#XRAYCRACKER
Use -g username to generate a permanent certificate
# ./xray-cracker -g kali
The certificate has been written to the file: xray-license.lic
At present, PubKey is encrypted, and the encryption algorithm is very simple, but the function is hard-coded with hundreds of local variables. After a wave of replacement, two by one, addition, subtraction, XOR and other operations are performed to restore it. It seems that it is restored using The encryption function code generated by the code is then compiled. If you spend time on this, it may be a dead end, because the code can be regenerated before each compilation.
So I chose to start from other places. Obviously the public key is used to verify the signature. It seems that it is enough to directly modify the return value of the signature verification function. VerifyPSS in golang returns an err. If err==nil means the signature is not valid. The problem, put it in assembly is test a certain register and then setz or setnz, just change it
Use -c path-to-xray to automatically patch binary xray
# ./xray-crack.exe -c xray_linux_amd64
linux amd64
[.text] offset: 0x1000, addr: 0x401000-0x11787e3
Signature last index: 0xae2f2e
Patch success: xray_linux_amd64After using the modified version of xray and permanent certificate, the effect is as follows
# ./xray_linux_amd64 version
Version: 1.3.3/1d166d72/COMMUNITY-ADVANCED
Licensed to kali, license is valid until 2099-09-08 19:00:00
[INFO] 2020-09-29 00:20:20 [default:entry.go:122] set file descriptor limit to 10000
[INFO] 2020-09-29 00:20:20 [default:entry.go:157] loading config file from /home/kali/tools/scan/xray/config.yaml
[xray 1.3.3/1d166d72]
Build: [2020-09-17] [linux/amd64] [RELEASE/COMMUNITY-ADVANCED]
Compiler Version: go version go1.14.4 linux/amd64
License ID: 000000000000000000000000000000000
User Name: kali/000000000000000000000000000000000
Not Valid Before: 2020-06-11 12:00:00
Not Valid After: 2099-09-08 19:00:00
To show open source licenses, please use `osslicense` sub-command.