I have a target protected by flexlm 8.0d,
I got info below with the method Nolan Blender's Zendenc FLEXlm 7.2 cracking information essay supplied

vendor name "gxxxxxxLM"
job struct is
[009425B0] - 00000066 f...
[009425B4] - 009700a3 ....
[009425B8] - a566b39e ..f.
[009425BC] - d8bcaf0b ....
[009425C0] - 495cdefe ..\I

vendorcode struct after call
[0012EA38] - 00000000 ....
[0012EA3C] - 00000004 ....
[0012EA40] - 7808afc9 ...x
[0012EA44] - 811b262d -&..
[0012EA48] - 220a3bb4 .;."
[0012EA4C] - 7e844866 fH..
[0012EA50] - 9acbaf14 ....
[0012EA54] - 8ebb4b85 .K..
With the newest calcseed,which correct the g bug,I got the 2 seeds
seed1 = d754e6af
seed2 = 2e476f4b
also vendor key 1-4
With Mr. macilaci's method I got the same seeds,so i am sure the
seed1-2 and vk1-4 are correct.So I generate vkey5 with lmvkey, FlexSeedGen,lmrecode( with v8 support),no one can pass flexlm
SDK 8.0c 's validation. cause an error Invalid FLEXlm key data supplied FLEXlm error: -44,49
Any one can tell me : Is my vkey 5 wrong ,or 8.0c cannot generate
8.0d keygen? How can I get correct vkey5 satified 8.0d
zhzx@slof.com

vendor name = "geomaticLM" job struct is
[009425B0] - 00000066 f...
[009425B4] - 009700a3 ....
[009425B8] - a566b39e ..f.
[009425BC] - d8bcaf0b ....
[009425C0] - 495cdefe ..\I

vendorcode struct after call
[0012EA38] - 00000000 ....
[0012EA3C] - 00000004 ....
[0012EA40] - 7808afc9 ...x
[0012EA44] - 811b262d -&..
[0012EA48] - 220a3bb4 .;."
[0012EA4C] - 7e844866 fH..
[0012EA50] - 9acbaf14 ....
[0012EA54] - 8ebb4b85 .K..

They change the globalseed in 8.0d .
That's why you got the -8 return .
Check your 8.0d target's l_sg and l_zint to get the correct glseed
and seedval .

Hi Nobody

I have patched the lmrecode as PadsPCB said like below.
He said this glseed is up to 8.1 good.
Why it can't work on 8.0d?
Wish your reply. Thank you.


PadsPCB's post

For those of you who need, i've upped here a recode for up to 8.1
but only change in this particular is the glseed
case(8): /* version 8.0 */
glseed = 0x3CDE3EBF;
break;
and on nbl_svk
/* PATCH for version 8 - uses different value here. */
if (glseed == 0x3CDE3EBF)
{
seedval = 0x6F7330B8;
}

If anyone have success on 8.1 plese give me a call

Best

PadsPCB

I found the different seedval in VerificationNavigate 2002 (v8.0d in its daemon ).
if (glseed == 0x3CDE3EBF)
{
seedval = 0x50B99F4A;
}

Maybe you can try it and see if it's the root cause of your problem . If you have 8.1/8.2SDk ,please kindly share with us .

Thank you for your help. I have solve this problem absolutely.I 'll
list my work below as a return for people who help me.
fiist , I find something interesting. From my 8.0c protected app and
8.0c sdk I find the glseed and seedval 8.0c used are just the same as 7.x's, 0x788f71d2 and 0x7648b98e . And 8.0d use a different pair 0x3CDE3EBF, 0x6F7330B8 .These info can be extracted from l_sg and l_zinit easily.So i do my work step by step.
1 feeds info to lmcode.h with vkey1-4,seed1-2 and vkey5 generated by lmrecode with 8.0d glseed&val patched.
2 when an error occur, a lmnewgen.exe( or lmrand2.exe for MD link) generated. patch its l_zinit and l_sg with 8.0d glseed&val
and named it lmnewgen_for80d.exe
3 modify makefile
lmnewgen_for80d.exe demo.exe -o lm_new.c
4 run build and it pass correctly and lmcrypt.exe,makekey.exe etc
generated.
5 patch lmcrypt.exe,makekey.exe etc 's l_zinit and l_sg with 8.0d glseed&val. and all OK!
That all.
zhzx@slof.com

Sorry i give the wrong seedval. It's the constant use in l_n36buf to scramble with time derived random value. Not the seedval .Thank you for your information . You did the great job .

I summatize my work below so as not to reply to the e-mail one by one.
The background is, I have a target app protected by flexlm 8.0d,and
like most of you,I have only 8.0c SDK which was downloaded from the
CrackZ's Reverse Engineering Page.I also have latest calcseed and
lmRecode.
First,I make a lmgr8.0 sig file from the lmgr.lib and lmgr8a.lib and
lmgr_md.lib included in 8.0c SDK,and apply them to my target's deamon.
With some additional effort,I find l_sg,l_new,l_zinit,l_ckout_string_key etc.
Then I load the deamon into WDASM with the command line parameter like
"-T zzx 8.0 4 -c license.dat" and insert a break at l_new calling as Mr
Nolan Blender essay teach me.When step over call lm_new instruction I
got job struct,vendercode struct and vendor name.With calcseed I got
vendor key 1-4 and encseed 1-2.With the method of Mr. Maculaci I have
the same result,So I am sure these info are correct.After that I input
this data to lmrecode and vendor key 5 generated.I feed all of these
to lmcode.h of 8.0c SDK and build it, then a error occured after
lmnewgen.exe was generated:
Invalid FLEXlm key data supplied FLEXlm error: -44,49
Second,I checked the l_sg and l_zinit of lmnewgen.exe and found its glseed
and seedval are same as 7.x and defferent from 8.0d. The glseed&val pair
of 7.x up to 8.c are 0x788f71d2 and 0x7648b98e,and these of 8.0d and later
are 0x3CDE3EBF, 0x6F7330B8.Please note it when you use lmrecode or other
lmtools.
The following work is easy.All my keys and seeds are correct,but not fit
for 8.0c.So I patch lmnewgen.exe:

_l_zinit proc near ;
push ebp
mov ebp, esp
sub esp, 8
mov eax, [ebp+arg_4]
neg eax
sbb eax, eax
and eax, 0D0E83B58h
add eax, 788F71D2h ; glseed !!!!!!!!!!!

_l_sg proc near
push ebp
mov ebp, esp
sub esp, 24h
mov [ebp+var_C], 7648B98Eh ; seed val !!!!!!!!!

and rename it to lmnewgen8.0d.exe.
modify makefile
lmnewgen demo.exe lm_new.c
to
lmnewgen8.0d demo.exe lm_new.c
Run build.bat and no more error and lmcrypt.exe,makekey.exe etc generated.
Run lmcrypt.exe license.dat the error occur again:
Invalid FLEXlm key data supplied FLEXlm error: -44,49
So we should patch lmcrypt.exe,makekey.exe etc one by one if you need,I
think lmcrypt.exe is enough. It has the same _l_sg and _l_zinit so you
can patch it easily.
That all. I don't know how about 8.1 because I have neither 8.1 target
nor 8.1 sdk.
zhzx@slof.com

Hi to everyone!
Are there anybody who practiced this strategy? I have several questions...