Sany
December 24th, 2012, 04:59
Hello Anybody,
I am new at this Board, i am not a Newbie ;-)
I need a little bit Help for a FLEXlm 11.9 protected target, i have for my target a valid original license file, but i will use the Program on my Laptop.
I searched on this Forum an found any Threads, I just do not know whether the information is still current, the following I have even found out with tutorials from Woodman and crackz.
My Licensefile has, a FEATURE, permanent uncounted, and is locked to a Host ID, and has One_TS_OK, with a SIGN. equals (128 Bit?)
The SDK that i have vom Flexlm is at moment 11.6, from my last Trial Periode.., but i don't find a newer Version from the SDK.
My Target has a Exe file, thats load a Licenser.dll, i traced over this, when loading this the Licensefile.
Okay, now i stuck on finding encrypted Seeds or i stupid or blind
Method #1
So, Quote from CrackZ's "The default value to clean the seeds variable is 3D4DA1D6h, A lot of vendors are lazy or foolish and don't change this default value. So, a very easy way is just search the pattern 3D4DA1D6h in disassembled codes"
I find the Variable "3D4DA1D6" in my Licenser.dll 8 times:
And when i Trace over this, i find the Vendorname in ASCII, but i don't see the seeds?
Is this Method to find Seed1 and Seed2 actually?
Method #2:
i located:
(5AA92503) _l_sg?! (C745 FC B830736F MOV DWORD PTR SS:[EBP-4],6F7330B8)
_l_n36_buff inside _l_sg :
5AA92578 |. 8B88 24050000 MOV ECX,DWORD PTR DS:[EAX+524]
5AA9257E |. FFD1 CALL ECX <= _l_n36_buff?
5AA92580 |. 83C4 0C ADD ESP,0C
5AA92583 |.- E9 0F010000 JMP 5AA92697
But i don't locate a EB09 Jump...
Thanks for help
Greets Sany
I am new at this Board, i am not a Newbie ;-)
I need a little bit Help for a FLEXlm 11.9 protected target, i have for my target a valid original license file, but i will use the Program on my Laptop.
I searched on this Forum an found any Threads, I just do not know whether the information is still current, the following I have even found out with tutorials from Woodman and crackz.
My Licensefile has, a FEATURE, permanent uncounted, and is locked to a Host ID, and has One_TS_OK, with a SIGN. equals (128 Bit?)
The SDK that i have vom Flexlm is at moment 11.6, from my last Trial Periode.., but i don't find a newer Version from the SDK.
My Target has a Exe file, thats load a Licenser.dll, i traced over this, when loading this the Licensefile.
Okay, now i stuck on finding encrypted Seeds or i stupid or blind

Method #1
So, Quote from CrackZ's "The default value to clean the seeds variable is 3D4DA1D6h, A lot of vendors are lazy or foolish and don't change this default value. So, a very easy way is just search the pattern 3D4DA1D6h in disassembled codes"
I find the Variable "3D4DA1D6" in my Licenser.dll 8 times:
And when i Trace over this, i find the Vendorname in ASCII, but i don't see the seeds?

Code:
Search - References to constant 3D4DA1D6
597C708F MOV DWORD PTR SS:[EBP-1A0],3D4DA1D6
597C726A MOV DWORD PTR SS:[EBP-1A4],3D4DA1D6
597F04AF MOV DWORD PTR SS:[EBP-1A0],3D4DA1D6
597F068A MOV DWORD PTR SS:[EBP-1A4],3D4DA1D6
5981CA99 MOV DWORD PTR SS:[EBP-190],3D4DA1D6
5981CC78 MOV DWORD PTR SS:[EBP-194],3D4DA1D6
59848439 MOV DWORD PTR SS:[EBP-190],3D4DA1D6
59848618 MOV DWORD PTR SS:[EBP-194],3D4DA1D6
Is this Method to find Seed1 and Seed2 actually?
Method #2:
i located:
(5AA92503) _l_sg?! (C745 FC B830736F MOV DWORD PTR SS:[EBP-4],6F7330B8)
_l_n36_buff inside _l_sg :
5AA92578 |. 8B88 24050000 MOV ECX,DWORD PTR DS:[EAX+524]
5AA9257E |. FFD1 CALL ECX <= _l_n36_buff?
5AA92580 |. 83C4 0C ADD ESP,0C
5AA92583 |.- E9 0F010000 JMP 5AA92697
But i don't locate a EB09 Jump...
Thanks for help

Greets Sany
