elasticsearch7.X x-pack破解

簡介： x-pack是elasticsearch的一個收費的擴展包，將權限管理，警告，監視等功能捆綁在一個易於安裝的軟件包中，x-pack被設計為一個無縫的工作，但是你可以輕松的啟用或者關閉一些功能。如果購買商業版需要每年支付十多萬。為了使用幾個不可或缺功能而花大錢去購買，有點不值得，特別是對於中小型企業來說。所以我在這里主要通過如何破解來啟用x-pack的一些功能，本文章僅供技術分享，禁止商業用途！

反編譯

x-pack是收費項目，想啟動它需要破解，本文以7.X 版本為例進行破解。

x-pack從6.4版本后就內置在elasticsearch中，使用只需要把配置打開即可(官方有30天的試用期)。

x-pack的lisence校驗在elasticsearch-7.0.0/modules/x-pack-core的x-pack-core-7.0.0.jar中，破解之前需要用反編譯工具(如：JD-GUI)把jar打開源碼出來，我這里使用idea反編譯。

修改X-pack相關源碼

x-pack的lisence的校驗主要是這兩個文件：

1. 驗證licence是否有效：org.elasticsearch.license.LicenseVerifier
2. 驗證jar包是否被修改：org.elasticsearch.xpack.core.XPackBuild

反編譯源碼出來后需要把這兩個類的源碼提取出來放到新創建同名的java文件里，此時這兩個類引用的java類很多不識別怎么辦？需要把elasticsearch相關的jar包引進來，然后就可以編譯替換目標class了。

修改LicenseVerifier.java

兩個靜態方法修改為全部返回true

改前

package  org.elasticsearch.license;   import  java.nio.*; import  org.elasticsearch.common.bytes.*; import  java.security.*; import  java.util.*; import  org.elasticsearch.common.xcontent.*; import  org.apache.lucene.util.*; import  org.elasticsearch.core.internal.io.*; import  java.io.*;   public  class  LicenseVerifier {      public  static  boolean  verifyLicense( final  License license,  final  byte [] publicKeyData) {          byte [] signedContent =  null ;          byte [] publicKeyFingerprint =  null ;          try  {              final  byte [] signatureBytes = Base64.getDecoder().decode(license.signature());              final  ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);              final  int  version = byteBuffer.getInt();              final  int  magicLen = byteBuffer.getInt();              final  byte [] magic =  new  byte [magicLen];              byteBuffer.get(magic);              final  int  hashLen = byteBuffer.getInt();              publicKeyFingerprint =  new  byte [hashLen];              byteBuffer.get(publicKeyFingerprint);              final  int  signedContentLen = byteBuffer.getInt();              signedContent =  new  byte [signedContentLen];              byteBuffer.get(signedContent);              final  XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);              license.toXContent(contentBuilder, (ToXContent.Params) new  ToXContent.MapParams((Map)              Collections.singletonMap( "license_spec_view" ,  "true" )));              final  Signature rsa = Signature.getInstance( "SHA512withRSA" );              rsa.initVerify(CryptUtils.readPublicKey(publicKeyData));              final  BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();              BytesRef ref;              while  ((ref = iterator.next()) !=  null ) {                  rsa.update(ref.bytes, ref.offset, ref.length);              }              return  rsa.verify(signedContent);          }          catch  (IOException ex) {}          catch  (NoSuchAlgorithmException ex2) {}          catch  (SignatureException ex3) {}          catch  (InvalidKeyException e) {              throw  new  IllegalStateException(e);          }          finally  {              if  (signedContent !=  null ) {                  Arrays.fill(signedContent, ( byte ) 0 );              }          }             }            public  static  boolean  verifyLicense( final  License license) {          byte [] publicKeyBytes;          try  {              final  InputStream is = LicenseVerifier. class .getResourceAsStream( "/public.key" );              try  {                  final  ByteArrayOutputStream out =  new  ByteArrayOutputStream();                  Streams.copy(is, (OutputStream)out);                  publicKeyBytes = out.toByteArray();                  if  (is !=  null ) {                      is.close();                  }              }              catch  (Throwable t) {                  if  (is !=  null ) {                      try  {                          is.close();                      }                      catch  (Throwable t2) {                          t.addSuppressed(t2);                      }                  }                  throw  t;              }          }          catch  (IOException ex) {              throw  new  IllegalStateException(ex);          }          return  verifyLicense(license, publicKeyBytes);      } }

改后

package  org.elasticsearch.license;   public  class  LicenseVerifier {      public  static  boolean  verifyLicense( final  License license,  final  byte [] array) {          return  true ;      }            public  static  boolean  verifyLicense( final  License license) {          return  true ;      } }

