对于Elasticsearch 6x/7x 我以前写的博文仍然有效,传送门 https://blog.wolfbolin.com/archives/615
本文基于Elasticsearch 8.2.0 测试编写,测试环境 CentOS7、Docker20.10、openJDK17。破解方法的区别仅在于基础软件安装的区别,与破解核心流程无关。
自动编译破解流程
基于Docker的自动编译流程
通过在Docker中进行软件的获取与编译,就可以获得对应版本的x-pack-core-$version.jar。无需使用rpm安装程序,不会污染宿主机运行环境。个人编写并维护一份自动化编译破解包的流程。欢迎交流~
Github仓库:https://github.com/wolfbolin/crack-elasticsearch-by-docker
# 获取源码
git clone https://github.com/wolfbolin/crack-elasticsearch-by-docker.git
cd crack-elasticsearch-by-docker
# 指定版本并运行
version=8.2.0
bash crack.sh $version
# 编译产物和编译中间件保存在output文件夹中
cp output/x-pack-core-$version.crack.jar x-pack-core-$version.jar
手工编译破解流程
安装Elasticsearch 8.x
这个过程不可缺少,你可以基于yum、rpm或docker进行Elasticsearch 8的安装,安装Elasticsearch的目的是获取Java文件的编译依赖。本文以8.2.0为例,并给出基于docker的多版本自动编译脚本。
使用rpm安装
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
wget --no-dns-cache https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.0-x86_64.rpm
rpm --install elasticsearch-8.2.0-x86_64.rpm
使用Docker安装
docker pull elasticsearch:8.2.0
安装openJDK17
此处可参考网络上多种方案,此处给出docker方案
docker pull openjdk:17-jdk-buster
破解x-pack-core
获取两个文件的源代码,在7.x或6.x的版本中可通过luyten反编译获得,但是在8.x中可通过Github获得源代码并进行修改。相比于之前的版本,修改的逻辑一致,但是版本细节不一致。
由于Github中不区分小版本,因此需要选择前两个版本号相同的分支获取源代码
# 下载源文件
branch=8.2 # 适用于8.2.x
curl -o LicenseVerifier.java -s https://raw.githubusercontent.com/elastic/elasticsearch/$branch/x-pack/plugin/core/src/main/java/org/elasticsearch/license/LicenseVerifier.java
curl -o XPackBuild.java -s https://raw.githubusercontent.com/elastic/elasticsearch/$branch/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackBuild.java
修改LicenseVerifier.java
public static boolean verifyLicense(final License license, PublicKey publicKey) {
return true;
}
修改XPackBuild.java
Path path = getElasticsearchCodebase();
shortHash = "Unknown";
date = "Unknown";
CURRENT = new XPackBuild(shortHash, date);
使用openJDK17重新编译这两个文件,生成class文件
javac -cp "/usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/modules/x-pack-core/*" LicenseVerifier.java
javac -cp "/usr/share/elasticsearch/lib/*:/usr/share/elasticsearch/modules/x-pack-core/*" XPackBuild.java
替换原始x-pack-core文件,此处需要解包jar文件并在替换后重新打包,细节见代码
version=8.2.0
cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-$version.jar x-pack-core-$version.jar
unzip x-pack-core-$version.jar -d ./x-pack-core-$version
cp LicenseVerifier.class ./x-pack-core-$version/org/elasticsearch/license/
cp XPackBuild.class ./x-pack-core-$version/org/elasticsearch/xpack/core/
jar -cvf x-pack-core-$version.crack.jar -C x-pack-core-$version/ .
rm -rf x-pack-core-$version
此时,你就获得了对应版本的破解包,在Elasticsearch运行前将其放入/usr/share/elasticsearch/modules/x-pack-core 即可导入任何许可证,铂金许可证的获取方式与Elasticsearch其他版本的获取方式没有差别。
cp x-pack-core-$version.crack.jar /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-$version.jar
change the encodage on the licence file
In particular:
[2022-12-19T13:26:46,897][ERROR][o.e.b.Elasticsearch ] [elastic] fatal exception while booting Elasticsearch
java.lang.NullPointerException: Cannot invoke “String.getBytes(java.nio.charset.Charset)” because “src” is null
at java.util.Base64$Decoder.decode(Base64.java:589) ~[?:?]
at org.elasticsearch.license.License.isAutoGeneratedLicense(License.java:684) ~[?:?]
at org.elasticsearch.license.License.doVerify(License.java:457) ~[?:?]
at org.elasticsearch.license.License.verified(License.java:451) ~[?:?]
at org.elasticsearch.license.LicenseService.getLicense(LicenseService.java:675) ~[?:?]
at org.elasticsearch.license.LicenseService.getLicense(LicenseService.java:666) ~[?:?]
at org.elasticsearch.xpack.security.SecurityImplicitBehaviorBootstrapCheck.check(SecurityImplicitBehaviorBootstrapCheck.java:31) ~[?:?]
at org.elasticsearch.bootstrap.BootstrapChecks.check(BootstrapChecks.java:131) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.BootstrapChecks.check(BootstrapChecks.java:90) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.BootstrapChecks.check(BootstrapChecks.java:72) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch$2.validateNodeBeforeAcceptingRequests(Elasticsearch.java:221) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.node.Node.start(Node.java:1332) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.start(Elasticsearch.java:436) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:229) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67) ~[elasticsearch-8.5.3.jar:?]
After trying this, I get:
Cannot invoke \”String.getBytes(java.nio.charset.Charset)\” because \”src\” is null