kappasm
August 14th, 2008, 04:35
Hi all,
I have some problem on HP-UX SOM for a PA-Risc CPU. On the binary program (disassembled with Ida) i have found this:
"FLEXlm 6.0d (liblmgr.a), Copyright (C) 1988-1997 Globet"
well I said to myself, a simple version to blow up
. But this is not the case. For this CPU there is no signature of FlexLM for IDA, I sweating 7 shirts, but I found all (at least I think) the functions that relate FlexLM.
The most interesting part:
Is the same routine for x86-based versions (FlexLM 6.0, lmgrd326a.dll) but in language PA-RISC. FlexLM is compiled for PA-RISC.
At this point I entered data (vendor_key) in "FlexSeedGen.exe" and I got the vendor_key5. I tried with other programs obtaining the same result.
I assumed that the key was right. I entered all the data in the older version of FlexLM SDK that I have, in my case 7.0d. I have compiled the program,
but if I run "lmcrytstr.exe" I obtain an error:
"lc_init failed: Invalid FLEXlm key data supplied FLEXlm error: -44,49."
Would have been too simple.
I thought that SDK FlexLM not accept the values placed then not having a 6.0 SDK, I tried with "FlexLM-Keygen EFALicGen_b0.3_Xan.zip" and on this
program the "vendor_key" with "vendor_name" is declared valid, finding in turn also key5 (the same).
This program permits the signature of feature, I tried a feature (that i have), but the signature generated is not the same. It must be the same ?
I have replaced my original with that calculated but to be invalid.
Someone can help me ? Someone have a FlexLM SDK 6.0d
?
Someone knows an emulator for PA-RISC on x86 ?
Thanks.
Kappa.
I have some problem on HP-UX SOM for a PA-Risc CPU. On the binary program (disassembled with Ida) i have found this:
"FLEXlm 6.0d (liblmgr.a), Copyright (C) 1988-1997 Globet"
well I said to myself, a simple version to blow up
. But this is not the case. For this CPU there is no signature of FlexLM for IDA, I sweating 7 shirts, but I found all (at least I think) the functions that relate FlexLM.The most interesting part:
Code:
$CODE$:00579C2C 6B C2 3F D9 stw %rp, cur_rp(%sp)
$CODE$:00579C30 37 DE 01 80 ldo 0xC0(%sp), %sp
$CODE$:00579C34 6B DA 3E 39 stw %r26, -0xC0+arg_24(%sp)
$CODE$:00579C38 6B D9 3E 31 stw %r25, -0xC0+arg_28(%sp)
$CODE$:00579C3C 6B D8 3E 29 stw %r24, -0xC0+arg_2C(%sp)
$CODE$:00579C40 6B C0 3F 01 stw %r0, -0xC0+var_40(%sp)
$CODE$:00579C44 4B D4 3E 39 ldw -0xC0+arg_24(%sp), %r20
$CODE$:00579C48 36 9A 01 18 ldo 0x8C(%r20), %r26
$CODE$:00579C4C 4B D9 3E 29 ldw -0xC0+arg_2C(%sp), %r25
$CODE$:00579C50 23 FD 50 0A ldil loc_57A800, %r31
$CODE$:00579C54 E7 E0 2F 98 be,l 0x7CC(%sr4,%r31), %sr0, %r31 # l_svk
$CODE$:00579C58 08 1F 02 42 copy %r31, %rp
$CODE$:00579C58
$CODE$:00579C5C 6B DC 3F 09 stw %r28, -0xC0+var_44(%sp)
