Results 1 to 14 of 14

Thread: Flexnet

  1. #1

    Flexnet

    hello guys,
    i used to reverse software in the past using tools like Ollydbg and so on.
    Now i came across with a software tha uses flexnet licensing (11.12.1)
    i have read a lot of things in different sites but i havent found a guide that could help me understand what i have to do.
    I tried to read the manual of flexera, i saw some things like vedor name and vedor kess, encrypted seeds, ecc patching
    and so on but it all sound chinese to me. i saw at soma other forums tha they have some video tuts but i can not dowload them since you need reputation points. (www.finetopix.com)
    Could someone pls help me step by step what to do.
    I would really appreciate that.

  2. #2
    Do you have a copy of the software in question? If so, upload it to mega and I'll have a look.

  3. #3
    Quote Originally Posted by qd0097 View Post
    Do you have a copy of the software in question? If so, upload it to mega and I'll have a look.
    here is the link:
    https://www.dropbox.com/s/u5w2304mtg1nlox/App.rar?dl=0

    have a look pls and explain me please the steps of reversing it.
    I would be very happy if you could tell me what to do. I tried to patch it with olly but as far as i saw
    its not possible to do that. u have to make the lic file and imcrypt exe and so on but i couldnt understand the whole pocedure.
    I will be very glad if anyone could give me some help and hints.

  4. #4
    From my understanding, the program appears to be trialware. E.g It gives you access the full functionality for the duration of the trial. In this case, 30 days.

    I guess the easiest way to "bypass" this programs protection is to delete the information that alerts the program that it has been installed for longer than 30days.
    If I were you, I'd install a VM, record the install process and then see what files have been installed where.

  5. #5
    Quote Originally Posted by qd0097 View Post
    From my understanding, the program appears to be trialware. E.g It gives you access the full functionality for the duration of the trial. In this case, 30 days.

    I guess the easiest way to "bypass" this programs protection is to delete the information that alerts the program that it has been installed for longer than 30days.
    If I were you, I'd install a VM, record the install process and then see what files have been installed where.
    yes you are right this is an option. but how can i do it? can i debug tha installation set up eg with olly and see what it does???

  6. #6
    Use a tool like Total Uninstall within the VM.

    Once installed within the VM.
    1) Click 'File' -> Install New
    2) Type the program name and browse to the setup path.
    3) Click 'Launch the setup program' and let the installer do it's thing.
    4) Run the recently installed program till it opens, then close it.
    5) Click 'Program is installed' to generate the list of changes.

    6) Search through the changes and find the file(s)\key(s) that store info related to the trial date.

  7. #7
    Quote Originally Posted by qd0097 View Post
    Use a tool like Total Uninstall within the VM.

    Once installed within the VM.
    1) Click 'File' -> Install New
    2) Type the program name and browse to the setup path.
    3) Click 'Launch the setup program' and let the installer do it's thing.
    4) Run the recently installed program till it opens, then close it.
    5) Click 'Program is installed' to generate the list of changes.

    6) Search through the changes and find the file(s)\key(s) that store info related to the trial date.
    Thank you, I will try it and let you know!

  8. #8
    Quote Originally Posted by qd0097 View Post
    Use a tool like Total Uninstall within the VM.

    Once installed within the VM.
    1) Click 'File' -> Install New
    2) Type the program name and browse to the setup path.
    3) Click 'Launch the setup program' and let the installer do it's thing.
    4) Run the recently installed program till it opens, then close it.
    5) Click 'Program is installed' to generate the list of changes.

    6) Search through the changes and find the file(s)\key(s) that store info related to the trial date.
    I tried it but I couldnít manage to recognize any info about evaluation license in any file or registry key unfortunately....
    Any other solution?...

  9. #9
    Are you sure? Did you install it in a VM or did you install it on your host machine? I'm guessing you installed it on the host machine, and that is why you did not see any meaningful info.

    If you want to know another option, then you can use LordPE or CFFExplorer to look at the import/export tables of the exe. It might lead you to DocFrame.dll, it has some very interesting stuff in it.
    Install IDA Free and dissemble the program. Use the strings (Views -> Open Subviews -> Strings) to narrow down your search area. HINT: type in "licence".

    Use a hex editor (Hex Editor Neo) to patch the file. This website will help you identify what hex code you need to use to convert jump types e.g. jz to jnz.

  10. #10
    Quote Originally Posted by qd0097 View Post
    Are you sure? Did you install it in a VM or did you install it on your host machine? I'm guessing you installed it on the host machine, and that is why you did not see any meaningful info.

    If you want to know another option, then you can use LordPE or CFFExplorer to look at the import/export tables of the exe. It might lead you to DocFrame.dll, it has some very interesting stuff in it.
    Install IDA Free and dissemble the program. Use the strings (Views -> Open Subviews -> Strings) to narrow down your search area. HINT: type in "licence".

    Use a hex editor (Hex Editor Neo) to patch the file. This website will help you identify what hex code you need to use to convert jump types e.g. jz to jnz.

    hey !!!! yes u r right i install it on a host machine. Ill do it on a virtual machine and ill try the same( thought it was the same). i will check the docframe.dll as well. thank u very much for spending your time to help me!!

  11. #11
    Quote Originally Posted by qd0097 View Post
    Are you sure? Did you install it in a VM or did you install it on your host machine? I'm guessing you installed it on the host machine, and that is why you did not see any meaningful info.

    If you want to know another option, then you can use LordPE or CFFExplorer to look at the import/export tables of the exe. It might lead you to DocFrame.dll, it has some very interesting stuff in it.
    Install IDA Free and dissemble the program. Use the strings (Views -> Open Subviews -> Strings) to narrow down your search area. HINT: type in "licence".

    Use a hex editor (Hex Editor Neo) to patch the file. This website will help you identify what hex code you need to use to convert jump types e.g. jz to jnz.
    Hey u were right. I run docframe.dll with ollydbg and I saw that my trial license gets decrypted and then it finds if 30 days have passed. One way to reverse it is to change the comparison not with 30 but 1000 days, or to change the license from evaluation to perpetual. I inline patched the .dll so it thinks the license is perpetual. I want to thank u for your help. I didnít learn to reverse flexnet security but I reversed the software. Reversing flex net looks to require a lot of knowledge which I donít have. Anyway did u manage to to extend this program with the other way u told me? I mean with seeing what it installs when on vm? Because I could manage to do that even if I did it on vm.
    Also I would like to ask you if you think Ida is more helpful than ollydbg and if you have any good resources and video tutorials for flexnet. Just for fun. I enjoy reversing. Thank u.

  12. #12
    Quote Originally Posted by qd0097 View Post
    Are you sure? Did you install it in a VM or did you install it on your host machine? I'm guessing you installed it on the host machine, and that is why you did not see any meaningful info.

    If you want to know another option, then you can use LordPE or CFFExplorer to look at the import/export tables of the exe. It might lead you to DocFrame.dll, it has some very interesting stuff in it.
    Install IDA Free and dissemble the program. Use the strings (Views -> Open Subviews -> Strings) to narrow down your search area. HINT: type in "licence".

    Use a hex editor (Hex Editor Neo) to patch the file. This website will help you identify what hex code you need to use to convert jump types e.g. jz to jnz.
    Yes u were right. Finally I did it. I opened tha app with ollydbg and in docframe.dll somewhere it checks the encrypted license and sees if 30 days have passed. One way is to change the number 30 with eg 1000 and the other is when it checks the type of license to make it thanks it is perpetual. So I in-line patched it and everything is fine, no trial any more.
    I want to ask u if u managed to extend it using total uninstall on a vm because I didnít manage to do that.
    Do you believe IDA is better than olly in reversing? I havenít used it yet.
    And last I want u to ask you if you have any video tuts for reversing flexnet. I enjoy reversing even if I managed finally to reverse my target.
    Thank u for your help. !

  13. #13
    Hi guys. Has anyone worked with FlexNet Embedded? This technology is significantly different from FlexLm. And I haven't found any useful info about it. Investigated software (written in java) interacts with flxcore64.dll via some protocol. The dynamic library contains security core, written in some assembler. This assembler is emulated inside the dll. Some sources tells that security core is called "TRA engine" - proprietary Flexera technology. Licenses are contained in separate file, all license data presented in open view but each license is signed with 256 or 512 bytes signature. Have anyone any idea what do to with this monster?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Have any of you guys tried the search engine on this site or dug deeper into the archives? I entered flexlm in the search engine and it returned 9 hits, one of them by Nicola Tesla who was a premier reverser here at one time. He is joined in the discussion by other top reversers.

    I have never tried flexlm but I know you don't simply bypass trials with such protection with a simple tweak. If it seems that simple, you can bet they have a surprise waiting for you after a timeout period.

    For example, when you tamper with bytes in some protections they have a CRC check, or far more sophisticated checks, to determine if adjustments have been made to the code, or even if a debugger is working. If they detect that, they can be clever about it and not let on they have caught you. Some have been smart-assed about it and left messages for the reverser but I can see others allowing you to continue with the trial for a while then deleting part of the code.

    That's exactly what happened to me once. I was playing with a protected app and it deleted an entire directory with vital files once it detected a debugger.

    I do recall seeing several tutorials on flexlm on this site. Learn about how it works and some of the horror shows related to making it work without it's protective shell. For educational purposes, of course.

Similar Threads

  1. Flexnet 11.9.0 for people who need
    By greenoaktree in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: March 2nd, 2013, 04:00

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •