三,破解X-PACK
需要破解的jar包目录在
/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar
使用反编译工具Luyten导入x-pack-core-7.2.0.jar文件,提取org.elasticsearch.license.LicenseVerifier和org.elasticsearch.xpack.core.XPackBuild
修改LicenseVerifier.java文件,如下为修改后的文件
package org.elasticsearch.license;
import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
修改XPackBuild.java文件,如下为修改后的文件
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0109: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
编译LicenseVerifier.java
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-7.2.0.jar
:/usr/share/elasticsearch/lib/lucene-core-8.0.0.jar
:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar
:/usr/share/elasticsearch/modules/x-pack-core/netty-common-4.1.35.Final.jar
:/usr/share/elasticsearch/lib/elasticsearch-core-7.2.0.jar" /mnt/LicenseVerifier.java
编译XPackBuild.java
javac -cp "/usr/share/elasticsearch/lib/elasticsearch-7.2.0.jar
:/usr/share/elasticsearch/lib/lucene-core-8.0.0.jar
:/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar
:/usr/share/elasticsearch/modules/x-pack-core/netty-common-4.1.35.Final.jar
:/usr/share/elasticsearch/lib/elasticsearch-core-7.2.0.jar" /mnt/XPackBuild.java
编译完成后会生成LicenseVerifier.class和XPackBuild.class两个文件
将生成的两个文件替换原有的两个文件,把/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar拷贝到/mnt/x-pack目录中
cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar /mnt/x-pack
cd /mnt/x-pack
#解压x-pack-core-7.0.1.jar
jar -xvf x-pack-core-7.2.0.jar
#替换.class文件
cp /mnt/XPackBuild.class /mnt/x-pack/org/elasticsearch/xpack/core/
cp /mnt/LicenseVerifier.class /mnt/x-pack/org/elasticsearch/license/
打包新x-pack-core-7.2.0.jar文件
cd /mnt/x-pack
#删除临时拷贝过来的源文件
rm -rf x-pack-core-7.2.0.jar
jar cvf x-pack-core-7.2.0.jar .
将新生成的jar文件替换原有的jar文件
cp /mnt/x-pack/x-pack-core-7.2.0.jar /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.2.0.jar
到ELK官网申请license,license格式为json文件,修改type、expiry_date_in_millis、分别修改成platinum、2855980923000
例:
{"license":
{
"uid":"edccad08-a967-491e-82db-5bdfcf98677b",
"type":"platinum",
"issue_date_in_millis":1573171200000,
"expiry_date_in_millis":2855980923000,
"max_nodes":100,
"issued_to":"louis zuo (mycompany)",
"issuer":"WebForm", "signature":"AAAAAwAAAA1Th3WJcIQbwJ9K2ZeOAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCmmzAbpCeTGxOlClQ1xtSkoNiEK6E/XLWKukFazVKnPQZG6XBkabjzRPOzWKZ3ZYd4/aB9rFZsW9pmVKbWREmW5JM9QZBZuoS8QXLgN9PVGOlLjLjs6CjyojuL75rRTxSwWCsWOCnlQPtUxk0oBaTu78FiurpwZVQelIeQ1fCLNVSrK97LWcVa90JqkHtzk7maHwcyd7KAUsq+tB7p7NAuNFSTe+3gV6E12SLTnxunB49kDKdl83wbENxRPYTgIcNfvptlye/6xrM5oe+RdpINARMTBGGTeNBBKuKRcSOmpOxRS98lLNaFECByI/uKjCWnbAm7LZvkNha6BzVElAyb",
"start_date_in_millis":1573171200000}
}
导入license前关闭xpack的security和ssl,重启es
echo "xpack.security.enabled: false" >>/etc/es/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.enabled: false" >>/etc/es/elasticsearch/elasticsearch.yml
加载license
curl -XPUT -u elastic 'http://192.168.1.223:9200/_xpack/license' -H "Content-Type: application/json" -d @louis-zuo-edccad08-a967-491e-82db-5bdfcf98677b-v5.json
#返回如下显示表示license写入成功
{"acknowledged":true,"license_status":"valid"}
导入license后开启xpack的security和ssl,重启es
echo "xpack.security.enabled: true" >>/etc/es/elasticsearch/elasticsearch.yml
echo "xpack.security.transport.ssl.enabled: true" >>/etc/es/elasticsearch/elasticsearch.yml
查询license到期日,x-pack破解完成
curl -XGET -u elastic:Zero@2019 http://192.168.1.223:9200/_license
{
"license" : {
"status" : "active",
"uid" : "edccad08-a967-491e-82db-5bdfcf98677b",
"type" : "platinum",
"issue_date" : "2019-11-08T00:00:00.000Z",
"issue_date_in_millis" : 1573171200000,
"expiry_date" : "2060-07-02T08:02:03.000Z",
"expiry_date_in_millis" : 2855980923000,
"max_nodes" : 100,
"issued_to" : "louis zuo (mycompany)",
"issuer" : "Web Form",
"start_date_in_millis" : 1573171200000
}
}
