One sleepless night I decided to inspect how Burp Suite Pro 1.7.31 Loader & Keygen written by surferxyz works.
By feeding the jar to the cfp i got some code.
package enjoy.reversing.me;
...
Are you intrigued?
I was. But the author did not leave any obstacles to the analysis. Therefore, a few more lines and you can diverge.
The loader uses the known option (-Xbootclasspath/p) to override a class in the standard API. Specifically, it changes the logic of comparing BigIntegers. It looks like this:
public int compareTo(BigInteger bigInteger) {
if (bigInteger.toString().equals("41887057529670892417099675184988823562189446071931346590373401386382187010757776789530261107642241481765573564399372026635531434277689713893077238342140188697599815518285985173986994924529248330562438026019370691558401708440269202550454278192107132107963242024598323484846578375305324833393290098477915413311")) {
return 0;
}if (bigInteger.toString().startsWith("21397203472253099933519641255954336811825897689871318536")) {
return 0;
}
... }
‘-Xbootclasspath/p’ option will not work in Java 9+, but it is possible to patch java.base/java/math/BigInteger.java and build custom JDK. This means that the Loader is no longer needed.