Flexlm ECC
I am trying to reverse a flexlm protected program which uses ECC.
I Managed to find the seeds and features, build lmcrypt, and patched l_pubkey_verifyl However the program refuses to run, and crashes every time, so I assume that it uses some form of CRC check, and crashes because this value has changed due to patching. What is the general approach to defeat the CRC check? |
how about you show us how to in a tutorial?
someone will help if you serious. |
Not sure what you mean with show us how to in a tutorial?
Do you want me to write a tutorial on how to extract the encryption seeds & patching of l_pubkey_verify?? |
yes please do. not worry 90% are just persons of scripts and automated tool olly plugins.
if very private ask one VIP to move your complete tutorial to VIP area. long time I not seen such one. |
is your target x64?
|
Yes the target is x64
|
fishing of encryption seeds, and patching of l_pubkey_verify is common knowledge, so no need to write a tutorial:)
|
ahmadmansoor ,
why did you ask if my target is x64? |
if that common show us !
I want see basic instinct again, reloaded ! |
Simple,In common way catch CRC checking routine and modify asm code for jmp.
|
Understood, but I have never dealt with CRC checking routines, so can you give me a hint as how do I find the dll or executable which checks the CRC?
|
Quote:
|
Quote:
did you check if it is packed -if yes you will see that the target has many calls out of the .text section with many anti-debug checks - what you need ( as I remember) is dll inject and huck some API before you use HW-BP to bypass anti-debug, then you apply ur patches. |
Well it looks that I have a lot of studying to do, and learn about anti-debug checks, API hooking and dll injecting, because i don't have a clue:D
|
Can you mention your target name?
Because I already have a target with same protection, I hope it not same yours :) |
All times are GMT +8. The time now is 19:53. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX