├── CrackSleeve.java └── README.md /CrackSleeve.java: -------------------------------------------------------------------------------- 1 | import common.*; 2 | import dns.SleeveSecurity; 3 | 4 | import java.io.*; 5 | import java.util.Enumeration; 6 | import java.util.jar.JarEntry; 7 | import java.util.jar.JarFile; 8 | 9 | 10 | public class CrackSleeve { 11 | private static byte[] OriginKey = {-7, -13, -67, 44, 88, -74, 56, 127, 34, -122, 32, -87, -88, -44, -92, -41}; 12 | private static byte[] CustomizeKey = null; 13 | 14 | private String DecDir = "cs45Resource/Decode/sleeve"; 15 | private String EncDir = "cs45Resource/Encode/sleeve"; 16 | 17 | 18 | 19 | public static String bytesToHex(byte[] data) { 20 | char[] hex = new char[32]; 21 | for (int i = 0; i < 16; i++) { 22 | int di = data[i]; 23 | hex[i << 1] = Character.forDigit((di >> 4) & 15, 16); 24 | hex[(i << 1) + 1] = Character.forDigit(di & 15, 16); 25 | } 26 | return new String(hex); 27 | } 28 | 29 | public static byte[] hex2bytes(String var0) { 30 | int var1 = var0.length(); 31 | byte[] var2 = new byte[var1 / 2]; 32 | 33 | for (int var3 = 0; var3 < var1; var3 += 2) { 34 | var2[var3 / 2] = (byte) ((Character.digit(var0.charAt(var3), 16) << 4) + Character.digit(var0.charAt(var3 + 1), 16)); 35 | } 36 | 37 | return var2; 38 | } 39 | 40 | public static byte[] Generate_Key() { 41 | java.security.SecureRandom random = new java.security.SecureRandom(); 42 | byte[] PrivateBytes = new byte[16]; 43 | random.nextBytes(PrivateBytes); 44 | String Random_Keys = java.util.Arrays.toString(PrivateBytes); 45 | System.out.println("[-] Example: \n[*] Random_Keys= " + Random_Keys); 46 | return PrivateBytes; 47 | } 48 | 49 | 50 | public static void main(String[] args) throws IOException { 51 | if (args.length == 0 || args[0].equals("-h") || args[0].equals("--help")) { 52 | System.out.println("UseAge: CrackSleeve OPTION [key]"); 53 | System.out.println("Options:"); 54 | System.out.println("\tdecode\t\tDecode sleeve files"); 55 | System.out.println("\tencode\t\tEncode sleeve files"); 56 | System.out.println("\tkey\t\tCustomize key string for encode sleeve files"); 57 | System.exit(0); 58 | } 59 | String option = args[0]; 60 | if (option.toLowerCase().equals("encode")) { 61 | if (args.length <= 1) { 62 | System.out.println("[-] Please enter key."); 63 | byte[] Customize_key = Generate_Key(); 64 | System.out.println("[*] Random_Keys Hash =>> " + bytesToHex(Customize_key)); 65 | System.out.printf("[*] $ java -cp cobaltstrike.jar:. CrackSleeve encode %s \n", bytesToHex(Customize_key) +"\n"); 66 | System.exit(0); 67 | } 68 | String CustomizeKeyStr = args[1]; 69 | if (CustomizeKeyStr.length() < 16) { 70 | System.out.println("[-] key length must be 16."); 71 | System.exit(0); 72 | } 73 | System.out.println("Init Key: " + CustomizeKeyStr.substring(0, 32)); 74 | // CustomizeKey = CustomizeKeyStr.substring(0,16).getBytes(); 75 | CustomizeKey = hex2bytes(CustomizeKeyStr.substring(0, 32)); 76 | } 77 | 78 | 79 | CrackSleeve Cracker = new CrackSleeve(); 80 | // 使用正版key初始化SleeveSecurity中的key 81 | if (option.equals("decode")) { 82 | CrackSleevedResource.Setup(OriginKey); 83 | Cracker.DecodeFile(); 84 | } else if (option.equals("encode")) { 85 | CrackSleevedResource.Setup(CustomizeKey); 86 | Cracker.EncodeFile(); 87 | } 88 | } 89 | 90 | private void DecodeFile() throws IOException { 91 | // 文件保存目录 92 | File saveDir = new File(this.DecDir); 93 | if (!saveDir.isDirectory()) { 94 | saveDir.mkdirs(); 95 | } 96 | 97 | // 获取jar文件中sleeve文件夹下的文件列表 98 | try { 99 | String path = this.getClass().getClassLoader().getResource("sleeve").getPath(); 100 | String jarPath = path.substring(5, path.indexOf("!/")); 101 | Enumeration jarEnum = new JarFile(new File(jarPath)).entries(); 102 | while (jarEnum.hasMoreElements()) { 103 | JarEntry Element = jarEnum.nextElement(); 104 | String FileName = Element.getName(); 105 | if (FileName.indexOf("sleeve") >= 0 && !FileName.equals("sleeve/")) { 106 | System.out.print("[+] Decoding " + FileName + "......"); 107 | byte[] decBytes = CrackSleevedResource.DecodeResource(FileName); 108 | if (decBytes.length > 0) { 109 | System.out.println("Done."); 110 | CommonUtils.writeToFile(new File(saveDir, "../" + FileName), decBytes); 111 | } else { 112 | System.out.println("Fail."); 113 | } 114 | } 115 | } 116 | } catch (IOException e) { 117 | e.printStackTrace(); 118 | } 119 | 120 | } 121 | 122 | private void