Log in

View Full Version : flexlm


diazpi
February 19th, 2010, 11:07
Hello all,

I wonder if libraries flexlm (eg lmgr.lib) are encrypted, and possibly, how to know what type of encryption

Thanks

CrackZ
February 22nd, 2010, 16:20
lmgr.lib is not encrypted in any version of FLEXlm, however there are some caveats.

Up to v9.5 of the lib virtually all FLEXlm function names can be resolved, the Certicom components however have never had names that are particularly useful.

After v9.5 any FLEXlm functions not expressly required by the linker are trashed, so its possible to still get a lot of the top level API but not the internals, (note very few of the internal functions actually have that many changes which would prevent you identifying them eventually).

Regards,

CrackZ.

diazpi
February 23rd, 2010, 03:52
Thank you for your responses.

I tried several times with Flair tool to find the functions used (especially the function _l_sg) in lmgr.lib, but never succeed.
could you tell me what is the best way to proceed.

have nice day

gerbay
February 24th, 2010, 08:28
I think you are using flexlm 10.8
I decrypted some important function names in lmgr.lib for flexlm v10.8.0.10 which are listed below;

Code:

_l_checkout _dphZyaFrEi
_l_zcp _f6OM1
_l_getattr _oNv11tI8X
_l_ckout_borrow _hLdt3B2HNTHU8P
_lm_start_real _q2VEzycBvkmtV
_l_clear_error _onY2eNTPULxvE
_l_valid_version _nJVFZaYWPI291sq
_LM_SET_ERROR _kr9ug73f3LU
_l_good_lic_key _zJpA5Dgmrye72H
_l_crypt_private _mWlxIGa4kzBTn
_l_compare_version _qZynTq8R9GS_66aH0
_l_local_verify_conf _ukmMEEEvVO5iDyVApv1
_l_date _eMyyW7
_l_extract_date _k8DBCRXD5Ec64M
_l_start_ok _q0qA_SPY75
_l_host _nIs8VN
_l_malloc _aJ4vIc1P
_l_keyword_eq _weGHn1xvTqtd
_l_ckout_ok _wTevoAgXbq
_l_parse_feature_line _g0_2d76r1js0spmQv8Wt
_l_free_conf _oEJuxOWTtRP
_verify_server_key _jiyBiRPkzN6vKI5Q0
_is_confg_in_list _dPeODdQ_n2QFVIoG
_copy_conf_data _ghHyh1VyLW1QkZ
_l_free_conf_no_data _xw_luPhn4YfvOLkrHSt
_l_check_conf _ozSnQqcg5Tho
_l_borrow _gyfFKAoe
_l_sg _kCXb
_l_key _gkYlg
_l_svk _a14kn
_sCopyString _nm9AA6gZDM8A1Cm6ELBGL4A0qW11
_l_sndmsg _hEeqjFF_
_l_rcvmsg_str _e4Mu9oE_Nzr6
_real_crypt _g4svTqlVgT
_valid_code _ancRArxxO4
_reverse_bits _mz8_9VkjzyYl
_our_encrypt _aS5Kmxv3WyS
_our_encrypt2 _hSBbttISDMJM

diazpi
February 24th, 2010, 09:07
Thanks you very much for your answers.

if I understood, simple use of Flair tool to create a. pat, is not sufficient.
Can you, without going into detail, put me on the road.

have a nice day
Pierre

gerbay
February 25th, 2010, 03:58
my steps;

I load lmgr.lib into ida database using my plugin (http://www.woodmann.com/collaborative/tools/Advanced_obj_and_lib_IDA_signature_ripper ("http://www.woodmann.com/collaborative/tools/Advanced_obj_and_lib_IDA_signature_ripper"))

I search encrypted method names in ida function list and rename it.

for example; method name "_kCXb" should be change "_l_sg" for flexlm v10.8

diazpi
February 25th, 2010, 08:44
but rather as empirical method ?
That is what I took my bearings

in any case thank you for everything

FoxB
February 26th, 2010, 10:52
@diazpi: u can see to 'lmstrip.c' file from flexlm source package as starting point...