Hi
i have a JAVA target that uses all sort of JNI dll for flexlm. the good thing is that i had a valid lic file 30 trial for the target so all i needed to do is change the expire date to somthing larger and patch the ecc for my application.

this is a flexNet 11.4 version when my date has expired and i have changed the date to lets say year 2029
the log file of lmgrd wrote for each feature : Invalid license key (inconsistent authentication ...

i have located the ECC check in the application deamon (not the lmgrd!) and puted a xor eax,eax;ret on it and now in the lmgrd log file there is no more complining.

but still when i run my application i still get that the license not valid.

can anyone give me pointers about how to find what is the issue because if the log file doesn't complain anymore i don't know what else to try...

Thanks.

Call me crazy, but with the app being in JAVA, I would be tempted to decompile the target app, and just remove the calls to FlexLM in there. I would think that even in obfuscated code the references to it would be fairly easy to find.

I could be speaking from my sphincter on this, but that's how I'd approach it at least.

The app is obfuscated with ProGuard that meens that i need to unpack the jar file and repack it in a spacial way so the files with the same name will not be overwriten....

so i had no success in unpacking/repacking ProGuard protection that is why i didn't used this approach.

but i see that it is possible that i can't escape it anymore and i must de-obfuscate the protection
in order to patch the application..

i have attempted in doing the guide of how to do this (Cracking_Java_programs tut from SND)
but i had no luck...

if someone can help me with this obfuscation i will be glad to send the obfuscated jar file.

Thanks.

LaBBa.

You should change your licenses to a permanent one. Some applications check for the trial period and
2029 would be a far to long

Instead add permanent at the position where you changed the expire date.
And check if the application tries to check out an invalid feature for checking if someone has
patched the flexlm lib

tr1stan

i have done that now .. and still doesn't work...
i have talked to some experts regarding to the ProGuard protection and i was told
that it can be easly defeted on a linux OS since in linux there is a support
for a case sensetive files and in linux i can re-pack the jar files without any
issues.. so i will search on how to do this on linux and if it is possible i will be able
to patch the JAVA byte code and re-pack the jar file...

will update when i will have progress..

thanks,
LaBBa.

how did you patch the ECC? Using eccpatch?

While you may already know this, eccpatch no longer works on v9+ of Flexlm.

If you've patched it differently, let me know.

Have Phun

no need to use eccpatch! just search for l_pubkey_verify() and
patch it like LaBBa did and your set!

Hi,

I hope its not too late. I have already patched obfuscated Java programs successfully. You dont need to fully decompress the Jar archive. Just extract the class files(ex: Ab, AB, ab) that you want to patch from the archive in different folders on Windows. Once you have patched them, you have to copy them to a linux box and store them exactly in the same directory structure as they were stored in the jar. For example com.test.me.AB.class should be stored in com/test/me/AB.class. Then you should update your original jar file using the following command : jar uf original.jar test/me/AB.class.

I dont know what you use for decompiling you jar file on Windows but I highly recomend you to use jd-gui it will do the job without having any trouble with case sensitive names.

feel free to ask if you have any questions on java patching.

Akimp3

This is exactly what i'm planing to do.. i'm currently need to patch many files and currently learning about the JAVA byte code to know how to patch it correctly so Thanks. i will let you all know soon how it went...

Hi,

Although it is possible to patch directly the java bytecode by Nopping (0x00) or writing directly java bytecode, the best way is to use Javassist. It gives you the possibility to read a class, inject (high level)Java statements, modify methods and properties and write back all modifications to the class. In my opinion, dont waste your time on Java bytecode and go for Javassist.

Good luck,

akimp3