the tweak.
D:>javac CrackCharles421.java
D:>java CrackCharles421
In order to utilize the javassist package, you've got to put the path of javassist.jar into CLASSPATH of Java.
CLASSPATH.pngAs a result we've got a package named "com" which contains the oFTR.class at D:\
- Pack the package into the charles.jar.
D:>jar -uvf charles.jar com
- At last, what we have to do is putting the hacked charles.jar back into D:\Charles\lib\ and launch your fancy artware.
References:
charles v4.2.1 破解方法