Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Tricking FleXnet into thinking its been activated?

First timers and new learners, this forum is for you. Please use the search function to see if your question has already been answered.
Locked
cookiemaster
Junior Member
Posts: 12
Joined: Thu Jan 16, 2014 12:58 am

Tricking FleXnet into thinking its been activated?

Post by cookiemaster »

Alright so I've been digging some more regarding my current "endeavor" and I've found what I'm sure may be the key to cracking this thing.

I have bypassed the activation windows, which means that the program loads but still remains un-activated. Here is what I found:

There is a menu that is called "product license". In this menu there are two things,
1. A button that says "activation codes". This one does a few things and returns a window saying that the product is not registered
2. A button that says "Unregister product". This one does nothing in the program but olly tells me it does the same as the one above, but does not return the window

I loaded up OllyDBG to see what these things do and they both appear to do the same, maybe they both check for activation files but none are found so the second one does noting more.

They activation codes button does this:
1. a non continuable exception with data:
74a2c41f - C9 - LEAVE
2. Another non continuable exception
Same stuff as above but a shift in the stack(jumps to a different address.)
3. Then this:
The attachment e1rxPgn.png is no longer available
4. Then it just continues as normal

What I also found is that there are a few things that refer to what may be another dll(there are 3 main dlls) so there may be something that I'm missing in there.

I have a traffic dump of activation if this is any use, The fleXnet version is 11.

My question is, how can I create a valid Flexnet license that will get recognized by this routines or how do I maybe crack the activation process to generate a valid license with any key(activation is online.)

I'm not far from success, I just need some assistance. Thanks.
Attachments
e1rxPgn.png
User avatar
condzero
Member
Posts: 44
Joined: Thu Apr 01, 2004 10:08 am

Post by condzero »

A while back October 2007, I wrote a Tutorial on Flexnet / Safecast protection and how to deal with it.
Not sure how relevant it is today, but perhaps it might be worth a read.

Link is here: http://www.accessroot.com/arteam/site/download.php?view.213

Good Luck.

CZ
If at first you don't succeed, you're just about average
cookiemaster
Junior Member
Posts: 12
Joined: Thu Jan 16, 2014 12:58 am

Post by cookiemaster »

I will read this, maybe it will give me a few ideas. Thanks.
istigatore
Junior Member
Posts: 19
Joined: Sun Jul 31, 2011 10:11 am
Location: somewhere in Italy

Post by istigatore »

cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
IF you have a vendor and expired license, please send me links in PM..
REading your post the program use the flexnet TS->"Trusted storage"..
But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...
cookiemaster
Junior Member
Posts: 12
Joined: Thu Jan 16, 2014 12:58 am

Post by cookiemaster »

istigatore wrote:cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
IF you have a vendor and expired license, please send me links in PM..
REading your post the program use the flexnet TS->"Trusted storage"..
But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...
I dont have an expired licence, but I do have a traffic dump from the activation port, could that help me?

I dont know if the program is protected by ECC, how can I identify it?
cookiemaster
Junior Member
Posts: 12
Joined: Thu Jan 16, 2014 12:58 am

Post by cookiemaster »

I've found something very interesting. When I load the program, I get "Debug Strings" in OllyDBG. They say "(company name) trace: 04". Still analyzing what they do.

Also, when Stepping through the debug messages, once it loads another DLL I get an error, the classic "Microsoft Visual C++ runtime library: The application has requested a runtime to terminate in an unusual way"

Could it be because this program has some sort of protection against debuggers?
istigatore
Junior Member
Posts: 19
Joined: Sun Jul 31, 2011 10:11 am
Location: somewhere in Italy

Post by istigatore »

cookiemaster, if the program have the ECC protection the license show the long SIGN... TRy to search if is present any file with the extension .asr.. It contains the trial license....
Could it be because this program has some sort of protection against debuggers?
Maybe is present a packer/obfuscator... Send me the name of the program in PM....
Locked