EncodeFile() { 123 | // 文件保存目录 124 | File saveDir = new File(this.EncDir); 125 | if (!saveDir.isDirectory()) { 126 | saveDir.mkdirs(); 127 | } 128 | 129 | // 获取解密文件列表 130 | File decDir = new File(this.DecDir); 131 | File[] decFiles = decDir.listFiles(); 132 | if (decFiles.length == 0) { 133 | System.out.println("[-] There's no file to encode, please decode first."); 134 | System.exit(0); 135 | } 136 | 137 | for (File file : decFiles) { 138 | String filename = decDir.getPath() + "/" + file.getName(); 139 | System.out.print("[+] Encoding " + file.getName() + "......"); 140 | byte[] encBytes = CrackSleevedResource.EncodeResource(filename); 141 | if (encBytes.length > 0) { 142 | System.out.println("Done."); 143 | CommonUtils.writeToFile(new File(saveDir, file.getName()), encBytes); 144 | } else { 145 | System.out.println("Fail."); 146 | } 147 | } 148 | } 149 | } 150 | 151 | class CrackSleevedResource { 152 | private static CrackSleevedResource singleton; 153 | 154 | private SleeveSecurity data = new SleeveSecurity(); 155 | 156 | public static void Setup(byte[] paramArrayOfbyte) { 157 | singleton = new CrackSleevedResource(paramArrayOfbyte); 158 | } 159 | 160 | public static byte[] DecodeResource(String paramString) { 161 | return singleton._DecodeResource(paramString); 162 | } 163 | 164 | public static byte[] EncodeResource(String paramString) { 165 | return singleton._EncodeResource(paramString); 166 | } 167 | 168 | private CrackSleevedResource(byte[] paramArrayOfbyte) { 169 | this.data.registerKey(paramArrayOfbyte); 170 | } 171 | 172 | private byte[] _DecodeResource(String paramString) { 173 | byte[] arrayOfByte1 = CommonUtils.readResource(paramString); 174 | if (arrayOfByte1.length > 0) { 175 | long l = System.currentTimeMillis(); 176 | return this.data.decrypt(arrayOfByte1); 177 | } 178 | byte[] arrayOfByte2 = CommonUtils.readResource(paramString); 179 | if (arrayOfByte2.length == 0) { 180 | CommonUtils.print_error("Could not find sleeved resource: " + paramString + " [ERROR]"); 181 | } else { 182 | CommonUtils.print_stat("Used internal resource: " + paramString); 183 | } 184 | return arrayOfByte2; 185 | } 186 | 187 | private byte[] _EncodeResource(String paramString) { 188 | try { 189 | File fileResource = new File(paramString); 190 | InputStream fileStream = new FileInputStream(fileResource); 191 | if (fileStream != null) { 192 | byte[] fileBytes = CommonUtils.readAll(fileStream); 193 | if (fileBytes.length > 0) { 194 | byte[] fileEncBytes = this.data.encrypt(fileBytes); 195 | return fileEncBytes; 196 | } 197 | } 198 | } catch (FileNotFoundException e) { 199 | e.printStackTrace(); 200 | } 201 | return null; 202 | } 203 | } 204 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CrackSleeve 2 | 3 | 破解CS4.0 4 | # UseAge 5 | 1. 将cobaltstrike.jar和CrackSleeve.java放一起 6 | 2. 编译(`javac -encoding UTF-8 -classpath cobaltstrike.jar CrackSleeve.java`) 7 | 3. 解密文件(`java -classpath cobaltstrike.jar;./ CrackSleeve decode`) 8 | 4. 自定义16位字符串加密文件(`java -classpath cobaltstrike.jar;./ CrackSleeve encode CustomizeString`) 9 | 5. 将解密后的sleeve文件夹替换jar包中的文件夹 10 | 11 | ``` 12 | UseAge: CrackSleeve OPTION [key] 13 | Options: 14 | decode Decode sleeve files 15 | encode Encode sleeve files 16 | key Customize key string for encode sleeve files 17 | ``` 18 | 19 | ## Change Encode 20 | 21 | 有些字节是不可见的被当做key,为了方便传参,使用base64 或者 hex 22 | 23 | ``` 24 | public static byte[] hex2bytes(String var0) { 25 | int var1 = var0.length(); 26 | byte[] var2 = new byte[var1 / 2]; 27 | 28 | for(int var3 = 0; var3 < var1; var3 += 2) { 29 | var2[var3 / 2] = (byte)((Character.digit(var0.charAt(var3), 16) << 4) + Character.digit(var0.charAt(var3 + 1), 16)); 30 | } 31 | 32 | return var2; 33 | } 34 | ``` 35 | 36 | 原 37 | 38 | ``` 39 | // CustomizeKey = CustomizeKeyStr.substring(0,16).getBytes(); 40 | ``` 41 | 42 | 修改后: 43 | ``` 44 | CustomizeKey = hex2bytes(CustomizeKeyStr.substring(0,32)); 45 | ``` 46 | 47 | ### Encode 48 | 49 | 50 | ``` 51 | $ java -cp cobaltstrike.jar:. CrackSleeve encode 52 | 53 | [-] Please enter key. 54 | [-] Example: 55 | [*] Random_Keys= [4, -7, -40, -75, 75, -18, 6, -82, 0, -68, -29, 36, 109, -37, -99, 36] 56 | [*] Random_Keys Hash =>> 04f9d8b54bee06ae00bce3246ddb9d24 57 | [*] $ java -cp cobaltstrike.jar:. CrackSleeve encode 04f9d8b54bee06ae00bce3246ddb9d24 58 | 59 | ``` 60 | 61 | --------------------------------------------------------------------------------