PDA

View Full Version : FlexLm ECC cracking. Need advise


headcrash
June 20th, 2007, 10:47
Hi All

Situation: I have FlexLm protected tool (under Linux). I have lic.file (but it doesn't work on my machine).
SERVER ......
FEATURE xxx vendor_d ... SIGN="xxxx xxxx...xxxx"

So, LM_STRENGTH_239BIT. FlexLm v.10.8.2.2 (linux version)

I made signuture ida-file for FlexLm v.10.8.2.2 & after analaizing vendor_d, I found l_pubkey_verify() & patch it to return 0.

After that I've generated my own lic.file (according to format & data of source lic.file with own LM_SEEDs.

Ok, next I launched lmgrd -c my_lic.file, everething was ok.
Run my application & got no success. I've got messeges like: "unsupported feature" (althoug feature is in mylic.file), "doesn't support feature that version" and so on.

I've also patched l_checkout() to return 0. No success. Maybe vendor protect this app somehow else...

Gentlemen, any ideas? ;-)

FrankRizzo
June 20th, 2007, 18:27
proxy's EDB debugger that's mentioned in the Linux RCE section below is a GREAT tool for this job. I'd recommend finding where checkout is called, and watching what it does when it returns. See if you are getting errors inside the Flex code, or if it returns an acceptable response, and there is another check further in the app, or something strange like that.