提取Jar2Exe源代码,JavaAgent监控法
最近遇见⼀个⿇烦,明明知道是java写的⼩软件,但是打包成了exe,⽊得办法,之前打包的都有缓存能在TEMP⽂件夹到。这次可不⼀样了,特此记录⼀下。
为此特地搜集了⼀些java打包成exe的软件。
⼋、Jar2Exe.
  这是今天特地要说的java打包成EXE的软件
  Jar2Exe
1. 明⽂:简单的打包⽅式,解压软件解压⼀下所有Class⽂件都在⾥⾯。
2. 隐藏,Jar包会被经过简单的加密之后存储在EXE程序中的资源内。
3. 加密+隐藏:Jar包会被加密,并且所有⽂件名都会被哈希,之后存储在EXE程序资源中,这是最常见的⼀种加密,也是最⿇烦的
⼀种提取⽅式。
⾯对后两种情况下,通常来说,我们如果想要提取完整的jar包,必须⽤ODB调程序执⾏到解密完成调⽤jar的位置,然后dump内存把所有内容dump下来。
这⾥学习⼀种⽅法(但是⽅法有⼀定缺点,我们后⾯讲把)
⾸先构建⼀个Java代理(JavaAgent),⽬的是让程序员可以更加灵活的监控Java虚拟机的运⾏。我们要实现的是监控ClassLoader,在它要加载⼀个类的时候,dump出这个类来并写⼊⼀个jar⽂件中。
然后激活该JavaAgent,接着运⾏Jar2Exe编译的Exe程序。尽可能多的测试程序中的功能,点击不同的按钮,让更多的类⽂件被加载到内存中,这样它们就会被dump出来。
但是缺点是很明显的
1.如果class没有加载就dump不到了
2.jar中的图⽚、⾳频等资源是得不到的。
重点来了!下⾯讲步骤
1.准备⼯作
然后放到同⼀个⽬录下
打开命令⾏并进⼊要破解的程序所在⽬录,在命令⾏输⼊以下命令设置JavaAgent的加载
set JAVA_TOOL_OPTIONS=-javaagent:e2j-agent.jar
该命令是让java程序在加载⼀个类时会⾃动调⽤JavaAgent
java源代码加密2.操作
命令⾏运⾏你需要提取源代码的软件即可。
这种⽅法有缺陷,但是最简单的办法,下⾯来看国外⼤神如何提取的。
这个连接天朝境内⽆法访问。
=========================================================================================这⾥是分割线
==========================================================================================
Unpacking Jar2Exe 2.1: Extracting The Jar File At All 3 Protection Levels
Welcome to this extensive tutorial for unpacking Jar2Exe. Jar2Exe is a java executable wrapper which works by taking your original java archive, wrapping it into an executable, and executing it through a virtual environment using the jvm.dll
provided with each java distribution. It also provides the ability to hide your archive and encrypt the class names making recovery difficult.  The goal of this tutorial is to demonstrate how to recover a jar file at the 3 different protection levels provided by Jar2Exe.
In this tutorial, I will be using the file SimpleApp.jar which is included with launch4j. You can protect it with the same settings to reverse along with me.
Tools Needed:
Resource Hacker
Winhex
Ollydbg 1.10+ MemoryDump 0.9 and  Olly Advanced or StrongOD Plugin(for advanced ctrl+g).
DJ Java Decompiler
7-Zip or Winrar
Jar2Exe Level 1: No Hiding, No Encryption:
This is the default wrapping level which provides no protection to your java file. As you can see, the Hide class files and Encrypt and hide class files options are left unchecked. This level of protection simply takes your java archive/jar file, concatenates it to the end of the executable, and embeds its java files inside of it. This java archive can be recovered using a hex editor, just like we did with launch4j in the previous tutorial. To begin, we will open sample file called
'' in winhex. To find the archive, scroll to the bottom of the file. Another option you can try other than scrolling is to search for the ascii string "serial "(with the space). This should take you directly to the archive, but I cannot guarantee that this approach will always be successful.
Once you are here, the first occurrence of 'PK' labels the start of our archive. We can label this as our beginning of block:
Once you have done so, right click the selected block and click Edit. In the new pane, go to Copy Block -> Into New File.
Afterwards, we can save it as a jar file. I used the name SimpleAppNoHide.jar:
Once we are finished, the program will run correctly, but to be tidy, we need to delete the extra files that Jar2Exe added to our archive. Let's open the archive in 7-zip or winrar(whichever you fancy).
Once it is opened, you can see that Jar2Exe adds an additional directory called 'com'. While some ot
her java applications may use this directory, Jar2Exe adds an additional subdirectory called regexlab.
After entering the com directory, we see that regexlab is the only subdirectory it contains, meaning that the entire com folder is unused and can simply be deleted from the archive, let's go ahead and delete it:
After confirming the deletion, we can close the archive and run the jar file.
If you did everything correctly, the application should run without problems and our work is finished.
Jar2Exe Level 2: Hidden Archive:
With the level 2 protection, Jar2Exe takes our java archive, encrypts it, and adds it as an RCData entry in the resource directory. To find the offset of the encrypted archive, we need to open our executable which I named '' in a resource editor. For this, I prefer resource hacker:

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。