Flexlm user_crypt_filter and SIGN [Archive] - RCE Messageboard's Regroupment

View Full Version : Flexlm user_crypt_filter and SIGN

NoFlexlm

November 28th, 2008, 03:49

I am a beginner for flexlm crack. I have a flexlm 8.1a protected program, it seems that it uses user_crypt_filter.

Code:

.text:0046ADD1                 mov     edx, off_493064

.text:0046ADD7                 push    edx

.text:0046ADD8                 push    4Ah

.text:0046ADDA                 mov     eax, dword_4AC488

.text:0046ADDF                 push    eax

.text:0046ADE0                 call    _lc_set_attr

After study CrackZ's essay, I success recover the permute table and xorvals. Two seeds are also easy to get from l_sg route. With Flexlm 8.1a, I get old version license. This can be checked out successfully.

Code:

INCREMENT feature1 daemon 2008.0 01-jan-00 uncounted 0F33363EB470 HOSTID=INTERNET=*.*.*.*

It seems anything is ok, but the further study let me fully confused.
I use my lmcrypt to generate new version license with SIGN, but it can not be checked out by vendor daemon.

Code:

INCREMENT feature1 daemon 2008.0 01-jan-00 uncounted HOSTID=INTERNET=*.*.*.* SIGN=3EC17038B252

After tracking through the whole crypt_filter function, I finally recover right SIGN for my license. Expected character should be 3EC17038B252.

Code:

INCREMENT feature1 daemon 2008.0 01-jan-00 uncounted HOSTID=INTERNET=*.*.*.* SIGN=2DBD6848A2E4

I try this new license, it works now. But what happens with my lmcrypt? Why my lmcrypt can not generate right sign?

I also try not use crypt_filter in my lmcrypt, then it generates the same wrong new version license but different old version license.
New version SIGN license:

Code:

INCREMENT feature1 daemon 2008.0 01-jan-00 uncounted HOSTID=INTERNET=*.*.*.* SIGN=3EC17038B252

Old version LK license:

Code:

INCREMENT feature1 daemon 2008.0 01-jan-00 uncounted BA674BA6A11B HOSTID=INTERNET=*.*.*.*

I even try to use different permute table in my lmcrypt, the SIGN seems not changed all the time.

Could anybody help explain that? How can I generate right encrypted SIGN license with crypt_filter?

Thanks.

FoxB

November 28th, 2008, 10:23

Upload the vendor daemons file at rapidshare.de

NoFlexlm

November 30th, 2008, 22:45

New study proves my daemon which uses the same seeds and user_crypt_filter also rejects my own SIGN license, but can accept my LK license.
Do I have wrong in my lmcrypt.c file? I remember user_crypt_filter_gen is clarified and lc_set_attr() is also located after lc_init() function.

Code:

extern void user_crypt_filter_gen();

lc_set_attr(lm_job, LM_A_USER_CRYPT_FILTER_GEN, (LM_A_VAL_TYPE)user_crypt_filter_gen);

Could you please give me some advice about this?
Thanks.

FoxB

December 1st, 2008, 09:44

You not have a valid user crypt filter for Synopsys multi vendor daemon.

NoFlexlm

December 2nd, 2008, 01:03

Quote:

[Originally Posted by FoxB;78006]You not have a valid user crypt filter for Synopsys multi vendor daemon.

Hi FoxB,
First, this program is not S*s.
Second, if I have wrong user_crypt_filter, why I can get right LK file for daemon?
Could you please explain that detail?

Thanks.

geophylikai

December 25th, 2008, 10:46

I have the same question!
What can i do when fllexlm with user_crypt_filter???
Thansk a lot

FoxB

December 25th, 2008, 12:17

you need recovery this user crypt filter.

NoFlexlm

December 29th, 2008, 20:53

break on _lc_set_attr, if not 0 is pushed into stack before 4A, then you can find user_crypt_filter encrypt process address. Through that, you can recovery original permute table and XOR values.

Good Luck!