Results 1 to 12 of 12

Thread: Together v5.0 -- Java FlexLM license protection

  1. #1
    Solomon
    Guest

    Together v5.0 -- Java FlexLM license protection

    Target: h**p://164.109.49.29/files/products/together/controlcenter/1340/windows/together.exe(53MB, written in Java)

    This one either needs a 15-day Eval license file named "eval_license.lic", which will be mailed to you after u register on their site for downloading, or FlexLM license server(v7.2d), according to "flexlm.config".

    Here is my eval_license.lic:
    FEATURE TogetherControlCenterEval together 5.0204 23-may-2001 \
    uncounted BBFE2D15F78F HOSTID=DEMO

    I have checked C:\Together5.0\lib\misclib.zip. It contains a package named "flexlm", which seems to be the Java implementation of FlexLM(I have decompiled the whole package). But I can't locate the place where this package is referenced, coz there are too many *.class files. (I have decompressed C:\Together5.0\lib\together.jar and searched in this jar for "flexlm", but no useful info)

    So my question is: How to locate the 15-day check?
    If so we can patch it or make a valid license file.

    Thx for your help.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    EVC_ViPeR
    Guest
    I only have one experience with FlexLM using Java. If you found the folder flexlm, extract the file 'license.class'. Decompile it with JAD and there should be a function named 'checkout()', modify it to just return 0; and recompile and put it back to the jar file. This is just a hint based on other target. Wish this helps.

    EVC_ViPeR
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Solomon
    Guest
    Thank you for your guidance?B I will try it.

    BTW: Many ppl think highly of this UML tool. They compare it with Rational Rose.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    crkr
    Guest
    Solomon (05-07-2001 18:05):
    Here is my eval_license.lic:
    FEATURE TogetherControlCenterEval together 5.0204 23-may-2001 \
    uncounted BBFE2D15F78F HOSTID=DEMO
    Hmm.
    Decompiling with jad gives a file named 'zx.jad' where you can find the following:

    ========================================================

    public zs j() // starting at line 551
    {

    // ...

    aj = new zah(af, x, y, ab, ac, ad, ae);
    ao = an;

    // ...

    int j1 = 1;
    int k1 = aj.a(1, al, am, j1, c(ao));

    // ...

    if(k1 == 0)
    {
    // good guy :-)
    // ...
    } else
    {
    // bad guy :-(
    // ...

    bb = aj.c();
    IdeMessageManagerAccess.getMessageManager().getDefaultPage().printMessage(3, " License checkout failed: " + e());
    if(n)
    System.out.println(a(true) + " License checkout failed: " + e());
    aj = null;
    return null;
    }

    // ...
    }

    public static final int a = 30; // starting at line 1164
    public static final int b = 6;
    public static final int c = 30;
    public static final int d = 8;
    public static final double e = 1.25D;
    public static final int f = 1;
    public static final boolean g = true;
    public static String h = "Cannot connect to license server";
    public static String i = "

    Together will not start without a valid license key AND proper license
    management configuration. If you do not yet have a license key, click
    Get License to request an Evaluation key at the TogetherSoft website.

    Please write togethersoft.com if you need further assistance.
    ";
    public static final int j = 1;
    public static final int k = 2;
    public static final int l = -1;
    public static int m = -1;
    public static boolean n = false;
    public static boolean o = false;
    public static String p = "flexlm.config";
    public static final String q = "gubed.mlxelf";
    public static final String r = "gubedlluf.mlxelf";
    public static String s = "esnecil.dlo";
    public static String t = null;
    public static String u = " Together License Management";
    public static String v = "oisoft/util/ui/plaf/windows/icons/Error.gif";
    public static String w = "oisoft/util/ui/plaf/windows/icons/Question.gif";
    public static int x = 0x13deeaac;
    public static int y = 0xb0c8d383;
    public static int z = 0xa2a1a978;
    public static int aa = 0x10806c1;
    public static int ab = 0x5d5e5687;
    public static int ac = 0xbc9a61d6;
    public static int ad = 0xa450a0eb;
    public static int ae = 0xc420010c;
    public static String af = "uphfuifs";
    public String ag[] = {
    "GpsJoufsobmVtf", "for internal use", "UphfuifsDpouspmDfoufs", "controlcenter", "UphfuifsXijufCpbse", "whiteboard", "UphfuifsFoufsqsjtf", "enterprise", "UphfuifsTpmp", "solo",
    "UphfuifsDpnnvojuz", "community", "UphfuifsEfwfmpqfs", "developer"
    };

    // ...

    ========================================================
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Solomon
    Guest
    Thx crkr!

    I patched "zx.class" and bypassed the initial check, but after I changed the sys date to year 2002 it tried to connect to a license server, even if I patched
    zah.a(int j, String s, String s1, int k, String s2).
    Need further digging.

    Thx again.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    crkr
    Guest
    If you are familiar with FlexLM you should be able to build a valid license file using the information provided.

    I am sure someone is releasing a ready made solution soon ...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Haldir
    Guest
    I recommend reversing the Flexlm Server, well it is 7.2d, but it's still more easy than reversing the java code
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    poekie
    Guest
    I didn't succeed in breaking the protection this way... anyone else had any luck?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    plastiko
    Guest

    Smile Together v5.5 and FlexLm

    I'm currently writing a diploma work about java applications and security, and one of my test-objects was together. you can use my findings to start this great development tool called together ... cheers, plastiko

    WORK

    flexlm.config:
    flexlm.feature = TogetherControlCenterEval
    flexlm.licensePath = eval_license.lic
    flexlm.debug=gubed.mlxelf
    flexlm.fulldebug=gubedlluf.mlxelf

    NOTES:
    1) last two lines only enable tracing informations and are optional - tracing informations are really useful for hacking
    2) first line is not evaluated at all
    3) second line is the name of the lic-file to use, most important entry

    eval_license.lic:
    FEATURE TogetherControlCenterEval together 5.5 permanent uncounted \
    E6F3D618C7CF HOSTID=ANY

    NOTES:
    1) optimal values taken from src-code, correctnes of feature important

    additional directory
    open "together.bat" and choose one of the directories before the misclic.zip file. mkdir "flexlm" and save the attached "license.class" into.

    RUNNING
    .exe or .bat or anything you want.

    TEST
    - date set to 2002
    - working with a big project
    - changes to default and project configuration entries

    ... works fine!


    ps: the values displayed in a previous post are not the content of the vendor-structure; these are the encrypted values of the vendor structure, so not usable with flex-tools

    ps: this msg-board rules!
    Attached Files Attached Files
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #10
    jomamameister
    Guest
    here are some updated links
    windows
    h**p://a1612.g.akamai.net/f/600/1325/9d/www.togethersoft.com/files/products/together/controlcenter/1534v3/windows/vm/together_1534v3.exe

    hpux
    h**p://a1612.g.akamai.net/f/600/1325/9d/www.togethersoft.com/files/products/together/controlcenter/1534v3/unix/others/together_1534v3_others.bin

    solaris
    h**p://a1612.g.akamai.net/f/600/1325/9d/www.togethersoft.com/files/products/together/controlcenter/1534v3/unix/solaris/together_1534v3_solaris.bin

    linux
    h**p://a1612.g.akamai.net/f/600/1325/9d/www.togethersoft.com/files/products/together/controlcenter/1534v3/unix/linux/together_1534v3_linux.bin

    enjoy,
    jomamameister
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Unregistered
    Guest
    plastiko,
    please realize that by disassembling and patching a few java apps you do *not* prove the insecurity of java per se. remember this when you write your diploma thesis :-)

    any comments from more experienced authorities on this?

    also realize that there is absolutely *no* need to patch anything here. a valid license file can be generated using the information provided by the disassembled file containing the encrypted seeds and by using your eyes and your brain, hehe.
    just browse through the file, find some bit operations regarding the encrypted seeds that obviously do some encoding tricks, decode the encrypted values and feed those values into your beloved flextools and make your own license file.
    yes, you *can* use the well known flextools :-)

    i wonder why nobody has released a ready made solution yet. any comments from more experienced authorities on this?

    as plastiko has pointed out, it is very important to keep the flexlm.config and license file concise.

    open your eyes and your mind!

    good luck,
    crkr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  12. #12
    plastiko
    Guest

    Post license() parameters

    don't worry about my work, you don't know the content ...

    ORIGINAL
    int ar = 0x17deeaab;
    int as = 0xb4c8d384;
    int at = 0xa2a1a978;
    int au = 0x1080480;
    int av = 0x5d5e5687;
    int aw = 0xfc9841d8;
    int ax = 0xc07286a2;
    int ay = 0xa0424122;

    DECRYPTING
    av = ~av;
    aw++;
    ax ^= at;
    ay |= au;

    TOSTRING
    these are the values passed to the public license(vendor, d1, d2, k1, k2, k3, k4) constructor, from left to right:

    together
    17deeaab
    -4b372c7c
    -5d5e5688
    -367be27
    62d32fda
    -5eb5ba5e

    FINALLY
    values printed with an Integer.toString(value, 16) after "decrypting". maybe someone would like to feed some tools and try to find out the seeds ... and finally build the correct and long awaited valid license key. I reached my "goal" after one hour and I stopped, cuz no time to invest in the study of this protection (out of scope). maybe later, if not too late ...

    cheers, plastiko
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. XML based FlexLM license file?
    By FrankRizzo in forum The Newbie Forum
    Replies: 0
    Last Post: December 11th, 2010, 18:19
  2. FlexLM 9.0 without license
    By Velos in forum The Newbie Forum
    Replies: 9
    Last Post: May 17th, 2010, 10:36
  3. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30
  5. Question about FlexLM license
    By skew in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: June 9th, 2001, 08:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •