Results 1 to 7 of 7

Thread: Tricking FleXnet into thinking its been activated?

  1. #1

    Tricking FleXnet into thinking its been activated?

    Alright so I've been digging some more regarding my current "endeavor" and I've found what I'm sure may be the key to cracking this thing.

    I have bypassed the activation windows, which means that the program loads but still remains un-activated. Here is what I found:

    There is a menu that is called "product license". In this menu there are two things,
    1. A button that says "activation codes". This one does a few things and returns a window saying that the product is not registered
    2. A button that says "Unregister product". This one does nothing in the program but olly tells me it does the same as the one above, but does not return the window

    I loaded up OllyDBG to see what these things do and they both appear to do the same, maybe they both check for activation files but none are found so the second one does noting more.

    They activation codes button does this:
    1. a non continuable exception with data:
    74a2c41f - C9 - LEAVE
    2. Another non continuable exception
    Same stuff as above but a shift in the stack(jumps to a different address.)
    3. Then this:
    Name:  e1rxPgn.png
Views: 2103
Size:  1.2 KB
    4. Then it just continues as normal

    What I also found is that there are a few things that refer to what may be another dll(there are 3 main dlls) so there may be something that I'm missing in there.

    I have a traffic dump of activation if this is any use, The fleXnet version is 11.

    My question is, how can I create a valid Flexnet license that will get recognized by this routines or how do I maybe crack the activation process to generate a valid license with any key(activation is online.)

    I'm not far from success, I just need some assistance. Thanks.

  2. #2
    A while back October 2007, I wrote a Tutorial on Flexnet / Safecast protection and how to deal with it.
    Not sure how relevant it is today, but perhaps it might be worth a read.

    Link is here: http://www.accessroot.com/arteam/site/download.php?view.213

    Good Luck.

    CZ
    If at first you don't succeed, you're just about average

  3. #3
    I will read this, maybe it will give me a few ideas. Thanks.
    Last edited by cookiemaster; January 29th, 2014 at 16:25.

  4. #4
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
    IF you have a vendor and expired license, please send me links in PM..
    REading your post the program use the flexnet TS->"Trusted storage"..
    But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
    I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...

  5. #5
    Quote Originally Posted by istigatore View Post
    cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
    IF you have a vendor and expired license, please send me links in PM..
    REading your post the program use the flexnet TS->"Trusted storage"..
    But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
    I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...
    I dont have an expired licence, but I do have a traffic dump from the activation port, could that help me?

    I dont know if the program is protected by ECC, how can I identify it?

  6. #6
    I've found something very interesting. When I load the program, I get "Debug Strings" in OllyDBG. They say "(company name) trace: 04". Still analyzing what they do.

    Also, when Stepping through the debug messages, once it loads another DLL I get an error, the classic "Microsoft Visual C++ runtime library: The application has requested a runtime to terminate in an unusual way"

    Could it be because this program has some sort of protection against debuggers?
    Last edited by cookiemaster; January 29th, 2014 at 17:55.

  7. #7
    Registered User
    Join Date
    Jul 2011
    Location
    somewhere in Italy
    Posts
    19
    cookiemaster, if the program have the ECC protection the license show the long SIGN... TRy to search if is present any file with the extension .asr.. It contains the trial license....

    Could it be because this program has some sort of protection against debuggers?
    Maybe is present a packer/obfuscator... Send me the name of the program in PM....

Similar Threads

  1. Replies: 3
    Last Post: January 16th, 2014, 13:48
  2. (In My fucked up way Of thinking...)
    By BanMe in forum Blogs Forum
    Replies: 2
    Last Post: July 28th, 2009, 09:24
  3. # thinking in IDA Pro - how to obtain a copy
    By nezumi-lab in forum Blogs Forum
    Replies: 0
    Last Post: May 10th, 2008, 23:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •