Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25

Thread: understanding disassembler lc_init

  1. #16

    Smile understanding disassembler lc_init

    Quote Originally Posted by gerbay View Post
    NoLOcKs needs this information and I prepared a document for the user NoLOcKs..

    Also I cracked flexlm 5.x, 6.x, 7.x, 9.x and 10.8..

    < Improper Request Removed.>
    Hi Gerbay,

    intouch crack.pdf is very well written and good to follow even for a beginning reverser like me. the only thing I don't understand is how did you know that the address from lc_init is base+0x00D850 ?

    Also, do you have any tutors from your 7.x, 9.x and 10.8 flex reversing?

  2. #17
    Hi RCER
    You can use IDA (Interactive Disassembler) and flexlm flirt signature for finding methods easily. Other way; I wrote an IDA plugin (comes with source code, you can find in this forum). You can use my IDA plugin and you can load coff object file or coff library to IDA database, It identifies possible method signatures..

    I didn't write any other tutors about flexlm, but you can read "CrackZ" tutorials about flexlm.. They are good tutorials about flexlm cracking and you can find flexlm 9.2 source code. I think, inspecting source code is a good idea for understanding flexlm license system..

  3. #18

    Smile understanding disassembler lc_init

    Hi Gerbay,

    Thanks a lot and I will follow your advice

    Regards

    RCER

  4. #19
    Here's a VERY good paper on reversing FLEXlm (up until v9.2).
    The BEST artcile I found in the NET so far ...
    Njoy ...
    Attached Images Attached Images
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #20

    Talking understanding disassembler lc_init

    Roli_bark

    Thanks a lot for the tutorial.


    Regards

    RCER

  6. #21
    Quote Originally Posted by roli_bark View Post
    Here's a VERY good paper on reversing FLEXlm (up until v9.2).
    The BEST artcile I found in the NET so far ...
    Njoy ...
    Hi roli_bark,

    I have read the tutorial several times, and am able to follow the red line. However due to the fact that I am a rev engineering rooky, and not familiar with C, I will need to do a lot more reading before I will grasp everything.
    Anyway it is fun to try to learn something new.
    One of the things I have been trying to figure out is how to calculate idx in the below code. I do understand the syntax, but it is unclear to me where the value V = 86 is coming from. I now this is a pointer, but I don't know where to find it

    Maybe you can help me.

    thanks

    Observe that cmath.exe calls lc_new_job(), which in turn calls lc_init(), for vendor & job initialization but
    lmcrypt.exe calls lc_init() directly because vendor keys, seeds and name are already included in lmcrypt.exe
    (put together in vendor structure by macros) so it only needs to initialize job. In both processes there are two calls
    to l_string_key() and in both situations the first one returns 21D5B6E8572E, the insignificant number for
    oldkey(), and only the second call matters. The two processes calls l_string_key() in slightly different ways,
    basically checkout needs to provide user license key for checksum comparison but keygen doesn’t need that input.
    However the part for calculating the true hash are the same.
    int idx = (*job->vendor) % XOR_SEEDS_ARRAY_SIZ; /* idx = V % 20 = 86 % 20 = 6 */

  7. #22
    utuh_garubuk
    Guest
    Quote Originally Posted by gerbay View Post
    I prepared a document about FlexLM 5.0 license cracking..

    it is very easy..

    Thanks gerbay that is very good tutorial. btw..I have question, what's different "HOSTID=ANY" and "HOSTID=WONDERWARE_HWKEYID=xxxxx"..? I successfully build license for "HOSTID=ANY", but the license can not use when I try to build for dongle ("HOSTID=WONDERWARE_HWKEYID=xxxxx") ,I used same lmcrypt as your explain in tutorial. can you help me..
    Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #23
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    you can upload daemon's file?

  9. #24
    zqi.liu
    Guest
    hi utuh_garubuk,
    I have the same question, Did you get the answer for that? please tell me thanks


    MSN:zqi.liu@hotmail.com
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  10. #25
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    utuh_garubuk hasn't been online in about 1.5 years. good luck getting a response from him

Similar Threads

  1. Problem understanding SmartCheck
    By S|cK in forum The Newbie Forum
    Replies: 7
    Last Post: January 3rd, 2006, 17:21
  2. lc_init donīt break
    By NoLOcKs in forum The Newbie Forum
    Replies: 4
    Last Post: November 28th, 2005, 14:25
  3. having trouble understanding
    By MZ_66 in forum The Newbie Forum
    Replies: 2
    Last Post: March 7th, 2005, 21:01
  4. A little help in understanding some crypto
    By nikolatesla20 in forum RCE Cryptographics
    Replies: 11
    Last Post: December 17th, 2004, 12:15
  5. bpx lc_init
    By cillonzo in forum The Newbie Forum
    Replies: 3
    Last Post: November 3rd, 2002, 18:57

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •