This small document will explain how I cracked version 3.3.1 of JNIC. (https://jnic.dev)
The motive of this crack was simply to test the strength of "DRM" applied to JNIC.
Upon opening the JNIC JAR in a decompiler, I quickly discovered a 'JNICLoader' class, which contained methods whos first parameter were MethodHandles (all of these methods were named 'invoke').
Instinctively I started logging the parameters passed into these methods, along with the MethodHandle's 'descriptor'.
After some logging, I found where it contacts the authentication server, and simply reproduced a local proxy server to return the same results.
Obviously it wasn't as simple as just proxying the server. After digging a little deeper I found where the server's auth response was passed through one of the invoke methods in JNICLoader.
I simply tweaked the function to forcefully use a predefined auth string for authentication.
To my surprise it actually worked!
I tested JNIC on a sample JAR, and somewhere down the line, it threw an exception as it was verifying it's own (the JAR's) certificates. After forcefully returning the original JAR's certificates the program worked normally.
send crack?