Log in

View Full Version : who knows how to generates the VENDOR_INFO string from the license key?


hanzi
August 16th, 2006, 00:36
Is there anybody who knows how to generates the VENDOR_INFO string from the license key?

I meet a app that be protected by Flexlm , It use a license that have VENDOR_INFO and DIST_INFo string.

nblender said "It use different algorithms for calculating the VENDOR_INFO field. The VENDOR_INFO field has to be update to match the license key.Using your favorite debuggger and disassembler, reverse the routine which matches the license key to the VENDOR_INFO string and make a keygen."

Is there anybody who knows how to locate the algorithms for calculating the VENDOR_INFO in the routine ?
who knows how to a keygen to generates the VENDOR_INFO string from the license key?

SiGiNT
August 16th, 2006, 01:29
There is a lot more info than you've found in Nolan's essays - a lot more reading should help you out, google will also be a great help, just a hint, using a IDA for disassembly will get you pointed in the right direction, IDA with or without the FlexLM sigs, (use them if you can find them!), does a good job of labeling a lot of the routines.

SiGiNT

nathan
August 17th, 2006, 01:16
I may be wrong, but I believe the VENDOR_INFO (unless you mean VENDOR_STRING) are irrelevant for the license in the sense that you can strip them from your license line and generate a new license without problems.

If you mean VENDOR_STRING that's a totally different story ...

nathan

hanzi
August 17th, 2006, 02:12
Thanks nathan
The app use a license that have VENDOR_INFO and DIST_INFo string Like this:

FEATURE FEATURE1 VENDORname 20051207 15-jan-2006 uncounted 53D5DD0FF467 \
VENDOR_STRING=3-DEMO-25-0-1-VM05120701 \
HOSTID=DISK_SERIAL_NUM=12345678 \
vendor_info="e650c7bb00e81d53" \
dist_info="d17b14a8b615e68cfe928f58fdefa251d38106bb6e33b54518cb1519b2eb424a"
FEATURE FEATURE2 VENDORname 20051207 15-jan-2006 uncounted 5C89B778DC77 \
VENDOR_STRING=3-DEMO-20-0-0-VM05120701 \
HOSTID=DISK_SERIAL_NUM=12345678 \
vendor_info="246b6b3146a892ee" \
dist_info="17eea625fcc8867b2df2aeb097af4996e689800caaa1c7fc5e5e0c5e2ceb42f4"
FEATURE FEATURE3 VENDORname 20051207 15-jan-2006 uncounted 369FA7270A06 \
VENDOR_STRING=3-DEMO-1-0-0-VM05120701 \
HOSTID=DISK_SERIAL_NUM=12345678 \
vendor_info="aba1dc03a7b16794" \
dist_info="12f9e3ff95437a244e592d8be6caf09cd4894eb6d39e956c13ae50ce2642dac1"

I can strip VENDOR_STRING from license line and generate a new license without problems.
But The VENDOR_INFO and DIST_INFo string maybe are accrording to(Feature,exp_date ,key,HOSTID), if you just strip from license line and generate a new license , IT cann't work , and show "Future license file format or misspelling in license file"
.

hanzi
August 17th, 2006, 02:24
Thanks sigint33 :
I have google and read Nolan's:
"Information Hiding Methods used by FlexLM Targets"
"Key Extraction and Encryption Algorithm Reversing"
"Making Tools Work Together"
"Reversing the report encryption algorithm for the flexlm license manager'
"describes an attack on the keys for FlexLM itself"

BUt I haven't found any information for it .

Can you tell me is there any other article about it?
Thanks !

nathan
August 17th, 2006, 05:10
Hi hanzi,

I understand this is the typical custom-vendor-implemented checkout routine. I'm afraid that this is hidden in your program and you need to find this out yourself (IDA+Olly will do the job).
I would start to run the program through olly and search in memory one of the vendor_info or dist strings or trace back from the error message.
If you do not find them I'm afraid you just need to start stepping into the program ...

I did many reverse jobs with these kind of protection they are a real hassle but ... when done it is very fullfilling :-)

nathan

nathan
August 18th, 2006, 11:37
Hi hanzi,

regarding the vendor_info I was wrong. It is a standard attribute which is triggered by the lm_set_attr(...) function with the proper code. Therefore, you should find the corresponding code (from SDK) and monitor any call to lm_set_attr(...).

nathan

hanzi
August 24th, 2006, 23:00
thanks nathan,

I think maybe it is a standard attribute which is triggered by the lm_set_attr(...) function with the proper code.But in the lm_attr.h ,I cann't find a corresponding code for vendor_info . have you ever meet it?

hanke
December 19th, 2006, 05:11
Hi, hanzi,
I met the same problem, did u find way to solve the vendor_info and dist_info?