View Full Version : flexlm problem
h27
June 23rd, 2006, 01:19
hi
I generated vendor_keys for "flexlm sdk v9.2 full source" by lmrecode.
vendor_name= demo
#define VENDOR_KEY1 0x4054cac1
#define VENDOR_KEY2 0x4500538e
#define VENDOR_KEY3 0x542a6830
#define VENDOR_KEY4 0x3951f9f9
#define VENDOR_KEY5 0x0b165dca
and I set cro_keys to 0
#define CRO_KEY1 0x0
#define CRO_KEY2 0x0
and I compiled the codes.
I generated uncounted.lic by lmcrypt uncounted.lic
lmwin.exe checked out f2 feature successfully.
I debugged lmwin.exe with olydbg and I had this keys in lc_checkout() input parameters:
#define VENDOR_KEY1 0x2785A15D
#define VENDOR_KEY2 0x4DBC5D1B
#define VENDOR_KEY3 0x5CF366C8
#define VENDOR_KEY4 0x5E809301
now, Question:
Is it correct? keys in lmwin.exe differ from key in lm_code.h.
Had I mistake?
If I have any mistake then how I can find correct keys.
I saw in crackz papers and other paper that this way of obtaining keys is true.
Please help me.
OHPen
June 23rd, 2006, 01:36
Howdy,
tell us a bit how you generate the keys. You simple traced them as input parameters to _lc_checkout. I don't think so...
Provide us with a bit more detail and you surely will be helped.
Maybe you should try to recover the keys manually by using the seeds.
I think you propably recovered fake seeds which are especially for this purpose
Regards,
OHPen
h27
June 24th, 2006, 03:03
hi
thanks OHPen
I find my mistake. keys and seeds of input argument of l_n36_buff are true.
I have another question.
I downloaded lmrecode.c and modified it with glseed and seedval of http://www.woodmann.com/forum/showthread.php?t=7324&highlight=glseed
it generate vendoer_keys correctly but it seems that encription_seeds are wrong.
is it true?
how i can obtain correct encryption_seeds?
(i know ithat i can use calcseed.exe but i want to modify lmrecode.exe)
another question:
is it true that check real_crypt() to check type of license (old style or ecc)?
h27
June 26th, 2006, 00:52
Hi
another question:
I checked lm_new.c of sdk v8.1a and sdk v9.2
algorithms of data are equal and similar.
key->data[0] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff) ;
key->data[1] ^=
(((((long)sig[0] << 1)|
((long)sig[1] << 0) |
((long)sig[2] << 3) |
((long)sig[3] << 2))
^ ((long)(t->a[1]) << 0)
^ ((long)(t->a[11]) << 8)
^ x
^ ((long)(t->a[0]) << 16)
^ ((long)(t->a[3]) << 24)
^ key->keys[1]
^ key->keys[0]) & 0xffffffff);
therefor also assembly code of them are equal and similar.
I disassembled a software that uses sdk 8.4b.
in l_n36_buff I saw different code from 9.2 and 8.1a.
any body can send lm_new.c of v8.4b?
regards
tom324
June 26th, 2006, 08:30
lm_new.c is auto-generated each time seeds are changed. Two versions of auto-generated lm_new.c will not be the same (even it they belong to same SDK and have same seeds and vendor).
Check:
http://www.woodmann.com/crackz/Tutorials/Danflex.htm
Tom
h27
June 27th, 2006, 03:17
I know that is auto-generated but main structures are fixed and in 9.2 and 8.1 are equal but I think lm_new.c in 8.4b is differant.
tom324
June 27th, 2006, 06:40
lm_new.c is generated in function
static void uniqcode(void ) of lmnewgen.c
Checking the source code of lmnewgen.c I do not see any commnets that indicates uniqcode has changed in the last few versions of flexlm.
Tom
h27
June 28th, 2006, 01:48
HI
If there is no changes, therefor we can use flexlm sdk 9.2 instead of v8.4b.
is it true?
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.