Preface#
There are rumors that the author of v2board has been taken away, and the client packaging panel is no longer usable. So let's analyze the client and see if we can gain anything.
Structure#
It can be seen that the client is written in Electron, so you can unpack the app.asar in \resources to see the source code.
Processing#
To facilitate analysis, the app.asar is unpacked and the unpacked contents are placed in a folder with the same name.
The main process main.js is not obfuscated or processed, so you can directly see the logic. Through analysis, it can be seen that the author has disabled sandbox and other security measures, which is quite reckless.
It can be seen that the main page is ./dist/index.html
The above image is the modified code image.
To facilitate debugging, first remove the devtools restrictions and enable the application menu bar.
The umi.js in the page is encrypted and has anti-developer tool functions. The encryption style looks like the encryption tool of jsjiami.com, which uses a large array at the beginning for encryption.
After processing, some anti-debugging measures can be removed. But for analysis, the JavaScript code still needs to be decrypted.
Due to my limited skills, the decryption is not complete, so I won't provide the decrypted code
Analysis#
The client will first request an interface to obtain the v2b panel address, and the returned content is in JSON format.
And the panel address is stored in the global variable.
Then, request the v2b panel to obtain website name and other information.
After successful login, it can be used.
Crack?#
The core of the crack lies in decrypting the umi.js file. After trying to decrypt it myself, it took a long time, no less than rewriting a similar one.
After analyzing the JavaScript code decrypted by me, there are multiple anti-piracy measures, and they will report pirated information. However, the reported address cannot be accessed normally and will return 500. After studying the anti-piracy measures, they can all be bypassed, but in order to support genuine versions, they will not be disclosed.
However, since the author is missing, the anti-piracy measures can be ignored and directly cracked.
Idea#
Here is a simple idea, which may trigger anti-piracy measures. The specific behavior for users is that the application suddenly closes, but the probability of triggering is not high. So...
The specific principle is to intercept fetch requests and modify the requests. Here, fake.js is added to Index.html. The content is as follows.
const originFetch = fetch;
Object.defineProperty(window, "fetch", {
configurable: true,
enumerable: true,
get() {
return (url,options) => {
// Intercept the API for obtaining the panel address and replace it with your own address
if(!url.includes("api/v1")){
url = "http://your-address/config.json"
}
// Prevent anti-piracy reporting
if(url.includes("fake")){
alert(url);
while(1){}
}
return originFetch(url,options)
}
}
});
// Change the title of the login page and the name of the application at runtime
window.addEventListener('DOMContentLoaded',()=>{
document.querySelector("title").innerText="久世凝眸"
})
Then repack it as asar and place it in the specified location to use it.
The icon and other elements can also be modified using tools, but it will not be demonstrated here.
Others#
The CSS can still be modified, such as changing the color, etc. The following image is an example of changing the color to light pink.