Burp Suite Pro 1.7.31 Loader & Keygen reverse engineering

One sleepless night I decided to inspect how Burp Suite Pro 1.7.31 Loader & Keygen written by surferxyz works.

By feeding the jar to the cfp i got some code.

package enjoy.reversing.me;
...

Are you intrigued?

I was. But the author did not leave any obstacles to the analysis. Therefore, a few more lines and you can diverge.

The loader uses the known option (-Xbootclasspath/p) to override a class in the standard API. Specifically, it changes the logic of comparing BigIntegers. It looks like this:

public int compareTo(BigInteger bigInteger) {
        if (bigInteger.toString().equals("41887057529670892417099675184988823562189446071931346590373401386382187010757776789530261107642241481765573564399372026635531434277689713893077238342140188697599815518285985173986994924529248330562438026019370691558401708440269202550454278192107132107963242024598323484846578375305324833393290098477915413311")) {
            return 0;
        }
        if (bigInteger.toString().startsWith("21397203472253099933519641255954336811825897689871318536")) {
            return 0;
        }
        ...
}

‘-Xbootclasspath/p’ option will not work in Java 9+, but it is possible to patch java.base/java/math/BigInteger.java and build custom JDK. This means that the Loader is no longer needed.