Log in

View Full Version : flexlm problem


h27
June 23rd, 2006, 01:19
hi
I generated vendor_keys for "flexlm sdk v9.2 full source" by lmrecode.

vendor_name= demo
#define VENDOR_KEY1 0x4054cac1
#define VENDOR_KEY2 0x4500538e
#define VENDOR_KEY3 0x542a6830
#define VENDOR_KEY4 0x3951f9f9
#define VENDOR_KEY5 0x0b165dca

and I set cro_keys to 0

#define CRO_KEY1 0x0
#define CRO_KEY2 0x0

and I compiled the codes.
I generated uncounted.lic by lmcrypt uncounted.lic
lmwin.exe checked out f2 feature successfully.

I debugged lmwin.exe with olydbg and I had this keys in lc_checkout() input parameters:

#define VENDOR_KEY1 0x2785A15D
#define VENDOR_KEY2 0x4DBC5D1B
#define VENDOR_KEY3 0x5CF366C8
#define VENDOR_KEY4 0x5E809301

now, Question:
Is it correct? keys in lmwin.exe differ from key in lm_code.h.
Had I mistake?
If I have any mistake then how I can find correct keys.
I saw in crackz papers and other paper that this way of obtaining keys is true.
Please help me.

OHPen
June 23rd, 2006, 01:36
Howdy,

tell us a bit how you generate the keys. You simple traced them as input parameters to _lc_checkout. I don't think so...

Provide us with a bit more detail and you surely will be helped.
Maybe you should try to recover the keys manually by using the seeds.

I think you propably recovered fake seeds which are especially for this purpose

Regards,

OHPen

h27
June 24th, 2006, 03:03
hi
thanks OHPen
I find my mistake. keys and seeds of input argument of l_n36_buff are true.
I have another question.
I downloaded lmrecode.c and modified it with glseed and seedval of http://www.woodmann.com/forum/showthread.php?t=7324&highlight=glseed
it generate vendoer_keys correctly but it seems that encription_seeds are wrong.
is it true?
how i can obtain correct encryption_seeds?
(i know ithat i can use calcseed.exe but i want to modify lmrecode.exe)
another question:
is it true that check real_crypt() to check type of license (old style or ecc)?

h27
June 26th, 2006, 00:52
Hi
another question:
I checked lm_new.c of sdk v8.1a and sdk v9.2
algorithms of data are equal and similar.

key->data[0] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff) ;
key->data[1] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff);

therefor also assembly code of them are equal and similar.

I disassembled a software that uses sdk 8.4b.
in l_n36_buff I saw different code from 9.2 and 8.1a.
any body can send lm_new.c of v8.4b?
regards

tom324
June 26th, 2006, 08:30
lm_new.c is auto-generated each time seeds are changed. Two versions of auto-generated lm_new.c will not be the same (even it they belong to same SDK and have same seeds and vendor).

Check:

http://www.woodmann.com/crackz/Tutorials/Danflex.htm

Tom

h27
June 27th, 2006, 03:17
I know that is auto-generated but main structures are fixed and in 9.2 and 8.1 are equal but I think lm_new.c in 8.4b is differant.

tom324
June 27th, 2006, 06:40
lm_new.c is generated in function
static void uniqcode(void ) of lmnewgen.c

Checking the source code of lmnewgen.c I do not see any commnets that indicates uniqcode has changed in the last few versions of flexlm.

Tom

h27
June 28th, 2006, 01:48
HI
If there is no changes, therefor we can use flexlm sdk 9.2 instead of v8.4b.
is it true?