Results 1 to 10 of 10

Thread: FlexLM 11.4 Problem after ecc patch

  1. #1

    FlexLM 11.4 Problem after ecc patch

    Hi
    i have a JAVA target that uses all sort of JNI dll for flexlm. the good thing is that i had a valid lic file 30 trial for the target so all i needed to do is change the expire date to somthing larger and patch the ecc for my application.

    this is a flexNet 11.4 version when my date has expired and i have changed the date to lets say year 2029
    the log file of lmgrd wrote for each feature : Invalid license key (inconsistent authentication ...

    i have located the ECC check in the application deamon (not the lmgrd!) and puted a xor eax,eax;ret on it and now in the lmgrd log file there is no more complining.

    but still when i run my application i still get that the license not valid.

    can anyone give me pointers about how to find what is the issue because if the log file doesn't complain anymore i don't know what else to try...

    Thanks.

  2. #2
    Call me crazy, but with the app being in JAVA, I would be tempted to decompile the target app, and just remove the calls to FlexLM in there. I would think that even in obfuscated code the references to it would be fairly easy to find.

    I could be speaking from my sphincter on this, but that's how I'd approach it at least.

  3. #3
    The app is obfuscated with ProGuard that meens that i need to unpack the jar file and repack it in a spacial way so the files with the same name will not be overwriten....

    so i had no success in unpacking/repacking ProGuard protection that is why i didn't used this approach.

    but i see that it is possible that i can't escape it anymore and i must de-obfuscate the protection
    in order to patch the application..

    i have attempted in doing the guide of how to do this (Cracking_Java_programs tut from SND)
    but i had no luck...

    if someone can help me with this obfuscation i will be glad to send the obfuscated jar file.

    Thanks.

    LaBBa.

  4. #4
    You should change your licenses to a permanent one. Some applications check for the trial period and
    2029 would be a far to long

    Instead add permanent at the position where you changed the expire date.
    And check if the application tries to check out an invalid feature for checking if someone has
    patched the flexlm lib

    tr1stan

  5. #5
    i have done that now .. and still doesn't work...
    i have talked to some experts regarding to the ProGuard protection and i was told
    that it can be easly defeted on a linux OS since in linux there is a support
    for a case sensetive files and in linux i can re-pack the jar files without any
    issues.. so i will search on how to do this on linux and if it is possible i will be able
    to patch the JAVA byte code and re-pack the jar file...

    will update when i will have progress..

    thanks,
    LaBBa.

  6. #6

    And so...

    how did you patch the ECC? Using eccpatch?

    While you may already know this, eccpatch no longer works on v9+ of Flexlm.

    If you've patched it differently, let me know.

    Have Phun
    Blame Microsoft, get l337 !!

  7. #7
    no need to use eccpatch! just search for l_pubkey_verify() and
    patch it like LaBBa did and your set!

  8. #8
    Hi,

    I hope its not too late. I have already patched obfuscated Java programs successfully. You dont need to fully decompress the Jar archive. Just extract the class files(ex: Ab, AB, ab) that you want to patch from the archive in different folders on Windows. Once you have patched them, you have to copy them to a linux box and store them exactly in the same directory structure as they were stored in the jar. For example com.test.me.AB.class should be stored in com/test/me/AB.class. Then you should update your original jar file using the following command : jar uf original.jar test/me/AB.class.

    I dont know what you use for decompiling you jar file on Windows but I highly recomend you to use jd-gui it will do the job without having any trouble with case sensitive names.

    feel free to ask if you have any questions on java patching.

    Akimp3

  9. #9
    This is exactly what i'm planing to do.. i'm currently need to patch many files and currently learning about the JAVA byte code to know how to patch it correctly so Thanks. i will let you all know soon how it went...

  10. #10
    Hi,

    Although it is possible to patch directly the java bytecode by Nopping (0x00) or writing directly java bytecode, the best way is to use Javassist. It gives you the possibility to read a class, inject (high level)Java statements, modify methods and properties and write back all modifications to the class. In my opinion, dont waste your time on Java bytecode and go for Javassist.

    Good luck,

    akimp3

Similar Threads

  1. FlexLM ECC, what to patch?
    By oldbrat in forum The Newbie Forum
    Replies: 0
    Last Post: November 15th, 2011, 23:28
  2. How do I patch?
    By illenda in forum The Newbie Forum
    Replies: 10
    Last Post: February 28th, 2010, 22:03
  3. FlexLM v8.x - Problem while trying to retrieve both encryption seeds
    By OHPen in forum Advanced Reversing and Programming
    Replies: 18
    Last Post: June 10th, 2009, 07:42
  4. How to patch a VB3 exe?
    By Solomon in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: November 6th, 2001, 06:34
  5. Laz's vb5 dll patch?
    By 4oh4 in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: November 18th, 2000, 18:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •