tr1stan

February 23rd, 2009, 08:14

Hello,

I'm playing with Flexlm 11.4 and the CRO feature for some time now and I'm

curious about how Flexlm generates the public and private key for the ECC.

What I found out yet is that it is based on the 3 encryption seed LM_SEED1-3.

So a question came to my mind, because I know LM_SEED1 and 2 from a

target but not LM_SEED3. So is it possible to reveal LM_SEED3 by doing a

birthday attack on the ECC implementation?

I think of doing the following:

1. generate 32bit random values and patch them into LM_CODE.H

2. compile lmcrypt.exe

3. sign a license with my version of lmcrypt

4. compare the result with original license file

Of course you need the vendor keys the cro keys and LM_SEED 1 and 2.

All this information can be revealed aside from LM_SEED3.

Is my assumption correct?

If yes, then it would normaly takes around 2^16 random guesses to find LM_SEED3

which is not really much even if you have to compile and sign a license in a loop.

I'm playing with Flexlm 11.4 and the CRO feature for some time now and I'm

curious about how Flexlm generates the public and private key for the ECC.

What I found out yet is that it is based on the 3 encryption seed LM_SEED1-3.

So a question came to my mind, because I know LM_SEED1 and 2 from a

target but not LM_SEED3. So is it possible to reveal LM_SEED3 by doing a

birthday attack on the ECC implementation?

I think of doing the following:

1. generate 32bit random values and patch them into LM_CODE.H

2. compile lmcrypt.exe

3. sign a license with my version of lmcrypt

4. compare the result with original license file

Of course you need the vendor keys the cro keys and LM_SEED 1 and 2.

All this information can be revealed aside from LM_SEED3.

Is my assumption correct?

If yes, then it would normaly takes around 2^16 random guesses to find LM_SEED3

which is not really much even if you have to compile and sign a license in a loop.