Log in

View Full Version : flexlm

diazpi
February 19th, 2010, 11:07
Hello all,

I wonder if libraries flexlm (eg lmgr.lib) are encrypted, and possibly, how to know what type of encryption

Thanks
CrackZ
February 22nd, 2010, 16:20
lmgr.lib is not encrypted in any version of FLEXlm, however there are some caveats.

Up to v9.5 of the lib virtually all FLEXlm function names can be resolved, the Certicom components however have never had names that are particularly useful.

After v9.5 any FLEXlm functions not expressly required by the linker are trashed, so its possible to still get a lot of the top level API but not the internals, (note very few of the internal functions actually have that many changes which would prevent you identifying them eventually).

Regards,

CrackZ.
diazpi
February 23rd, 2010, 03:52
Thank you for your responses.

I tried several times with Flair tool to find the functions used (especially the function _l_sg) in lmgr.lib, but never succeed.
could you tell me what is the best way to proceed.

have nice day
gerbay
February 24th, 2010, 08:28
I think you are using flexlm 10.8
I decrypted some important function names in lmgr.lib for flexlm v10.8.0.10 which are listed below;

Code:


_l_checkout	       _dphZyaFrEi                                

_l_zcp                  _f6OM1

_l_getattr              _oNv11tI8X

_l_ckout_borrow         _hLdt3B2HNTHU8P

_lm_start_real          _q2VEzycBvkmtV

_l_clear_error          _onY2eNTPULxvE

_l_valid_version        _nJVFZaYWPI291sq

_LM_SET_ERROR           _kr9ug73f3LU

_l_good_lic_key         _zJpA5Dgmrye72H

_l_crypt_private        _mWlxIGa4kzBTn

_l_compare_version      _qZynTq8R9GS_66aH0

_l_local_verify_conf    _ukmMEEEvVO5iDyVApv1

_l_date                 _eMyyW7 

_l_extract_date         _k8DBCRXD5Ec64M

_l_start_ok             _q0qA_SPY75

_l_host                 _nIs8VN

_l_malloc               _aJ4vIc1P

_l_keyword_eq           _weGHn1xvTqtd

_l_ckout_ok             _wTevoAgXbq

_l_parse_feature_line   _g0_2d76r1js0spmQv8Wt

_l_free_conf            _oEJuxOWTtRP

_verify_server_key      _jiyBiRPkzN6vKI5Q0

_is_confg_in_list       _dPeODdQ_n2QFVIoG

_copy_conf_data         _ghHyh1VyLW1QkZ

_l_free_conf_no_data    _xw_luPhn4YfvOLkrHSt

_l_check_conf           _ozSnQqcg5Tho

_l_borrow               _gyfFKAoe

_l_sg                   _kCXb

_l_key                  _gkYlg

_l_svk                  _a14kn

_sCopyString            _nm9AA6gZDM8A1Cm6ELBGL4A0qW11

_l_sndmsg               _hEeqjFF_

_l_rcvmsg_str           _e4Mu9oE_Nzr6

_real_crypt             _g4svTqlVgT

_valid_code             _ancRArxxO4

_reverse_bits           _mz8_9VkjzyYl

_our_encrypt            _aS5Kmxv3WyS

_our_encrypt2           _hSBbttISDMJM
diazpi
February 24th, 2010, 09:07
Thanks you very much for your answers.

if I understood, simple use of Flair tool to create a. pat, is not sufficient.
Can you, without going into detail, put me on the road.

have a nice day
Pierre
gerbay
February 25th, 2010, 03:58
my steps;

I load lmgr.lib into ida database using my plugin (http://www.woodmann.com/collaborative/tools/Advanced_obj_and_lib_IDA_signature_ripper ("http://www.woodmann.com/collaborative/tools/Advanced_obj_and_lib_IDA_signature_ripper"))

I search encrypted method names in ida function list and rename it.

for example; method name "_kCXb" should be change "_l_sg" for flexlm v10.8
diazpi
February 25th, 2010, 08:44
but rather as empirical method ?
That is what I took my bearings

in any case thank you for everything
FoxB
February 26th, 2010, 10:52
@diazpi: u can see to 'lmstrip.c' file from flexlm source package as starting point...