6.4.6.4 xpack破解

Elasticsearch 6.4.2 X-Pack破解及安装教程

Elastic宣布xpack开源,自6.3版本起,所有的es产品直接集成xpack,无需单独安装,但是依然需要不同级别的license来激活不同的功能

[TOC]

安装X-Pack

正常安装elasticsearch的6.2以上(不包含6.2)版本,安装完成后直接已经集成xpack所有功能,无需单独安装xpack,本文中以通过elastic官方apt源直接安装6.4.2版本为例

破解X-Pack

提取源码

在官网下载elasticsearch-6.4.2的linux版tar.gz包并解压到工作目录

https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.2.tar.gz

在以下位置找到要操作的jar包

./elasticsearch/modules/x-pack-core/x-pack-core-6.4.2.jar

使用luyten工具对jar包进行反编译

luyten的git项目地址为: https://github.com/deathmarine/Luyten

打开jar包后找到两个class文件，分别为

org.elasticsearch.license.LicenseVerifier.class
org.elasticsearch.xpack.core.XPackBuild.class

创建工作目录,如/tmp/crack-xpack

将反编译后的java代码保存到工作目录中,创建同名.java文件

LicenseVerifier.java
XPackBuild.java

修改代码

LicenseVerifier.java中有两个静态方法，这就是验证授权文件是否有效的方法，我们把它修改为全部返回true 此外还需要删除一行依赖import org.elasticsearch.common.bytes.*;

package org.elasticsearch.license;

import java.nio.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
        return true;
    }

    public static boolean verifyLicense(final License license) {
        return true;
    }
}

XPackBuild.java中最后一个静态代码块中的try部分全部删除，这部分会验证jar包是否被修改

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;

    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }

    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }

    public String shortHash() {
        return this.shortHash;
    }

    public String date() {
        return this.date;
    }

    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0157: {
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

编译

编译需要引入elasticsearch-6.4.2中lib目录下的jar包以及x-pack-core-6.4.2.jar本身

操作完成后执行以下命令进行将.java文件编译为.class文件

javac -cp ".:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/lucene-core-7.4.0.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-core-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-cli-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar:/tmp/crack-xpack/elasticsearch-6.4.2/lib/elasticsearch-x-content-6.4.2.jar" LicenseVerifier.java XPackBuild.java

or  #如果使用yum安装使用如下命令

javac -cp ".:/usr/share/elasticsearch/lib/elasticsearch-6.5.1.jar:/usr/share/elasticsearch/lib/lucene-core-7.5.0.jar:/usr/share/elasticsearch/lib/elasticsearch-core-6.5.1.jar:/usr/share/elasticsearch/lib/elasticsearch-cli-6.5.1.jar:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-6.5.1.jar:/usr/share/elasticsearch/lib/elasticsearch-x-content-6.5.1.jar" LicenseVerifier.java XPackBuild.java

编译完成后,将得到的.class文件打包回x-pack-core-6.4.2.jar中

mkdir -p org/elasticsearch/license/
cp LicenseVerifier.class org/elasticsearch/license/
mkdir -p org/elasticsearch/xpack/core/
cp XPackBuild.class org/elasticsearch/xpack/core/

# cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-6.5.1.jar .

jar uvf elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar org/elasticsearch/license/LicenseVerifier.class org/elasticsearch/xpack/core/XPackBuild.class

执行完毕后,elasticsearch-6.4.2/modules/x-pack-core/x-pack-core-6.4.2.jar即为破解的新包,此时可以再次使用luyten工具进行检查

安装

将破解好的x-pack-core-6.4.2.jar原路径替换到elasticsearch集群的每个节点中,重启集群中的每个接点上的服务

导入license

首先确认xpack.security功能为关闭状态检查elasticsearch.yml中是否存在以下配置

xpack.security.enabled: false

将此选项设为false后重启集群既可关闭xpack.security功能

在任意一台client节点中,创建license.json文件,

{"license":{"uid":"c6570128-85c2-4f72-8d8f-b1425455b9ee","type":"platinum","issue_date_in_millis":1515369600000,"expiry_date_in_millis":2524579200999,"max_nodes":10000,"issued_to":"elastic","issuer":"elastic","signature":"AAAAAwAAAA07qIy5rp9i1qa5VS3vAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBXa2fLJmNxlfTsXWcKjk1Z7JdZF3wQmJwOTgVR306TV8IwvielPKIrF99El/ie0oaJqbMzH6Khz+aR4ugNc21j+AxK9PTJ6PupE4VYb4auHFGmwHJ9cst96xD4wH77XlSGkTKhm31ZwCQvL/j3+Qjr+PtGOPeiZM5F99AuLLNmYhHZLFHO+fI5feBWwppCVjFvygJf5jMsvbJQQwsGxjX26+PUy12+0eHD1wJWDfrTgaIQ//AaVxvv+bkwBWxgCvJcC7PLrHKdNgkuggU2+G2EXLqJX6stJAoH8R1NA0JAA5yDzdB8M4+shlgDckbcAdUsV6rjUlQwzjbsK/BPHY9A","start_date_in_millis":1515369600000}}

执行以下命令导入lisense

curl -XPUT -u elastic 'http://127.0.0.1:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json

如果返回vaild,破解完成

上一页6.4.6.3 X-Pack on Kibana 下一页6.4.6.5 LDAP user authentication

最后更新于5年前

这有帮助吗？