View Full Version : flexid 8 ltp dongle emulation

July 18th, 2008, 06:02
hey ...

First timer here, so be gentle...

I have to emulate a valid dongle we have because the software has to be moved to a virtual enviroment(vmware esx).

This is perhaps a trivial operation but i seem to have a bit of trouble with it, and i am hoping someone here can help me get started in the right direction.

The software is a software complier and it seems to me that it uses a flexid 8 dongle along with flexlm 5 software. atleast thats what im guessing at.

The software needs a system variable with a path to the license file and drivers for the dongle, so i'm not sure it uses the flexlm service, it is nowhere to be found, beside inside a license directory in the software installations directory, where there is a couple of lm dlls og lmutil.exe.

See attached picture of the dongle. The pc where it is running right now "lmutil lmver" returns:
lmutil - Copyright (C) 1989-1997 Globetrotter Software, Inc.
FLEXlm 5.0a (lmgr.a), Copyright (C) 1988-1996 Globetrotter Software, Inc.

The license file for the software which contains 3 FEATURES linies shown below:
FEATURE CCC68K MRI 3.100 1-jan-00 0 xxxxxxxx "PC" FLEXID=8-XXX
FEATURE MCC68K MRI 5.100 1-jan-00 0 xxxxxxxx "PC" FLEXID=8-XXX
FEATURE ASM68K MRI 7.400 1-jan-00 0 xxxxxxxx "PC" FLEXID=8-XXX
(sorry if i remove relevant data, but i don't know what it means and don't what to give to much away.)

How do i go about this? which tools/skills do i need?


July 18th, 2008, 06:23

this is quite old dongle + flexlm version. i guess there are not much people around here which had experiences with this old flexlm + dongle. It's a quite uncommon combination and not often seen today.

What you probably need is a dumper for the dongle to get the necessary memory content, a disassembler and some reverse engineering skills thus means analysis assembler code. If you have no experience with reverse engineering that you will for sure have problems removing the dongle from the software.

Good luck,


PS: To point you the direction > probably you should concentrate on the dongle check, if you have luck you can simply patch it out. Then you has nothing more to do then creating a new license for the application. I think there are several old tutorials out which shows how to crack such an old version, thus mean getting vendor seeds, etc. In these old versions it was quite easy to retrieve the needed values to build up an license generator.

July 18th, 2008, 07:38
Ive read some about flexlm and keygens, is it posible that i can find a way to generate a valid key that doenst need the dongle?

July 18th, 2008, 12:41
Probably not. The vendor of your software activated a dongle side value verification. If is very unlikly that an alternatative software only based license can be activated without patching.
For sure, if you patch the appropriate places you can circumvent the dongle check. Try to get an FlexLM sdk for your version and produce ida signatures from the included flexlm libraries.
then you load the target in ida + the generate flirt signatures. You will then see all calls to flexlm functions. this must be your point to start with.

July 18th, 2008, 14:57
I'll add a 2c of my own for what its worth.

I'll disagree with OHPen in that I doubt very much whether the vendor has implemented any dongle ID check at all, continuing to link with libraries that are 11 years old says something for the attention they are paying to FLEXlm.

You have a Dallas iButtons dongle, one of the more trivial ones on the market.

Digging the seeds out of MRI.exe (if you have it) and generating a license without the FLEXID string is the way to proceed from here.



July 18th, 2008, 16:27
@CrackZ: You really think, that the dongle only is used for returning a simple identifying string ? I cannot imaging that they implemented it that stupid. But on the other side if you are right and the dongle is more than 11 years old they probably thought this is enough protection



July 19th, 2008, 02:58
This is some very old stuff, we use it because we have some very old products still being used.

Let me try to understand:
The Dallas Ibutton dongle that i have, does not have a emulator for it. So I need to desasemble that exe file whichs does the validation against flexlm/dongle, figure out the correct format of the string and valid keys, so that i can make a license file where it will run without the dongle. Is this correct?

(this realy sound like a good monday project )

July 19th, 2008, 03:42

The FLEXlm library lmgr.a incorporates the iButtons library which fetches the iButtons dongle ID, this is why if you set IDA to disassemble lmgr.a you will find a long list of individual .objs (one of which is called dallas, ;-)).

During the FLEXlm checkout the FLEXlm lib simply parses the license string and if it finds FLEXID=8 it will attempt to retrieve the iButtons ID. The FLEXID is then used as part of the license buffer that FLEXlm builds to generate the valid license key.

So, assuming the developer didn't implement additional checks (unlikely given your targets age), removing the FLEXID=8 string will force the FLEXlm library to skip the check.

OHPen; 11 years old protection would incline me that it *probably* is that stupid. You and I both know all about 'imagination' in protections ;-).



July 19th, 2008, 16:41
@CrackZ: Yeah, you are right. I saw things which were so damn stupid that it causes pain while reversing it

July 21st, 2008, 10:57
For FLEXlm v5.11 ciphered string has 12 symbols. Here is 6. Why?

July 22nd, 2008, 02:43
FoxB was kind enough to lend me his expertise, so my problem is no more.

The solution was a license file which doesnt need the dongle, as CrackZ also had recommended.

I want to thank you all for your help and a big extra thanks goes to FoxB.