[JAVA] Bypassing Licensing Schemes Through Bytecode Modification

[Intro]

I have been meaning to write a bot for Objection!, a game whose purpose is to test your ability to identify objectionable questions during a simulated trial.  While I have a valid key, I am only allowed to install it in one computer at a time.  Since I use my laptop more often than anything else, I installed the game there so I have it handy when I wish to use it for its intended purpose.

In the meantime, I had to come up with a solution so I can use the game on my development machine to write my bot. When I attempted to decompile the code, modify the licensing part, and recompile the code, I was hit with a bunch of repeated declarations and other ambiguous code (about 300 or so errors).  Needles to say…I’m way too lazy to manually resolve all those problems to recompile.  The next best(laziest) option was to modify the bytcode of the compiled classes so that I can do the same thing, without having to worry about recompiling and fixing all the issues.


[Tools]

  1. Eclipse
  2. ASM

Eclipse is as decent an IDE as any to do java work, and the existence of a bytecode-generating plugin for it makes it a top pick for this kind of work.

ASM is by far the fastest, most efficient java bytecode manipulation library out there right now.  Its use of the visitor pattern makes things kind of strange(at least for me), but after a while it kinda makes sense.

[Prologue]

To make things simple I extracted the game’s jar to its corresponding parts.  This is so I can directly load the classes and don’t have to worry about using JarFile or anything like that to load the JarEntry(s) etc.

[Tutorial]

First, I ran the game without a valid key.  This gives you an objection! game where you are allowed to play but are not allowed to advance passed level 1.

After quickly tracing through the decompiled code(the one that doesn’t compile back), I reached the area of code that prompted this message on what I assume is an invalid install.  This is an area inside of the “run()” method of the obj class.

Once I knew where the check was, it was only a matter of generating the proper asm calls to reproduce the method and then going in the bytecode and replacing that check with something more useful.  In order to produce the needed asm calls, I used the ASMify utility that is shipped with the ASM library.  This utility will take a class file and turn it into asm calls.  The relevant method’s needed asm calls look like this:

And the same code after modifying the if statement to fit our needs looks like this:

Launching the game with our loader after modifying the bytecode of the obj class, and obtaining the necessary score to reach level two now yields the following screen:

[Conclusion]

This was a brief introduction into how to use ASM to dynamically modify bytecode to bypass a simple licensing scheme.  If you are interested into how to actually load the game and modify the class, the full working source code can be found here.

Leave a Reply

Your email address will not be published. Required fields are marked *