Hi all,

currently I'm playing with an application which is protected with FlexNet v11.5. In the past i dealt with some standard FlexLM targets, but the FlexNet-Stuff seams to be quite different, at least regarding the components it is using.

Has anybody reverse engineered the trusted storage of FlexNet ? Where do they hide there data. On unused partition space or somewhere in registry ?

Regards,
OHPen

I found one thread regard secure storage when searching for "Trusted Storage".
Was a nice reading! But there are still lot of questions open.

First lets assume that we are executing on windows:

There are three types of trusted storages:
1. registry
2. file
3. partition (track zero)

Are these single trusted storages interconnected. In my opinion they must be due to the need to prevent inconsistency between the three trusted storages.

Another question would be: Can the vendor which is using FlexNet choose to use only one type of trusted storage and if not and it is using all three types what is the hierarchy umong them. Is the registry checked first and so on.
Imaging somebody is manipulating trusted storage 1, somebody has to check that this image is corrupted and replace it with a valid copy from trusted storage 2 or 3. There must be some priority...

Dumping the trusted storage from track zero is pretty easy, some for file based trusted storage. In case of registry this will be more difficult because the secure storage is for sure not a simple binary blob in registry. The more it will seperated in lots of registry entries i guess. Combining those parts together to regain a full trusted storage could be difficult.

Never the less to attack trusted storage you will have to replace all three tstorage types together at the same time.

If time is letting me, i will try to do so. Seams to be an interesting project...

Regards,
OHPen