hi
I generated vendor_keys for "flexlm sdk v9.2 full source" by lmrecode.

vendor_name= demo
#define VENDOR_KEY1 0x4054cac1
#define VENDOR_KEY2 0x4500538e
#define VENDOR_KEY3 0x542a6830
#define VENDOR_KEY4 0x3951f9f9
#define VENDOR_KEY5 0x0b165dca

and I set cro_keys to 0

#define CRO_KEY1 0x0
#define CRO_KEY2 0x0

and I compiled the codes.
I generated uncounted.lic by lmcrypt uncounted.lic
lmwin.exe checked out f2 feature successfully.

I debugged lmwin.exe with olydbg and I had this keys in lc_checkout() input parameters:

#define VENDOR_KEY1 0x2785A15D
#define VENDOR_KEY2 0x4DBC5D1B
#define VENDOR_KEY3 0x5CF366C8
#define VENDOR_KEY4 0x5E809301

now, Question:
Is it correct? keys in lmwin.exe differ from key in lm_code.h.
Had I mistake?
If I have any mistake then how I can find correct keys.
I saw in crackz papers and other paper that this way of obtaining keys is true.
Please help me.

Howdy,

tell us a bit how you generate the keys. You simple traced them as input parameters to _lc_checkout. I don't think so...

Provide us with a bit more detail and you surely will be helped.
Maybe you should try to recover the keys manually by using the seeds.

I think you propably recovered fake seeds which are especially for this purpose

Regards,

OHPen

hi
thanks OHPen
I find my mistake. keys and seeds of input argument of l_n36_buff are true.
I have another question.
I downloaded lmrecode.c and modified it with glseed and seedval of http://www.woodmann.com/forum/showthread.php?t=7324&highlight=glseed
it generate vendoer_keys correctly but it seems that encription_seeds are wrong.
is it true?
how i can obtain correct encryption_seeds?
(i know ithat i can use calcseed.exe but i want to modify lmrecode.exe)
another question:
is it true that check real_crypt() to check type of license (old style or ecc)?

Hi
another question:
I checked lm_new.c of sdk v8.1a and sdk v9.2
algorithms of data are equal and similar.

key->data[0] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff) ;
key->data[1] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff);

therefor also assembly code of them are equal and similar.

I disassembled a software that uses sdk 8.4b.
in l_n36_buff I saw different code from 9.2 and 8.1a.
any body can send lm_new.c of v8.4b?
regards

lm_new.c is auto-generated each time seeds are changed. Two versions of auto-generated lm_new.c will not be the same (even it they belong to same SDK and have same seeds and vendor).

Check:

http://www.woodmann.com/crackz/Tutorials/Danflex.htm

Tom

I know that is auto-generated but main structures are fixed and in 9.2 and 8.1 are equal but I think lm_new.c in 8.4b is differant.

lm_new.c is generated in function
static void uniqcode(void ) of lmnewgen.c

Checking the source code of lmnewgen.c I do not see any commnets that indicates uniqcode has changed in the last few versions of flexlm.

Tom

HI
If there is no changes, therefor we can use flexlm sdk 9.2 instead of v8.4b.
is it true?