Page 1 of 3 123 LastLast
Results 1 to 15 of 39

Thread: how to generat "1" instead of "uncounted" license

  1. #1

    how to generat "1" instead of "uncounted" license

    I search ASCII and replace "uncounted" to "1" in 'keygen', but the 20 chars(''5D9E4758BDE996583F0A " before "VENDOR_STRING" ) don't change accordingly, and generated license can't pass check, seems "uncounted" is hidden at other place.Anyone can give suggestion how to analysis?

    ......

    2011-4-28

    * Closed by Joyung at April 28th. Will follow CrackZ and tedshred's suggestion to learn and study from Flexlm basic. Thanks for all of your help. :-)

    2011-6-2
    * Re-opened to ask for help on 'VENDOR_STRING' encryption method.

    Thanks,
    Joyung
    Last edited by joyung; June 2nd, 2011 at 10:33. Reason: Close the post

  2. #2
    I haven't checked your file so this might not be the answer.

    I'm assuming its an lmcrypt.exe that you have built.

    If so why not just change the license count in the license you are using as a parameter to lmcrypt?.

    If its some groups keygen you'll need to modify the license count passed to the structure used during the generation process.

    Regards, CrackZ.

  3. #3
    Dear CrackZ,

    First, thanks a lot for giving reply.

    The license file generated by the keygen, but it not the usual way as lmcrypt.exe runs, there is no way to give a license file as sample input file for lmcrypt.exe, it's hidden in 'keygen' itself instead.

    This keygen is got from web that built by other guys, I'm novice on this, and this analysis is too diffiult for me, I just replace the ASCII 'uncounted' in keygen with '1', but obviously it doesn't works.

    It will be very appreciated if you can have a check on the keygen file and help on the modification or suggestion.

    Thanks again,
    Joyung
    Last edited by joyung; April 24th, 2011 at 10:29.

  4. #4
    So, yesterday you've got your request deleted and still don't get it?
    We don't do things on demand here. Period.
    We will gladly assist you in learning to do things on your own, but you haven't shown any effort so far (no, downloading someone's keygen from the web does not count).
    Right now your posting is a mere crack-request.

    You want to learn? Fine, show us you're willing and all will be well.

    Regards

  5. #5
    Hi Darkelf,

    Sorry, I really don't know haven't follow the forum rule, I'll modify the post to ask suggestion instead of ask crack then.

    Thanks for the trouble.

    Joyung
    Last edited by joyung; April 24th, 2011 at 20:38.

  6. #6
    Hi Darkelf,

    I modify my post, would you help to have a check whether it is ok? If still break the rule, please help delete my post.

    Thanks for the trouble,
    Joyung

  7. #7
    Howdy,

    I will acquiesce to CrackZ on this one.

    If I dont see a reply by him in the next 24,
    it goes the way of all requests.

    Woodmann
    Learn Or Die.

  8. #8
    I've decided not to help you in the conventional sense as all you really want to do is modify a scene keygen for your own purposes. I will instead offer several suggestions and you can choose whether to take them or not.

    1. This keygen links lmgr.lib from the v8.3b FLEXlm SDK and is in fact little more than a GUI on top of lmcrypt.

    2. Knowing 1; you can either modify the keygen to utilise a counted license instead of an uncounted one (hint: you don't modify the 'uncounted' string), or you could recover the seeds from the keygen and build your own lmcrypt. I suggest the latter.

    Without some evidence that you have done some elementary debugging or searching for a solution, I won't assist you any more than this.

    Regards, CrackZ.

  9. #9
    "lmcrypt" programs using FlexLM 6.1 for this software vendor used "permutation tables" in the license generation process. I do not know if this is for the case for the keygen program in question. If it is, you can search this forum for more info. It may be easier to modify the program using a debugger.

  10. #10
    Checking my archives.

    As tedshred says; this vendor uses its own defined encryption scheme so recovering the seeds and building lmcrypt will not be enough.

    This is beyond you.

    With the above in mind, you need to understand how the FLEXlm license buffer is constructed and what data is used for the license count, then modify it live in a debugger as tedshred suggests.

    You've hit a brick wall.

    Regards, CrackZ.

  11. #11
    Hi CrackZ&tedshred,

    Thank you so much for your checking and suggestion, although it is too difficult for me for lack of some basic knowledge, but I will follow your suggestion and study it by myself first instead of asking crack directly.

    Also thanks woodman acquiesce to CrackZ on my case.

    Thanks again,
    Joyung

  12. #12
    Quote Originally Posted by tedshred View Post
    "lmcrypt" programs using FlexLM 6.1 for this software vendor used "permutation tables" in the license generation process. I do not know if this is for the case for the keygen program in question. If it is, you can search this forum for more info. It may be easier to modify the program using a debugger.
    Hi tedshred,

    Follow your suggestion, I search the forum and found someone recommend the essay below for study and understand Crypt Filters first.

    Do you know whether there is "demonstration "blenderd" program" can be downloaded for reference and study?

    Thanks in advance,
    Joyung

  13. #13
    I don't know of a blenderd.exe example daemon file available for download. If you can find/get a version 8 FlexLM SDK, you can use the source files for the demo.exe example daemon as a starting point for modification. I can't help you with finding the SDK.

  14. #14
    Quote Originally Posted by tedshred View Post
    I don't know of a blenderd.exe example daemon file available for download. If you can find/get a version 8 FlexLM SDK, you can use the source files for the demo.exe example daemon as a starting point for modification. I can't help you with finding the SDK.
    Thanks, tedshred.
    Last edited by joyung; April 26th, 2011 at 23:59.

  15. #15
    After set "memory break point" at '01284BDC' and long trace, I see codes below:

    77C160C1 8917 MOV DWORD PTR DS:[EDI],EDX
    77C160C3 83C7 04 ADD EDI,4
    77C160C6 BA FFFEFE7E MOV EDX,7EFEFEFF
    77C160CB 8B01 MOV EAX,DWORD PTR DS:[ECX]
    77C160CD 03D0 ADD EDX,EAX
    77C160CF 83F0 FF XOR EAX,FFFFFFFF
    77C160D2 33C2 XOR EAX,EDX
    77C160D4 8B11 MOV EDX,DWORD PTR DS:[ECX]
    77C160D6 83C1 04 ADD ECX,4
    77C160D9 A9 00010181 TEST EAX,81010100
    77C160DE ^ 74 E1 JE SHORT msvcrt.77C160C1

    It generate the 20 chars(before VENDOR_STRING, 4D6EE7EB79F91B901558 as default) here, but I don't know how to go on the analysis.

    Although it maybe a long way for me, seems I'd better follow CrackZ and tedshred's suggestion to learn and study from the basic.

Similar Threads

  1. Replies: 0
    Last Post: February 13th, 2014, 07:42
  2. Replies: 4
    Last Post: May 28th, 2009, 13:02
  3. Replies: 1
    Last Post: December 14th, 2007, 13:35
  4. Can't "Step" after "Pause
    By Lena in forum OllyDbg Support Forums
    Replies: 2
    Last Post: May 5th, 2004, 21:14
  5. Setting up a broadcast socket in a LAN as "license server"
    By DakienDX in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: February 17th, 2001, 08:37

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •