Hello,

first of all thank you for the chance to reg here and read on for further informations. Im new to all this, read a lot the last weeks and will continue to investigate time.

Generally im a bit pointless on how i can extract needed license information from a rlm protected app. I found the pdf documents for flexlm but there is no such thing (from what i found) for rlm?!
Im trying on my first target which is protected with rlm v10.
The app has two kinds of applications, one main app and also some plugins for various third party apps.
First of all i tried to use RLMHelper, thanks for that awesome tool!
I was able to patch the main and plugin libraries with this.

The curious thing is the rlm and the corresponding vendor (which is a .set file instead of a binary) are serving the license fine. I can see them on localhost but for some reason the already patched libs from main app and plugins dont accept them.

Main app running fine if i place the lic in the $HOME/APP folder but dont accept the same lic file served from the rlm server.
The plugins dont run. It doesnt matter if i place the lic to $HOME/APP or tell the plugin to use the rlm served license.
Maybe the rlm version is too new for the RLMHelper?

Before wasting your time with various infos please tell me if you could need any further information and i will provide that.

Thanks schledde

The main question in this is that im asking if there are any similar documents like the pdfs for flexlm also available for the rlm?
I think that this is a bit different for rlm then for flexlm?

I would like to read and study that for my own first.

You could look for some pdfs in the RLM 9.1 SDK which you might find at bbs.pediy.com (Chinese site); this may require you to register and login to download. Also at exelab.ru search for a link to the RLM Reversing Tutorial pdf, a.k.a. "rlmtut".

I don't have any experience with reversing an RLM target.

Thanks a lot tedshred.
I found both pdf docus from synkro and from kangalooj and also got the pdfs from the sdk 9.2 build.
I'll study the docs today and try that by myself.

However i was not able to find the sdk for rlm in a newer version but will try to grab that also today.

Again thanks a lot tedshred for your help

Hey tedshred,

i studied the pdf documents and its relatively simple to research the pubkeys in the target.
It depends on the target if you find two or three of these pubkeys. Also the pub signature is easy to find and with the sdk i can compile the sign binary. I'll try that tomorrow and see how it works.
But what can i do if i have no demo lic and im not knowing the featurenames or version numbers?
It should not be a problem to get isv name, signature etc. but is there a way i could extract the needed lic infos like featurename and version number from the target?

Thanks for a hint.

I have not studied the RLM SDK documentation. I would suggest trying to find out if there are environment variables or run-time options that could be set to display diagnostic/troubleshooting information.

Thanks a lot tedshred for your help again. I dont get it yet on how to debug a rlm app on runtime but will work on it.
For now i had success with disassembling the file and do a quick research for specific featurenames.
If you found the features the version numbers checked through rlm_checkout() is not far away.

I had success with my app by manually patching the keys and generate the signatures.

There is still one thing i cant understand.
The devs have the choice to ship their app with a ISV daemon as binary file (which will have the exact same pubkey inside for fingerprint in checkout routine) or a ISV daemon.set as settings file (which dont have the pubkeys inside from what i could see).
I tried it now several times and sometimes if you patch your target with a new key, generate the signature depending on the new key, the target complains about bad communication to the ISV daemon.set.
If you use the original target it runs fine.
Seems like im missing something here.

If your app comes with a binary there is no problem at all. It just need to be patched in the ISV binary and the target.