Page 1 of 1

Tricking FleXnet into thinking its been activated?

Posted: Tue Jan 28, 2014 3:26 pm
by cookiemaster
Alright so I've been digging some more regarding my current "endeavor" and I've found what I'm sure may be the key to cracking this thing.

I have bypassed the activation windows, which means that the program loads but still remains un-activated. Here is what I found:

There is a menu that is called "product license". In this menu there are two things,
1. A button that says "activation codes". This one does a few things and returns a window saying that the product is not registered
2. A button that says "Unregister product". This one does nothing in the program but olly tells me it does the same as the one above, but does not return the window

I loaded up OllyDBG to see what these things do and they both appear to do the same, maybe they both check for activation files but none are found so the second one does noting more.

They activation codes button does this:
1. a non continuable exception with data:
74a2c41f - C9 - LEAVE
2. Another non continuable exception
Same stuff as above but a shift in the stack(jumps to a different address.)
3. Then this:
The attachment e1rxPgn.png is no longer available
4. Then it just continues as normal

What I also found is that there are a few things that refer to what may be another dll(there are 3 main dlls) so there may be something that I'm missing in there.

I have a traffic dump of activation if this is any use, The fleXnet version is 11.

My question is, how can I create a valid Flexnet license that will get recognized by this routines or how do I maybe crack the activation process to generate a valid license with any key(activation is online.)

I'm not far from success, I just need some assistance. Thanks.

Posted: Wed Jan 29, 2014 10:02 am
by condzero
A while back October 2007, I wrote a Tutorial on Flexnet / Safecast protection and how to deal with it.
Not sure how relevant it is today, but perhaps it might be worth a read.

Link is here: http://www.accessroot.com/arteam/site/download.php?view.213

Good Luck.

CZ

Posted: Wed Jan 29, 2014 1:18 pm
by cookiemaster
I will read this, maybe it will give me a few ideas. Thanks.

Posted: Wed Jan 29, 2014 1:38 pm
by istigatore
cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
IF you have a vendor and expired license, please send me links in PM..
REading your post the program use the flexnet TS->"Trusted storage"..
But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...

Posted: Wed Jan 29, 2014 4:20 pm
by cookiemaster
istigatore wrote:cookiemaster, If your program dont use The ECC protection, you can easly make a license with the standard sign.. IF the ECC is present you can patch the pub_key or force the program to accept the standard sign by patching the 2 flags..
IF you have a vendor and expired license, please send me links in PM..
REading your post the program use the flexnet TS->"Trusted storage"..
But i dont know if are present only the fnp libraries or is maybe present the flexnet routine inside a some files(dll/exe)..
I have your same problem with a program, but the my main problem is that the flexlm routine is obfuscated inside the files by "virtual protect"...
I dont have an expired licence, but I do have a traffic dump from the activation port, could that help me?

I dont know if the program is protected by ECC, how can I identify it?

Posted: Wed Jan 29, 2014 5:35 pm
by cookiemaster
I've found something very interesting. When I load the program, I get "Debug Strings" in OllyDBG. They say "(company name) trace: 04". Still analyzing what they do.

Also, when Stepping through the debug messages, once it loads another DLL I get an error, the classic "Microsoft Visual C++ runtime library: The application has requested a runtime to terminate in an unusual way"

Could it be because this program has some sort of protection against debuggers?

Posted: Thu Jan 30, 2014 10:24 am
by istigatore
cookiemaster, if the program have the ECC protection the license show the long SIGN... TRy to search if is present any file with the extension .asr.. It contains the trial license....
Could it be because this program has some sort of protection against debuggers?
Maybe is present a packer/obfuscator... Send me the name of the program in PM....