So as many people in the cyber security world probably know, Burp Suite is one of the most popular tools for pentesting and exploiting web services. They offer a "Community" and a "Professional" version (Excluding Enterprise which seems like a completely different product), where they charge about 450 euro for a Pro license. A popular choice is to pirate Burp Suite or to stick with the very limited free version.
Burp Suite is written in Java and thus can run on Windows, Mac and Linux and probably any other device that runs the JVM. This makes it a very flexible tool as the environment does not really matter. This though introduces the possibility of easily modifying Bytecode at runtime a/k/a having a "Loader" to modify the signing key embedded in the code to generate and verify activation requests and licenses.
If you do your research and start looking for pre-made loaders that do this, you will inevitably stumble upon this repo on Github. The owner of the git repo does not publish the source code and claims it is a "private loader". But is it?
Of course not! When I attempted to disassemble the file, I stumbled upon this:
Searching for the name "Drfarfar" results in a very shitty piracy website presumably run by some Arabic person as indicated by the "Play Arabic" button on the page.
This begs the question, are these two identities the same person? My guess is no. The "private loader" is just a rip from this website which itself is most likely stolen from somewhere else. This is extremely pathetic and sad, begging for coffee money while acting like they did anything but slap their name on something that's not even theirs.
Confronting them on the git repo resulted in the issue getting closed with no comment. Great! Investigating their profile reveals that their real name is Siddharth Sundar from India, Chennai and that they are a professional food photographer? Yeah that's right, a fucking food photographer. Since I am not inhuman I will not reveal their contact information but honestly, it is 2 clicks away from his repository that is hosting illegal content. Here is a description that they wrote about themselves:
Also if you plan on using the loader, this dipshit put their name in the loader and gave no way to change it, so I will show you how to do it instead. You will want to open the file with Ark or Winrar or whatever enables you to view it as an archive. next you will descend into the directory tree until you find a bunch of class files, here you pick out KeygenForm.class and put it somewhere outside the archive. Now just open the file inside any decent Hex Editor and search for the string "Licensed", the first result should contain his name. Simply override it with whatever you want and use the loader like intended. The activated product will have whatever you replaced the string with as the "licensed to" text. See reference images below:
So in conclusion, the scene is being led by an Arab "doctor" and a food photographer. Not the people I would have placed my bets on but I digress. Pay for your software or at the very least use a crack made by a proper scene group or even better, one that is open source. If you ignore that there is no obfuscation in the loader and you can just yoink the code.