cracking codelink v4.0 by silkware
by douby, 2 December 1998
(slightly edited by reverser+)
cracking codelink v4.0 by silkware
More and more companies are trying to make big money out of java
applets ... yet what's money? Money is NOTHING compared to knowledge...
as you will see cracking such an applet is a piece cake ...
The applet used in this essay is codelink v4.0 by silkware.
You can download it at
this applet can be used to password-protect some of your pages (duh!.. as if
my readers would need an applet to protect their pages)... it's a 30 day trial
version and reading the readme.html you'll soon find out that it can be registered
using a correct registration key...
To crack this baby only one tool is needed... JAD, a java decompiler...
you can download it at
Ok, enough 'chit chat' let's start cracking this applet...
decompile all the classes in the codelink directory and examine the
output files ... you will quickly come to the conclusion that the protection
scheme is hidden in the file called V4Codelink.class in a method called ftxx...
so, let's take a look at the protection scheme...
int fxtx = 2098;
String hexstart = "f-";
String hexfin = "3C";
boolean xzxzvv = true;
String xzxzv = "";
String param = getParameter("RegistrationID");
if(param == null)
if(param != null)
xzxzv = param;
xzxzv = xzxzv.trim(); //get right reg. id
String hexa4 = "";
int lengthh = xzxzv.length(); //store length of reg. id in lengthh
String bitof = "";
int iii = lengthh; //iii = length of reg. id
if(lengthh <= 9) //if lengthh <= 9 wrong reg. id
return false; //length of reg. id must be >= 10
Hhmm... interesting! The value of the param RegistrationID is stored in a
string called param, if param isn't null the string is stored in a string
called xzxzy... the string xzxzy is trimmed and it's length is stored in both
int lengthh and in int iii
if lengthh is < 10 you've got a wrong reg. id...
at this point in the code we've reached a for-loop .. let's take a look
for(int ii = 0; ii <= lengthh; ii++)
if(iii <= 0)
iii = 0;
bitof = xzxzv.substring(iii, lengthh - ii);
hexa4 = hexa4 + bitof;
hmm ... the string bitof is filled with the character at position
lengthh-ii in the string and is concatenated to hexa4 so the only
thing this for loop does is to turn the string around...
btw they could have used charAt instead of substring but I bet
they used substring to make the code tougher too crack... hahaha...
let's take a look at the next part of the code...
String hexa5 = hexa4; //hexa5=hexa4
int hexa7 = hexa5.length(); //hexa7=length of hexa5
String Licen = hexa5.substring(0, 2);//Licen=first 2 chars of hexa5
String ProdnVers = hexa5.substring(hexa7 - 2, hexa7);
//ProdnVers=last 2 chars of hexa5
String rawNum = hexa5.substring(2, hexa7 - 3);
//rawnr is the rest of the chars
on to the next 'obstacle' the string in hexa4 is copied in the string
called hexa5 the length of hexa5 is copied into hexa7... now comes the
interesting part this part tells use a right reg. id should consist of a Licen
string, a ProdnVers String, and a rawNum string... the Licen string has to be
the first 2 chars of the hexa5 string, the prodnVers has to be the last 2 chars
of the hexa5 string, the rawNum string contains the rest of the remaining
int moveto = rawNum.indexOf("-"); //there must be a '-' in the rawnr
if(moveto < 0)
String bitup = rawNum.substring(0, moveto);
//copy part before '-' into bitup
String bitdn = rawNum.substring(moveto + 1, rawNum.length());
//copy part after '-' into bitdn
String Num = bitup + bitdn; //concatenate bitup+bitdn
String Whatisit = "Code:" + xzxzv + " The Reverse:" + hexa4 +
" licence:" + Licen + " Version" + ProdnVers + "\n" + rawNum + " "
somewhere in the rawNum string there has to be a "-" character if not
the registration id you're using is a fake ... else the bitup string is
given the value of the part before the "-" and bitdn is given the value of
the part after the "-" both bitup and bitdn are concatenated and copied
into the string num ...
original = Integer.parseInt(Num); //parse string to int
Num = "0";
int Result = 0;
Result = original % fxtx; //nr has to be a mod of fxtx=2098
boolean rtclassconvert = false;
rtclassconvert = hexfin.equals(ProdnVers);
//ProdnVers has to be "3C"
boolean KeepCool = true;
KeepCool = hexstart.equals(Licen);
//Licen has to be "f-"
String fallornerd = "not Registered";
if(Result == 0 && rtclassconvert && KeepCool)
fallornerd = "Licenced";
in the remaining part of the code the string Num is parsed to an int and
copied into the int original ... the int original has to be a modulus of
2098, the ProdnVers string has to be 3C and the Licen string has to be "f-"
putting all this information together we get a turned around
registration id looking like this...
with "f-" being the Licen String, "3C" being the ProdnVers and
abcde mod 2098=0 turn it around and you'll get the right reg. id...
something like this ...
well that's all folks ... hope you liked the essay ...
for comments,suggestions or just to say hello you can email me at:
Is reverse engineering illegal?