Results 1 to 9 of 9

Thread: Help on FlexLM 11.9.1 integrated in .dll, finding seed's

  1. #1

    Help on FlexLM 11.9.1 integrated in .dll, finding seed's

    Hello Community,

    i try to generate a license for an Application that ist protected with FlexLM 11.9.1 the FlexLM protection is implemented to a .dll file.
    It is a node locked license, i have a working demo license for the application.

    I found a nice pdf about FlexLM encryption seed recovery, but i stuck at finding the seed's.
    I loaded the licenser.dll into olly dbg, and find the constant "6F7330B8" for _l_sg and then i tried to find
    the call into the _l_n36 buff function but i have no luck with that, i dont found a FF 90 call like mentioned in the PDF.
    There are only two calls in the _l_sg function in this .dll so i put on both call's a breakpoint and tried to start debugging
    but ollydbg terminates the debuging of the dll way before i reache the breakpoint's.

    How can i debug a for seed's when FlexLM routine are integrated into an .dll?

    I have aleady red a lot of threads about FlexLM license gernation and i think i know that i have to patch the .dll to accept old style license
    file (ECC patch) is that right?


    If the Software is needed i can send a Name, downloadlink via PM.

    Thank You all fo your help.

    Freakster
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    just tell us the daemon vendore name

  3. #3
    The deamon vendor Name is "KNX"

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    Freakster235, if the program use the ecc protection and long SIGN, you need to patch the dll..
    If not, you can patch the license checkout without waste time to fish the seeds to use the program without license... Is not hard, you need only to find the right hole....

  5. #5
    Quote Originally Posted by istigatore View Post
    Freakster235, if the program use the ecc protection and long SIGN, you need to patch the dll..
    If not, you can patch the license checkout without waste time to fish the seeds to use the program without license... Is not hard, you need only to find the right hole....
    Hallo istigatore,

    there are a couple more problems i think. If i patch the dll with the generic ECC patcher, what work perfect, the program wouldn't run anymore,
    i found out that the program is developed with .Net Framework and uses die "Strong Name" Feature for all components, so if i patch the dll the executable
    would not accept the dll anymore.
    So i deactivate the StrongName Feature with the .Net SDK, but there is also a Signature check feature implemented in the executable, and i have no clue
    how to reverse the executable to remove the license checking or the internal signature check.

    Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    Freakster235, the "Strong Name" Feature can easly defeated by patching the mscoree dll;
    and maybe "Signature check" feature is an integrity ckeck.. You need to debug the exe/dll inside a .net debugger.. TRy reflector

  7. #7
    Quote Originally Posted by istigatore View Post
    Freakster235, the "Strong Name" Feature can easly defeated by patching the mscoree dll;
    and maybe "Signature check" feature is an integrity ckeck.. You need to debug the exe/dll inside a .net debugger.. TRy reflector
    Hello istigatore,

    thanks for your advice with the .Net Debugger. I have downloaded and tried reflector, i thought i found the checksums in the executeable but it seems that i was wrong.
    I think i have way to less experience with Debugging to get this stuff working.

    But the other Thing for my understanding is, i have patched the dll, but i still Need the seed and vendor Name to generate a working license without SIGN or not?

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    If you have patched the ecc protection inside the dll, you need only to make a fake crypter with a fake seeds...
    If the program does not use ECC you need to recover the seeds to make a full working license(or patch the checkout to use the program without license)
    If the program use ECC, you can patch the 2 flags(in some programs/flexlm version is only 1)to force the program to use the standard SIGN: in this case you need to recover the seeds
    I suggest you to study the flexlm protection to find the holes.. The study of the flexlm sdk is a good approach, also some articles present in the web are very good to learn..
    Good luck...

  9. #9
    Hi istigatore,

    iam not sure that i understand the Thing with the fake license. I have patched the dll with the generic ecc patcher. What Information do i Need for a fake license, the vendor?
    But you talk about two different ways to patch the ECC function or the flags.
    I tried to disassembe the .dll with IDA Pro but i cannot find the needed FlexLM functions. I also tried to load the FLIRT signatures into IDA Pro, no success.
    There are different tutorials for FlexLm an holes in the protection, but i didnt find any tutorial for newer FlexLM Versions.

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Flexlm seed question
    By Robocop in forum The Newbie Forum
    Replies: 2
    Last Post: December 17th, 2005, 15:35
  2. how to use adb to get the seed on unix?
    By jb1968 in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 7th, 2004, 09:17
  3. FlexLM feature finding problem
    By password in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: June 10th, 2004, 01:53
  4. IDA 4.50 released, with integrated debugger!
    By dELTA in forum Off Topic
    Replies: 23
    Last Post: March 27th, 2003, 12:43
  5. Help finding +Orc Packs
    By Seri_ in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: August 12th, 2001, 03:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •