aspose 为收费软件,以下仅仅用于学习技术,请勿做任何商业用途,如果需要请到官网购买正版!
参考了
https://blog.csdn.net/qiumin333/article/details/130177125
具体分析该博主已写得十分清晰,可以对照查看,这里我只整理了破解需要查看的文件和属性,并对博主在分析中部分没提到的信息进行了小小整理,用于android开发项目中,将word转为pdf无水印,了解以下内容基本可实现对大多版本进行破解。
aspose-words:23.6 android.via.java
1.License 类
新版本的加载方法与博主中破解的版本已不同
虽然两者使用的方法不同,但最终zzT仍调用zzU方法,因此我们下面只分析zzU方法
public class License {
zzZOK zzYhx = zzZOK.zziS();
public License() {
}
// 从文件名加载 license.xml
public void setLicense(String licenseName) throws Exception {
if (licenseName == null) {
throw new NullPointerException(this.zzYhx.zzZn(new byte[]{
108, 105, 99, 101, 110, 115, 101, 78, 97, 109, 101}));
} else {
//这里是zzT方法
(new zzZ6F()).zzT(licenseName, zzZI9.zzdg());
}
}
// 从文件流加载
public void setLicense(InputStream stream) throws Exception {
if (stream == null) {
throw new NullPointerException(this.zzYhx.zzZn(new byte[]{
115, 116, 114, 101, 97, 109}));
} else {
//这里是zzU方法
new zzZ6F();
zzZ6F.zzU(stream);
}
}
public void setLicenseInternal(zzZP9 licenseStream) throws Exception {
this.setLicense(zzZP9.zzZK(licenseStream));
}
}
2 zzZ6F类
zzT看一下即可,调用zzU方法
void zzT(String var1, Class var2) throws Exception {
this.zzYhx.zzZn(new byte[]{
80, 114, 111, 102, 101, 115, 115, 105, 111, 110, 97, 108});
this.zzYhx.zzZn(new byte[]{
80, 114, 111, 102, 101, 115, 115, 105, 111, 110, 97, 108});
if (!"".equals(var1)) {
InputStream var3 = this.zzS(var1, var2);
try {
zzU(var3);
} finally {
if (var3 != null) {
var3.close();
}
}
} else {
synchronized(zzYhr) {
zzYhw.clear();
}
}
}
zzU
static void zzU(InputStream var0) throws Exception {
if (var0 == null) {
throw new NullPointerException(zzZOK.zziS().zzYQ(new byte[]{
116, 115, 101, 114, 109, 97}));
} else {
zzZ6E var1;
// var1 = zzT(var0)解析文档xml 生成 zzZ6E 对象
// zzZ()校验;后续分析该方法
zzZ(var1 = zzT(var0));
// 校验订购失效时间
if (var1.zzYU7()) {
/* The subscription included in this license allows free upgrades until xxx, but this version of the product was released on 01 Apr 2023. Please renew the subscription or use a previous version of the product.*/
throw new IllegalStateException(zzZL7.format(zzYDR.zz1(zzYDQ.zzYfP()), new Object[]{
var1.zzYU2().zzY(zzZOK.zziS().zzYQ(new byte[]{
100, 100, 77, 32, 77, 77, 121, 32, 121, 121, 121}), zzZPL.zzk6()), zzZ6E.zzYU4().zzY(zzZOK.zziS().zzYQ(new byte[]{
100, 100, 77, 32, 77, 77, 121, 32, 121, 121, 121}), zzZPL.zzk6())}));
}
// 校验注册码失效时间
else if (var1.zzYU6()) {
// The license has expired.
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfO()));
} else {
/* 把注册成功的解析完成的注册信息放到数组中
这里很关键,最终我们要构造一个 zzXgC 对象放到 zzZ6E 数组中去
*/
synchronized(zzYhr) {
if (zzYhw.indexOf(var1) == -1) {
zzYhw.add(var1);
}
}
}
}
}
zzT方法,解析文档xml 生成 zzZ6E 对象
private static zzZ6E zzT(InputStream var0) throws Exception {
Element var1;
Element var2 = zzX(var1 = zzZT6.zznr().newDocumentBuilder().parse(var0).getDocumentElement(), zzZOK.zziS().zzYQ(new byte[]{
97, 68, 97, 116}));
Element var3 = zzX(var1, zzZOK.zziS().zzYQ(new byte[]{
105, 83, 110, 103, 116, 97, 114, 117, 101}));
if (var2 != null && var3 != null) {
zzZ6E var4;
// zzZ(var2, var3)解析文档生成 zzZ6E 注册信息对象, 如果解析不对会去改变 zzZ6E.zzXFN 的值
// .zzYU5() 判断注册码是否有效
if ((var4 = zzZ(var2, var3)).zzYU5() == 0) {
// The license is not valid for this product.
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfQ()));
// 验证签名 getData() Data标签数据,zzYU1() Signature标签数据,zzYU3() 1
} else if (!zzM(var4.getData(), var4.zzYU1(), var4.zzYU3())) {
// Invalid license signature. Please make sure the license file was not modified.
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfV()));
} else {
return var4;
}
} else {
// 读取不到数据,即xml文件格式错误
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfC()));
}
}
zzZ方法
private static void zzZ(zzZ6E var0) throws Exception {
synchronized(zzYhs) {
if (zzYhv == null) {
// 获取黑名单列表 Aspose.License.BlackList
zzYhv = zzZB(zzYDR.zz1(zzYDQ.zzYfU()), 0);
}
if (zzYhu == null) {
// Conholdate.License.BlackList
zzYhu = zzZB(zzYDR.zz1(zzYDQ.zzYfT()), 1);
}
if (zzYht == null) {
// Aspose.Market.License.BlackList
zzYht = zzZB(zzYDR.zz1(zzYDQ.zzYfS()), 2);
}
}
// 关键信息,大于0 签名失败 后面构造的对象 zzY4F就为0
if (zzY4F.zzXXU() > 0) {
// Invalid license signature. Please make sure the license file was not modified.
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfV()));
} else if (zzYhv.contains(var0.getSerialNumber()) ||
// 验证是否在黑名单中zzYhu.contains(var0.getSerialNumber()) || zzYht.contains(var0.getSerialNumber())) {
throw new IllegalStateException(zzYDR.zz1(zzYDQ.zzYfR()));
}
}
3 zzY4F类
主要看以下两段代码,得到zzX4y 和zzX4x 这两个属性
static int zzXXV() {
return zzX4y == 128 && !zzX4x ? 256 : 4096;
}
static void zzXXS() {
zzX4x = false;
}
4 破解代码
/**
* aspose-words:23.6 android.via.java版本
*/
public static void registerWord() {
// 构造一个注册信息
try {
Class<?> zzZ6EClass = Class.forName("com.aspose.words.zzZ6E");
Constructor<?> constructors = zzZ6EClass.getDeclaredConstructors()[0];
constructors.setAccessible(true);
Object instance = constructors.newInstance(null, null);
// zzYhn = 1 zzZ6E里面的zzYhn
Field zzYhn = zzZ6EClass.getDeclaredField("zzYhn");
zzYhn.setAccessible(true);
zzYhn.set(instance, 1);
Class<?> zzZ6FClass = Class.forName("com.aspose.words.zzZ6F");
constructors.setAccessible(true);
Object zzZ6FInstance = constructors.newInstance(null, null);
Field zzYhw = zzZ6FClass.getDeclaredField("zzYhw");
zzYhw.setAccessible(true);
ArrayList<Object> zzYhwValue = new ArrayList<>();
zzYhwValue.add(instance);
zzYhw.set(null, zzYhwValue);
// 生成文档会掉这个来判断 zzVSF
Class<?> zzY4FClass = Class.forName("com.aspose.words.zzY4F");
//zzY4F类中的zzX4y
Field zzX4y = zzY4FClass.getDeclaredField("zzX4y");
zzX4y.setAccessible(true);
zzX4y.set(null, 128);
//zzY4F类中的zzX4x
Field zzX4x = zzY4FClass.getDeclaredField("zzX4x");
zzX4x.setAccessible(true);
zzX4x.set(null, false);
} catch (Exception e) {
System.out.println("失败失败失败");
e.printStackTrace();
}
}
主要分析用到的类和方法
License —— setLicense加载xml
zzZ6F —— zzU加载、 zzZ()校验、zzT
zzY4F
效果图如下