$CODE$:00579C60 37 DA 3E B1 ldo -0xC0+var_18(%sp), %r26
$CODE$:00579C64 4B D9 3E 29 ldw -0xC0+arg_2C(%sp), %r25
$CODE$:00579C68 34 18 00 50 ldi 0x28, %r24
$CODE$:00579C6C 23 E1 50 0A ldil loc_542800, %r31
$CODE$:00579C70 E7 E0 20 58 be,l 0x2C(%sr4,%r31), %sr0, %r31 # memcpy
$CODE$:00579C74 08 1F 02 42 copy %r31, %rp
$CODE$:00579C74
$CODE$:00579C78 4B D5 3E 29 ldw -0xC0+arg_2C(%sp), %r21
$CODE$:00579C7C 4A B6 00 08 ldw 4(%r21), %r22
$CODE$:00579C80 4B C1 3F 09 ldw -0xC0+var_44(%sp), %r1
$CODE$:00579C84 08 36 02 9F xor %r22, %r1, %r31 # Clear Seed 1
$CODE$:00579C88 6B DF 3E B9 stw %r31, -0xC0+var_1C(%sp) # Seed 1
$CODE$:00579C8C 4B D3 3E 29 ldw -0xC0+arg_2C(%sp), %r19
$CODE$:00579C90 4A 74 00 10 ldw 8(%r19), %r20
$CODE$:00579C94 4B D5 3F 09 ldw -0xC0+var_44(%sp), %r21
$CODE$:00579C98 0A B4 02 96 xor %r20, %r21, %r22 # Clear Seed 2
$CODE$:00579C9C 6B D6 3E C1 stw %r22, -0xC0+var_20(%sp) # Seed 2
$CODE$:00579CA0 4B DA 3E 39 ldw -0xC0+arg_24(%sp), %r26
$CODE$:00579CA4 4B C1 3E 31 ldw -0xC0+arg_28(%sp), %r1
$CODE$:00579CA8 34 39 00 A8 ldo 0x54(%r1), %r25
$CODE$:00579CAC 23 E4 90 0A ldil loc_588800, %r31
$CODE$:00579CB0 E7 E0 2A 60 be,l 0x530(%sr4,%r31), %sr0, %r31 # l_extract_date
$CODE$:00579CB4 08 1F 02 42 copy %r31, %rp
$CODE$:00579CB4
$CODE$:00579CB8 08 1C 02 58 copy %r28, %r24
$CODE$:00579CBC 4B DA 3E 39 ldw -0xC0+arg_24(%sp), %r26
$CODE$:00579CC0 4B D9 3E 31 ldw -0xC0+arg_28(%sp), %r25
$CODE$:00579CC4 37 D7 3E B1 ldo -0xC0+var_18(%sp), %r23
$CODE$:00579CC8 23 FD 60 0A ldil loc_57B000, %r31
$CODE$:00579CCC E7 E0 24 D8 be,l 0x26C(%sr4,%r31), %sr0, %r31 # sub_57B26C
$CODE$:00579CD0 08 1F 02 42 copy %r31, %rp
Is the same routine for x86-based versions (FlexLM 6.0, lmgrd326a.dll) but in language PA-RISC. FlexLM is compiled for PA-RISC.
At this point I entered data (vendor_key) in "FlexSeedGen.exe" and I got the vendor_key5. I tried with other programs obtaining the same result.
I assumed that the key was right. I entered all the data in the older version of FlexLM SDK that I have, in my case 7.0d. I have compiled the program,
but if I run "lmcrytstr.exe" I obtain an error:
"lc_init failed: Invalid FLEXlm key data supplied FLEXlm error: -44,49."
Would have been too simple.
I thought that SDK FlexLM not accept the values placed then not having a 6.0 SDK, I tried with "FlexLM-Keygen EFALicGen_b0.3_Xan.zip" and on this
program the "vendor_key" with "vendor_name" is declared valid, finding in turn also key5 (the same).
This program permits the signature of feature, I tried a feature (that i have), but the signature generated is not the same. It must be the same ?
I have replaced my original with that calculated but to be invalid.
Someone can help me ? Someone have a FlexLM SDK 6.0d
?Someone knows an emulator for PA-RISC on x86 ?
Thanks.
Kappa.
