A Simple Crack for CKFinder 3 for PHP

Monday, August 24, 2015 🌐中文

Preface

CKFinder is a web-based Ajax file manager. Many small websites use CKFinder in their admin panel to manage uploaded resources conveniently.

For some reason I needed to use it, so I downloaded the latest PHP version. When I started using it, I found the DEMO version cannot delete files! I then tried to find a cracked version online but couldn’t. As a perfectionist, I wanted to use the latest version.

preview

Directory structure

dir

CKFinder
├─core          核心文件(包括PHP库文件)
├─lang          语言包
├─libs          JS库文件
├─plugins           插件目录
├─samples           demo页 (可以删掉)
├─skins         皮肤样式
├─userfiles         默认上传目录
├──ckfinder.html        管理器页面
├──ckfinder.js      主要程序代码
├──config.js        配置文件
└──config.php       服务端配置文件

The user verification logic is in ckfinder.js. Here I only chose to remove the limitations, which is simpler. First, make a copy and deobfuscate/decompress it for easier analysis. I recommend this online tool site: http://tool.lu/js/ CKFinder only limits deletion and the number of uploaded files, plus one more thing I didn’t figure out.

Steps

Snippet 1

I have no idea what this is… You can see it’s just a simple conditional. “Clean” the signature area (remove spaces/newlines), then invert it.

if((I&&q&&K&&_)||!V)

1

Snippet 2

Same here: remove the demo restriction. A simple conditional—just invert it.

if((E&&k&&T&&M)||!S)

2

Snippet 3

setHandler replaces the function to be executed with a custom one. Here, the delete function is replaced with the demo prompt. Just a simple tweak as well. 3 Change it to this:

if((s&&l&&u&&a)||!d)

4

Snippet 4

Remove the upload count limit. Just delete this whole block:

{var y=r.request("x66x69x6cx65x73u003ax67etCx75x72rx65nx74").where({"view:isFolder":!1}).length;y+a.length>10&&r.request("u0064iu0061x6cogu003ax69x6eu0066u006f",{msg:"Thx65 nu0075u006du0062eru0020x6ffx20x66ilu0065u0073 u0070eru0020x66ou006cu0064x65r u0061u0066u0074x65x72 x74u0068u0065u0020uu0070x6cu006fau0064x20u0063ax6eu006ex6fu0074x20x65x78x63eeu0064u002010u0020x69u006eu0020deu006dox20x6du006fx64u0065x2e"});var b=-(y-10);0>b&&(b=0),a.splice(b,a.length)}

Done ✓

complete

Also, here are the cracked files: Google Drive

Mega

Toolsckfindercrack

Kali NetHunter: First Impressions

Reverse Engineering a Campus Android App