Monday, April 12, 2010

ClassGuard UNGUARDED or How to Crack ClassGuard ?

Quote from the site ( :

How secure is it really?

There is no way of cracking the used 128Bit AES Encryption. As the main part of ClassGuard is written in C, the key can't be extracted using a Java decompiler. However, there may be possibilities to crack the encryption using a debugger on the assembler level. At the moment, no such attempt is known.

Some experts state, it would be possible to crack byte code encryption by hacking some class files of the Java language itsself, e.g. defineClass() in java.lang.ClassLoader. Bytecode encrypted by ClassGuard is passed through to the virtual machine on the native level. The bytecode never appears in any Java class.

Note the underlined (by me) part in red.
This is (yet another) proof that security by obscurity is a BAD idea.

Classguard is set of java classes and a native library
that encrypts/decrypts java programs (.class files).Classes
must be in .jar archive before you encrypt/protect them.

When started ,your java program gets decrypted in memory.
The native libraries are located in classguard.jar/lib/ .
There are several ,for different OS-es.For windows these are
libcg_x64_win.dllx (64-bit) and lib\libcg_x86_win.dllx (32-bit).

Since library is packed in .jar file,during runtime
it gets unpacked into temporary directory with random name.On windows Xp temp dir is
\Documents and Settings\your_username\Local Settings\Temp\.
Library code is used to decrypt classes in memory.

Let's crack ClassGuard :)