The crashplan JARs decompile pretty easily - I had a go a few months ago, and they weren't obfuscated.
Highlights:
The crypto is pretty bad - it's using blowfish in CBC mode with a static IV of 0c22384e5a57412b (convert each byte to decimal...).
The client-server protocol use 32 bit nonces and MACs, which is.
License key validation works by decrypting some packed data from the key after converting the alphabet back to hex. The key is blowfish-cbc encrypted data and the only validation done is verifying the padding - about 1 in 256 randomly generated ones will have valid padding, and the length is not checked.
Highlights:
The crypto is pretty bad - it's using blowfish in CBC mode with a static IV of 0c22384e5a57412b (convert each byte to decimal...).
The client-server protocol use 32 bit nonces and MACs, which is.
License key validation works by decrypting some packed data from the key after converting the alphabet back to hex. The key is blowfish-cbc encrypted data and the only validation done is verifying the padding - about 1 in 256 randomly generated ones will have valid padding, and the length is not checked.