适用版本:理论上适用于6.X版本后的所有版本
一、 破解流程
1、在Linux中复制出x-pack-core-版本号.jar
/usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar
mkdir -p /tmp/xpack
cp /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar /tmp/xpack
2、解压刚刚复制出来的文件
jar -xvf x-pack-core-7.5.1.jar && mv x-pack-core-7.5.1.jar x-pack-core-7.5.1.jar.bak
3、下载已经破解好的文件,并覆盖到原文件或者修改X-Pack源码文件。
修改LicenseVerifier.java
LicenseVerifier中有两个静态方法,这就是验证授权文件是否有效的方法,我们把它修改为全部返回true.
/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.license;
import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
/*
byte[] signedContent = null;
byte[] publicKeyFingerprint = null;
try {
final byte[] signatureBytes = Base64.getDecoder().decode(license.signature());
final ByteBuffer byteBuffer = ByteBuffer.wrap(signatureBytes);
final int version = byteBuffer.getInt();
final int magicLen = byteBuffer.getInt();
final byte[] magic = new byte[magicLen];
byteBuffer.get(magic);
final int hashLen = byteBuffer.getInt();
publicKeyFingerprint = new byte[hashLen];
byteBuffer.get(publicKeyFingerprint);
final int signedContentLen = byteBuffer.getInt();
signedContent = new byte[signedContentLen];
byteBuffer.get(signedContent);
final XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
license.toXContent(contentBuilder, (ToXContent.Params)new ToXContent.MapParams((Map)Collections.singletonMap("license_spec_view", "true")));
final Signature rsa = Signature.getInstance("SHA512withRSA");
rsa.initVerify(CryptUtils.readPublicKey(publicKeyData));
final BytesRefIterator iterator = BytesReference.bytes(contentBuilder).iterator();
BytesRef ref;
while ((ref = iterator.next()) != null) {
rsa.update(ref.bytes, ref.offset, ref.length);
}
return rsa.verify(signedContent);
}
catch (IOException ex) {}
catch (NoSuchAlgorithmException ex2) {}
catch (SignatureException ex3) {}
catch (InvalidKeyException e) {
throw new IllegalStateException(e);
}
finally {
if (signedContent != null) {
Arrays.fill(signedContent, (byte)0);
}
}
*/
return true;
}
public static boolean verifyLicense(final License license) {
/*
byte[] publicKeyBytes;
try {
final InputStream is = LicenseVerifier.class.getResourceAsStream("/public.key");
try {
final ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, (OutputStream)out);
publicKeyBytes = out.toByteArray();
if (is != null) {
is.close();
}
}
catch (Throwable t) {
if (is != null) {
try {
is.close();
}
catch (Throwable t2) {
t.addSuppressed(t2);
}
}
throw t;
}
}
catch (IOException ex) {
throw new IllegalStateException(ex);
}
//return verifyLicense(license, publicKeyBytes);
*/
return true;
}
}
修改XPackBuild.java
XPackBuild中最后一个静态代码块中 try的部分全部删除,这部分会验证jar包是否被修改.
/*如下代码为修改完后的代码,我们这里使用注释将不需要的代码注释掉*/
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0109: {
/* if (path.toString().endsWith(".jar")) {
try {
final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
try {
final Manifest manifest = jar.getManifest();
shortHash = manifest.getMainAttributes().getValue("Change");
date = manifest.getMainAttributes().getValue("Build-Date");
jar.close();
}
catch (Throwable t) {
try {
jar.close();
}
catch (Throwable t2) {
t.addSuppressed(t2);
}
throw t;
}
break Label_0109;
}
catch (IOException e) {
throw new RuntimeException(e);
}
}
*/
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}
# 编译LicenseVerifier.java
javac -cp "/usr/local/elasticsearch/lib/elasticsearch-7.5.1.jar:/usr/local/elasticsearch/lib/lucene-core-8.3.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar:/usr/local/elasticsearch/modules/x-pack-core/netty-common-4.1.43.Final.jar:/usr/local/elasticsearch/lib/elasticsearch-core-7.5.1.jar" /root/LicenseVerifier.java
# 编译XPackBuild.java
javac -cp "/usr/local/elasticsearch/lib/elasticsearch-7.5.1.jar:/usr/local/elasticsearch/lib/lucene-core-8.3.0.jar:/usr/local/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar:/usr/local/elasticsearch/modules/x-pack-core/netty-common-4.1.43.Final.jar:/usr/local/elasticsearch/lib/elasticsearch-core-7.5.1.jar" /root/XPackBuild.java
cp -rf LicenseVerifier.class /org/elasticsearch/license/LicenseVerifier.class
cp -rf XPackBuild.class /org/elasticsearch/xpack/core/XPackBuild.class
4、重新打包x-pack-core-版本号.jar
jar cvf x-pack-core-7.5.1.jar * (文件名要与系统名相同,也就是第一步我们复制出来的文件名。后面是星号 * 和前面文件名中间有一个空格)
5、覆盖安装目录下原先同名文件
cp -rf /tmp/xpack/x-pack-core-7.5.1.jar /usr/share/elasticsearch/modules/x-pack-core/x-pack-core-7.5.1.jar
6、修改elasticsearch.yml配置并重启程序
vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: false (先把 x-pack security关闭)
systemctl restart kibana elasticsearch
7、导入license
curl -XPUT -u elastic ‘http://localhost:9200/_xpack/license’ -H “Content-Type: application/json” -d @license.json
若返回true 说明导入成功,再输入 curl -u elastic http://localhost:9200/_license 查看license 同样密码为空 直接按回车
8、生成SSL证书
./bin/elasticsearch-certutil ca
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mkdir -p config/certs && mv elasticsearch/elastic-* config/certs/
[[email protected] config]# tree -L 2 certs
certs
├── elastic-certificates.p12
└── elastic-stack-ca.p12
0 directories, 2 files
再次编辑elasticsearch.yml 配置文件
vim /etc/elasticsearch/elasticsearch.yml
修改如下:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
systemctl restart elasticsearch
9、设置密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
按Y(按回车没用),然后就是输入密码一步一步继续,然后就是vim /etc/kibana/kibana.yml 编辑kibana配置文件,把刚才设置的账号密码配置进去。
systemctl restart kibana elasticsearch
10、登陆验证

登录之后查看许可就是白金版了,基本上是

注意:由于7.X版本中并没有Enterprise API,所以即便修改了Enterprise,程序也无法识别,据说8.0新版本中会新增。ELK Stack企业版和ELK企业版不是一个概念,ELK
二、破解文件
链接:https://pan.baidu.com/s/1V94kuRuwMY7w0XLaMoJD-A
三、关于license

亦可以自行DIY修改 ,这里提供在线工具 https://tool.lu/timestamp/
