这个老外的好东东,真是一个不错的BBS,偶在0DAY中找到了3。08版的CCF破解,但是大家看看3。09改的问题吧:
Fixed OutOfMemoryError when viewing a watch summary page with forum watches. This problem only affected 3.0.8.
Fixed incorrect URLs on watch icons.
Fixed "null" display of the parent message body on the post form page (replies only). This problem only affected 3.0.8.
Added a section about the optional custom-actions.xml file in the developer docs (default skin section). You can use the custom-actions.xml file to override existing actions or define your own actions without editing the actions.xml file.
Fixed minor report engine bugs.
Introduced a change to "edited by" messages where the timestamp will never be displayed.
Fixed unnecessary heavy logging to the "warn" log by the ForumThreadAction class.
i18n Change Summary: (see i18n properties file for more info)
以上这些问题都是偶不得不找3。09的原因了,但是苦在于版本太新0DAY找不到,只有自己动手上了,可是偶的JAVA水平真的好烂,在查找多方资料与借鉴3。08版本的破解后偶终于成功了,激动的晚上想失眠,可是太累只有做梦失眠一会吧!
下面就吧偶的破解过程告诉大家,由于3。08与3。09在功能上差别不大只是因为3。09修正了几个可怕的补丁,所以偶想他们在LIC上应该也不会有差别,所以就开始比较他们的文件包的大小,结果发现3。08与3。09中的jive3\WEB-INF\libjivebase.jar文件大小不一样,而且还有几个也不同,但是偶不管了只要找到LIC就可以了,把jivebase.jar展开后,在jivebase\com\jivesoftware\base\LicenseManager.class应该是LIC的控制文件,当然也有其他地方有相关的LIC文件,但此文件经过偶的推敲后认定就是他了。
偶就使用JAD反编译工具把此LicenseManager.class文件编译成LicenseManager.JAVA后发现的确如此,此文件内充满了条件判断,但其中只有两个函数是决定LIC文件在什么地方与该LIC文件确定的版本与功能限制,呵呵。。。只要把他们饶过就OK了,于是呼小弟就在此下了狠手,下面是这两个函数的内容:
static boolean validate(License license)
throws Exception
{
String publicKey = "308201b73082012c06072a8648ce3804013082011f02818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c70215009760508f15230bccb292b982a2eb840bf0581cf502818100f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a038184000281800af088055b9304337d285bd946e095465b6d16472e8fc4c29ab735d46fed6140236a3227a2afce0ec54d0002cb95a4988a3e545b1c58c030515c24ecc3de6763fca3f09e05ca568a594d370b879a338043ee3c5a6fe26e95c2b749ce4a8150cd61dd0459e6d5d0862a1ca857c8efc55c73ef3e883ca89eb8358b7147d06d854a";
byte pub[] = StringUtils.decodeHex(publicKey);
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pub);
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
java.security.PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Signature sig = Signature.getInstance("DSA");
sig.initVerify(pubKey);
sig.update(license.getFingerprint());
return sig.verify(StringUtils.decodeHex(license.getSignature()));
}
此函数是进行公共钥匙加密算法的计算,偶可以不要了,看的偶头都痛了,于是就把他改成了如下:
static boolean validate(License license)
throws Exception
{
return true;
}
嘿嘿。。。是不是好狠呀!当然因为小弟是抄人家的,哈哈。。。
弟二个函数如下:
private static synchronized void loadLicense()
{
if(license != null)
return;
File file = new File(JiveGlobals.getJiveHome(), "jive.license");
if(!file.exists())
{
error = true;
errorMsg = "The license file could not be found at " + file.getAbsolutePath() + ".";
return;
}
if(!file.canRead())
{
error = true;
errorMsg = "The license file was found at " + file.getAbsolutePath() + ", but Jive does not have permission to read it.";
return;
}
long now;
try
{
BufferedReader in = new BufferedReader(new FileReader(file));
StringBuffer text = new StringBuffer();
char buf[] = new char[1024];
int j;
while((j = in.read(buf)) >= 0)
{
for(int i = 0; i < j; i++)
{
char ch = buf[i];
if(Character.isLetter(ch) || Character.isDigit(ch) || ch == '+' || ch == '/' || ch == '=')
text.append(ch);
}
}
in.close();
String xml = StringUtils.decodeBase64(text.toString());
license = License.fromXML(xml);
if(license.getLicenseID() == 1L)
{
error = true;
errorMsg = "Your license file is out of date and is no longer valid. Please use a new license file";
return;
}
}
catch(Exception e)
{
Log.error(e);
error = true;
if(e instanceof JDOMException)
errorMsg = "Your license file is corrupt (" + file.getAbsolutePath() + ").";
else
errorMsg = "There was an error reading the license file at " + file.getAbsolutePath() + ": " + e.getMessage();
return;
}
if(license.getExpiresDate() != null)
{
now = System.currentTimeMillis();
if(license.getExpiresDate().getTime() < now)
{
error = true;
errorMsg = "Your license expired (" + file.getAbsolutePath() + ").";
return;
}
}
if(!validate(license))
{
error = true;
errorMsg = "Your license file does not appear to be valid (" + file.getAbsolutePath() + ").";
return;
}
error = false;
return;
}
在这个函数里就是找LIC文件,同时对里面的密钥进行解密,只要来个更狠的就把他搞定,看看偶的修改后函数:
private static synchronized void loadLicense()
{
if(license != null)
{
return;
} else
{
license = new License(0xbc614eL, "Jive Forums Enterprise", "3.0.9", License.LicenseType.COMMERCIAL);
license.setCompany("Goldoutlook");
license.setCreationDate(new Date());
license.setName("Gold");
license.setNumClusterMembers(999);
license.setNumCopies(999);
license.setURL("http://WWW.Goldoutlook.Com/");
error = false;
return;
}
}
相信大家都知道是什么意思了吧!嘿嘿。。。这个函数的废话太多了,偶给去掉一点点而已,就OK了。
最后把修改过的LicenseManager.java编译一下,偶用的是JBUILDER8,别的不会用。
然后把LicenseManager.CLASS文件覆盖以前的LicenseManager.CLASS,从新用JAR打包成jivebase.jar文件覆盖以前,然后从启动TOMCAT从新进入该系统,顺利通过验收。
