Results 1 to 11 of 11

Thread: Help with flexlm 10.1 license

  1. #1
    naragorn
    Guest

    Help with flexlm 10.1 license

    Hey, ive read a lot lately, but havent found my type of license which goes like this(this is a cracked license i found on web):

    FEATURE Urien_S2k MAPTEK 1.000 01-jan-2013 uncounted AC8FC346E630 \
    VENDOR_STRING=2100000mk>j[FXWFGAEgTX_KA6G_qqBDR[CO?;EXK7BGM:PelqN6MF<V=WWjT`9CG2O8HVQbIXecfbm@a]HLN2Al2@00 \
    HOSTID=ANY

    So the questions are:

    - How do i generate a license that contains Vendor:String,
    - Is there a way to decrypt vendr string?

    Another issue im having is that i cant find features, i know i can search for "lm_ckout" and then i find lc_checkout, but where exactly should i look to get the feature names. (Ive tried enabling FLExlm diagnostics, it doesnt work.

    Hope someone can help me, thx in advance
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Easy answers.

    1. Lmcrypt will generate a license key with whatever information is in the license, so you can put whatever vendor_string you like and it will incorporate it into the license key.

    2. Find lc_auth_data(). After license checkout success virtually a nailed on certainty that lc_auth_data() will be called to retrieve pointers to the various license fields, then simply a case of following your vendor_string to see how its encoded.

    3. Feature name and version is passed through the stack as arguments to lc_checkout().

    If you have the vendor daemon drop me a privmsg.

    Regards,

    CrackZ.

  3. #3
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19

    vendor_string

    The vendor_string is encripted with "3DES".....
    And recover the seeds from this vendor is very easy... The hard is recover the features inside the "vendor_string"...
    P.S: The license is not cracked, is a old "viewer" license
    -----------------------------------------------------------------------------------------------------
    FEATURE viewer MAPTEK 1.000 permanent uncounted xxxxxxxxxxxxxxxxxxxx \
    VENDOR_STRING=2100000mk>j[FXWFGAEgTX_KA6G_qqBDR[CO?;EXK7BGM:PelqN6MF<V=WWjT`9CG2O8HVQbIXecfbm@a]HLN2Al2@00 \
    HOSTID=ANY
    --------------------------------------------------------------------------------------------------------

    The features inside the vendor_string are decripted by the license administrator..As you see, you can change the name of the feature, but you can't modify the vendor_string.....
    .......
    Last edited by istigatore; February 7th, 2012 at 16:22.

  4. #4
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    the vendor daemon not check a VENDOR_STRING. you need RE the main target (client side) and search the recovery sub.

  5. #5
    naragorn
    Guest
    Quote Originally Posted by istigatore View Post
    The vendor_string is encripted with "3DES".....
    And recover the seeds from this vendor is very easy... The hard is recover the features inside the "vendor_string"...
    P.S: The license is not cracked, is a old "viewer" license
    -----------------------------------------------------------------------------------------------------
    FEATURE viewer MAPTEK 1.000 permanent uncounted xxxxxxxxxxxxxxxxxxxx \
    VENDOR_STRING=2100000mk>j[FXWFGAEgTX_KA6G_qqBDR[CO?;EXK7BGM:PelqN6MF<V=WWjT`9CG2O8HVQbIXecfbm@a]HLN2Al2@00 \
    HOSTID=ANY
    --------------------------------------------------------------------------------------------------------

    The features inside the vendor_string are decripted by the license administrator..As you see, you can change the name of the feature, but you can't modify the vendor_string.....
    .......
    i cant change the "Feature", it gives me "Invalid (Inconsistent) License Key", i generated a license thru lmcrypt , using flexlm 10.8 sdk, compiled by me, using the following data, hope you can tell me if these keys are the correct ones.

    #define VENDOR_KEY1 0x52d1fe87
    #define VENDOR_KEY2 0x3c84376a
    #define VENDOR_KEY3 0x8bc3d020
    #define VENDOR_KEY4 0x5aee1fa8
    #define VENDOR_KEY5 0x677960f1
    #define VENDOR_NAME "MAPTEK"
    #define LM_SEED1 0x1903D0BF
    #define LM_SEED2 0x6D6F88E7
    #define LM_SEED3 0x6D6FD0BF
    #define TRL_KEY1 0x613c728c
    #define TRL_KEY2 0xd568c8f7

    Also in lm_code.h it asks for PUBLISHER_ID, should i leave it at 1'?

    So, is there no way to get the feature names?
    or get the encryption key for the Vendor String?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    you need use
    #define ENCRYPTION_SEED1 0xXXXXXXXX
    #define ENCRYPTION_SEED2 0xXXXXXXXX

    instead
    #define LM_SEED1 0x1903D0BF
    #define LM_SEED2 0x6D6F88E7
    #define LM_SEED3 0x6D6FD0BF

    your target use old type of the licensing

    ps: you can share your target software?

  7. #7
    naragorn
    Guest
    i could indeed, just tell me where to upload it
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    rapidshare, sendspace, etc.

  9. #9
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    FoxB
    the vendors check only if the license is valid or not......
    naragorn
    The crypted routine of the vendor_string is present in the exe files(over 200) and in the license administrator....
    To recover the routine you need to reverse the license administrator or the main exe file...
    The license is old style, to build the vendor you need only the 2 encryption seeds.....
    But is not enough to make working the program..
    P.S: the protection is: dongle+ flexlm license.

    good luck

  10. #10
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    the vendor daemon has flexlm v8.0d as result - license can be locked at ANY hostid

  11. #11
    naragorn
    Guest
    ive traced the decrypted vendor string, now, is there a way for me to encrypt the vendor string? so i can modify it and generate a new vendor string?

    I know it uses dongle, ive already reversed that .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. How to extract seeds from flexlm and license
    By varun in forum The Newbie Forum
    Replies: 0
    Last Post: June 18th, 2012, 03:25
  2. flexlm 11 license / new computer
    By Grandpommier in forum The Newbie Forum
    Replies: 13
    Last Post: March 28th, 2010, 13:25
  3. checking correctness of flexlm license
    By ferg_jl in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: October 13th, 2002, 20:25
  4. How to generate flexlm 6.1 license
    By 3M in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 26th, 2001, 17:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •