Home 零对冲(ZeroHedge)每日HackerNews

绕过巧妙的CD校验
Bypassing a Clever CD-Check

原始链接: https://www.davidschlachter.com/misc/no-cd-patch

为了在没有参考光盘的情况下使用旧应用程序,作者成功绕过了一个简单的光盘存在性检查。该应用程序的核心逻辑只有在通过特定参数(“Invalid class”)调用时才会启动。最初,反编译应用程序揭示了这个关键函数,但Windows启动器被严重混淆。 然而,macOS启动器被证明是一个直接的shell脚本,*已经*提供了这些参数。这一发现使得该应用程序能够在macOS上无需光盘即可运行。进一步的测试证实,相同的方法在Linux上也能完美运行,只需创建一个自定义的`.desktop`文件即可使用正确的参数启动应用程序。 值得注意的是,即使Linux不是官方支持的平台,该应用程序也能正常运行,这展示了绕过特定平台启动器限制的力量。

黑客新闻 新的 | 过去的 | 评论 | 提问 | 展示 | 工作 | 提交 登录 绕过一个巧妙的CD检查 (davidschlachter.com) 8 分,由 dddddaviddddd 1小时前发布 | 隐藏 | 过去的 | 收藏 | 1 条评论 w4yai 4分钟前 [–] 这有什么巧妙之处? 回复 指南 | 常见问题 | 列表 | API | 安全 | 法律 | 申请YC | 联系 搜索:
相关文章
原文

I have an old reference CD that I've been wanting to use without an external drive and the actual disk. However, the application won't launch without the CD:

Error S14 Cannot open Please ensure the CD-ROM is inserted. OK.

Sometime last year, I wondered if I could figure out how to bypass the CD presence check. After a few attempts at decompiling the application, I finally found the key function:

public class Start {
  public static void main(String[] paramArrayOfString) {
    if (paramArrayOfString.length == 2 && paramArrayOfString[0].equals("Invalid") && paramArrayOfString[1].equals("class")) {
      fu.main(new String[] { "none" });
      return;
    } 
    Object object = new Object();
    BorderLayout borderLayout = new BorderLayout(30, 30);
    Frame frame;
    (frame = new Frame("Application")).setLayout(borderLayout);
    frame.add(new Label("   Application - loading..."));
    Toolkit toolkit;
    Dimension dimension = (toolkit = Toolkit.getDefaultToolkit()).getScreenSize();
    frame.setLocation(dimension.width / 2 - 80, dimension.height / 2 - 40);
    frame.pack();
    frame.setVisible(true);
    synchronized (object) {
      try {
        object.wait(3000L);
      } catch (InterruptedException interruptedException) {}
    } 
    JOptionPane.showMessageDialog(null, "Cannot open [redacted].\nPlease ensure the CD-ROM is inserted.");
    System.exit(1);
  }
}

The application is simply checking that it's invoked with the arguments "Invalid class". If yes, then it starts the real entrypoint in fu.main; if no, it waits three seconds to pretend that it's working, then shows the error message!

The application launcher provides the secret arguments. In the Windows version, the launcher is obfuscated and I wasn't able to make sense of it when decompiled. (I believe it also does more sophisticated CD presence checks before launching the program.) I discovered the code above when I finally thought to look at the macOS launcher, which was simply a shell script that invoked the program with the right arguments.

Some testing showed that everything works perfectly on Linux, so I made a .desktop file that invokes the program with the magic words. I'm extra happy because Linux isn't one of the officially supported platforms, but with the platform-specific launchers out of the way, it works as-expected.

联系我们 contact @ memedata.com