arash16
February 26th, 2017, 10:49
Hi guys
I have recently given a medical application protected by flexlm, asked to crack
since it's almost ten years that i wasn't doing such things, my knowledge was completely out of date, and i didn't know that flexlm is a comercial lie shit manager etc, thinking it's part of the software, so i cracked it on my own.
there was a function with a reference to a string "lm_checkout(..." ending with following:
and it returned -8 or -10 when there was some problem with license, so i just patched the line 516AE from
MOV EAX, DWORD PTR SS:[EBP-1C]
to
XOR EAX, EAX

and it worked fine, however there was a lot of files with the exact same code, so i wrote a simple nodejs script to replace it inside all of them (guessed it right, i'm a web dev these days).
all went fine, software installed and executed well, and I sent it to the guy who requested
but some days later he called and said there's some third party component used by the software and it's not working..
i checked it and it was written in java, and there i found a file: lmtools.exe
and only then i realized (after some searching) that it's flexlm which is already soooooooo famous in reverse engineering communities
i have decided that if i can generate some license, it's better than patching 39 files, and i will be sure that once done, there will be no more problems..
to make it brief: I have extracted seed1 & seed2, generated vendor keys using lmkg3 and I used the only sdk that i could find over the web: 11.9
but the license genrated is not working
licenses are of the form:
i have no idea what ecc check is, but if i'm going to patch something, my own solution is better (disables the whole license checking).
I have two versions of the software, one uses flexlm 10.8.5 and the other uses 11.5
i have read somewhere that flexlm licenses are backward compatible, i want to test it with flexlm sdk 10.8 but i cant find it anywhere
if someone have any tips, i'll be so happy to hear it,
and if someone has sdk 10.8, i will be soooo happier to have it
thanks in advance
I have recently given a medical application protected by flexlm, asked to crack
since it's almost ten years that i wasn't doing such things, my knowledge was completely out of date, and i didn't know that flexlm is a comercial lie shit manager etc, thinking it's part of the software, so i cracked it on my own.
there was a function with a reference to a string "lm_checkout(..." ending with following:
Code:
005216AB |. 83C4 0C ADD ESP, 0C
005216AE |> 8B45 E4 MOV EAX, DWORD PTR SS:[EBP-1C]
005216B1 |. 5F POP EDI
005216B2 |. 8BE5 MOV ESP, EBP
005216B4 |. 5D POP EBP
005216B5 \. C3 RETN
and it returned -8 or -10 when there was some problem with license, so i just patched the line 516AE from
MOV EAX, DWORD PTR SS:[EBP-1C]
to
XOR EAX, EAX


and it worked fine, however there was a lot of files with the exact same code, so i wrote a simple nodejs script to replace it inside all of them (guessed it right, i'm a web dev these days).
all went fine, software installed and executed well, and I sent it to the guy who requested

but some days later he called and said there's some third party component used by the software and it's not working..
i checked it and it was written in java, and there i found a file: lmtools.exe

and only then i realized (after some searching) that it's flexlm which is already soooooooo famous in reverse engineering communities

i have decided that if i can generate some license, it's better than patching 39 files, and i will be sure that once done, there will be no more problems..
to make it brief: I have extracted seed1 & seed2, generated vendor keys using lmkg3 and I used the only sdk that i could find over the web: 11.9
but the license genrated is not working

licenses are of the form:
Code:
FEATURE xxx SA*_*d 1 30-mar-2015 uncounted **20hex chars** \
VENDOR_STRING=*** HOSTID=FLEXID=***
i have no idea what ecc check is, but if i'm going to patch something, my own solution is better (disables the whole license checking).
I have two versions of the software, one uses flexlm 10.8.5 and the other uses 11.5
i have read somewhere that flexlm licenses are backward compatible, i want to test it with flexlm sdk 10.8 but i cant find it anywhere
if someone have any tips, i'll be so happy to hear it,
and if someone has sdk 10.8, i will be soooo happier to have it

thanks in advance