Burp Suite Pro 1.7.31 Loader & Keygen reverse engineering

One sleepless night I decided to investigate how Burp Suite Pro 1.7.31 Loader & Keygen written by surferxyz works.

By feeding the jar to the cfp I got the nice prompt:

package enjoy.reversing.me;
...

Are you intrigued?

So was I. But the author did not leave any obstacles to the analysis. The code is very straightforward, which makes this article short.

The loader uses the -Xbootclasspath/p option to override a class in the standard API. Specifically, it changes the logic of the comparison of BigIntegers. It looks like this:

public int compareTo(BigInteger bigInteger) {
        if (bigInteger.toString().equals("41887057529670892417099675184988823562189446071931346590373401386382187010757776789530261107642241481765573564399372026635531434277689713893077238342140188697599815518285985173986994924529248330562438026019370691558401708440269202550454278192107132107963242024598323484846578375305324833393290098477915413311")) {
            return 0;
        }
        if (bigInteger.toString().startsWith("21397203472253099933519641255954336811825897689871318536")) {
            return 0;
        }
        ...
}

The -Xbootclasspath/p option doesn’t work in Java 9+, so if you want to experiment with it, you can patch java.base/java/math/BigInteger.java and build a custom JDK.