修改XPackBuild.java

最后一個靜態代碼塊中 try的部分全部刪除

改前

package  org.elasticsearch.xpack.core;   import  org.elasticsearch.common.io.*; import  java.net.*; import  org.elasticsearch.common.*; import  java.nio.file.*; import  java.io.*; import  java.util.jar.*;   public  class  XPackBuild {      public  static  final  XPackBuild CURRENT;      private  String shortHash;      private  String date;            @SuppressForbidden (reason =  "looks up path of xpack.jar directly" )      static  Path getElasticsearchCodebase() {          final  URL url = XPackBuild. class .getProtectionDomain().getCodeSource().getLocation();          try  {              return  PathUtils.get(url.toURI());          }          catch  (URISyntaxException bogus) {              throw  new  RuntimeException(bogus);          }      }            XPackBuild( final  String shortHash,  final  String date) {          this .shortHash = shortHash;          this .date = date;      }            public  String shortHash() {          return  this .shortHash;      }            public  String date() {          return  this .date;      }            static  {          final  Path path = getElasticsearchCodebase();          String shortHash =  null ;          String date =  null ;          Label_0109: {             if  (path.toString().endsWith( ".jar" )) {                  try  {                      final  JarInputStream jar =                      new  JarInputStream(Files.newInputStream(path,  new  OpenOption[ 0 ]));                      try  {                          final  Manifest manifest = jar.getManifest();                          shortHash = manifest.getMainAttributes().getValue( "Change" );                          date = manifest.getMainAttributes().getValue( "Build-Date" );                          jar.close();                      }                      catch  (Throwable t) {                          try  {                              jar.close();                          }                          catch  (Throwable t2) {                              t.addSuppressed(t2);                          }                          throw  t;                      }                      break  Label_0109;                  }                  catch  (IOException e) {                      throw  new  RuntimeException(e);                  }              }              shortHash =  "Unknown" ;              date =  "Unknown" ;          }          CURRENT =  new  XPackBuild(shortHash, date);      } }

改后

package  org.elasticsearch.xpack.core;   import  java.nio.file.*; import  org.elasticsearch.common.io.*; import  java.net.*; import  org.elasticsearch.common.*;   public  class  XPackBuild {      public  static  final  XPackBuild CURRENT;      private  String shortHash;      private  String date;            @SuppressForbidden (reason =  "looks up path of xpack.jar directly" )      static  Path getElasticsearchCodebase() {          final  URL location = XPackBuild. class .getProtectionDomain().getCodeSource().getLocation();          try  {              return  PathUtils.get(location.toURI());          }          catch  (URISyntaxException ex) {              throw  new  RuntimeException(ex);          }      }            XPackBuild( final  String shortHash,  final  String date) {          this .shortHash = shortHash;          this .date = date;      }            public  String shortHash() {          return  this .shortHash;      }            public  String date() {          return  this .date;      }            static  {          getElasticsearchCodebase();          CURRENT =  new  XPackBuild( "Unknown" ,  "Unknown" );      } }

替換目標文件

把上面修改編譯出來的LicenseVerifier.class和XPackBuild.class替換./elasticsearch-7.0.0/modules/x-pack-core/x-pack-core-7.0.0.jar。

 

替換步驟：

1. 查找文件：jar -tvf x-pack-core-7.0.0-new.jar |grep LicenseVerifier
2. 找到后解壓：jar -xvf x-pack-core-7.0.0-new.jar |grep org/elasticsearch/license/LicenseVerifier.class
3. 手動把自己修改后編譯生成的class覆蓋解壓出來的文件，然后壓回jar包：jar -uvf x-pack-core-7.0.0.jar  org/elasticsearch/license/LicenseVerifier.class
4. 最后把替換好的jar包替換elasticsearch下的x-pack-core-7.0.0.jar包

申請license

去官網(https://license.elastic.co/registration)申請license后，下載下來是這種格式：

{"license":{"uid":"864c20ea-b26f-4f1d-bfe5-4f02a26f90a9","type":"platinum","issue_date_in_millis":1570752000000,"expiry_date_in_millis":2524579200999,"max_nodes":100,"issued_to":"deng pang (yiren)","issuer":"Web Form","signature":"AAAAAwAAAA3m1fB/yRfUho18V4FpAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQB4zgpe5lluBbJYaQBWNDxrK0J9V4fnb8KWMmgIGj7ymw++bvV9rkmNtjDixWZkdSbWVQr0WLBpZoye+yQCqWB559BTqinUmIazgRpVFtaggN4RXgJA6V/N9NgOv0Vw0DvN9FI2aU5iRv7nXaNmpkMPlaCngI+2F3FoBuF9GyHsXYaOqDYkMdazT3W757QnP58ZCQT9S98gIcU75yqyWlKZek8UlUtUxSCSTtOyMtWrwag238/OgXv8BlmtQcH9A/XQBmAQlkzbgBVBkWoS0w2aqCM4Q3X7qTOH/Ea+xT/IJVhZgeTXh947kW1unEBEfwF6GZQkQQW+4pH6GEtCGTO/","start_date_in_millis":1570752000000}}

許可證書分有三類GOLD(黃金),PLATINUM(白金),ENTERPRISE(企業)，我上面把type手動改成了白金版，然后再把過期時間改到了2050年

禁用elasticsearch安全協議

導出許可證書之前要先關閉xpack安全認證，打開../config/elasticsearch.yml文件在末尾添加:xpack.security.enabled: false

並啟動elasticsearch服務：./bin/elasticsearch -d

導入license

curl  - XPUT  - u elastic  'http://192.168.1.9:9200/_xpack/license'  - H  "Content-Type: application/json"  - d @license.json

導入成功后再把xpack安全認證打開：

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

內置賬號創建密碼

使用內置帳號需要設置密碼，執行命令：./bin/elasticsearch-setup-passwords interactive   按提示輸入密碼 

修改kibanna內置賬號

安全認證開啟后，只有配置了帳號信息才能使用,vi kibana.yml

elasticsearch.username: "kibana"
elasticsearch.password: "xxxxxx"

重啟Kibana

以上配置完成后，重啟kibana並訪問，此時需要帳號登錄

 

看到上面許可的有效期，說明我們已經破解成功並可以使用權限功能和告警功能了。完成！！！