PDA

View Full Version : FlexLM: what's difference between 7.2a and 7.2f


netman
January 28th, 2002, 00:11
hi,

Anybody out there knows the difference between 7.2a and 7.2f?

I only have SDK 7.2a and try to crack some 7.2f target without success.

I read NB's "Zendenc FLEXLM 7.2 cracking information" and extract seed1 & seed2. And sign length of my target is 12, so I assume that

#define LM_STRENGTH LM_STRENGTH_DEFAULT

Of course, I assigned seed3 & seed4 random numbers. Because the sign length is 12, this target should use the "default" mode (no CRO, no public/private key), right?

Any help?

-----------
netman

netman
January 28th, 2002, 03:54
OK, I got 7.2f SDK.
The result is the same. So......
Not the version issue.

Any suggestion?

PS. I think the seed1 & seed2 are correct ones. I tried different run, got different job struct but the same result from calcseed (thanks to NB).

And, no crypt filter, no checkout filter, either.

----
netman

nblender
January 28th, 2002, 17:57
maybe watch lc_set_attr and see if its setting something else...
Some large mechanical CAD application uses LM_A_CASE_SENSITIVE, so your app may be doing this too.

netman
January 28th, 2002, 22:32
Thanks, NB.

I got two lc_set_attr:

LM_A_USER_CRYPT
LM_A_CRYPT_CASE_SENSITIVE

Will check it out.

Any hint?

----
netman

netman
January 28th, 2002, 23:22
NB,

maybe CASE_SENSITIVE isn't the cause of my wrong lmcrypt.
(I tried both upper and lower sign code, all failed).

I'm not confident about my seed1/seed2 now, could you check my vendorcode/job struct for me?

My cracking platform is SUN Solaris 2.6, the following is the adb segment,

job struct (after lm_new):

0 6600 ff00 dd00 2bd f26f
a0dd f2e2 825e aeb0 0000
00 00 4447 4453 7369 6c70
7961 454c

vendorcode struct (after lm_new):

400 0 9cd8 64b0 4dd8 9789 8836 11bb
a27 2aa1 6ef6 4862 d833 1dce 0 0

So, I assume,

vendorcode+4 (data[0]) : d89cb064
vendorcode+8 (data[1]) : d84d8997

job+8 : bd026ff2
job+c : dda0e2f2
job+10 : 5e82b0ae


Thanks....

Kythen
January 28th, 2002, 23:55
The LM_A_USER_CRYPT is your problem. That sets FlexLM to use a user-defined routine to check the encryption string. The third parameter to the lc_set_attr call that sets that attribute is the address of the routine. The routine is defined like this:
(*crypt)(job, config, sdate, vendorcode); You can check out the FlexLM manual for more details on what the routine should be like.

netman
January 29th, 2002, 00:49
It's wiered...

The parameters to lc_set_attr for LM_A_USER_CRYPT are as follows,

(job, 0xf, 0x0)

Anyway, thanks for reply, Kythen.

----
netman

netman
January 29th, 2002, 05:30
I give up....
No time to dig it deeper, just patched my target.
And it works well.

Thank NB, Kythen for your valuable reply.

----
netman