Alternate Approach to FlexLM Brute-Force
Hello,
I was looking through the old leaked FlexLM v9.2 source and had an idea...
What we want is LM_SEED1 - 3 but they are nowhere in the shipped files.
But we can get ENCRYPTION_SEED1 and ENCRYPTION_SEED2 from the target.
They are directly generated from the LM_SEEDS via a FIPS186 random generator.
The algorithm used in this RNG is SHA1. This should be much faster to brute force than the elliptic curve crypto.
Did anyone try this approach before? Do you think this is possible?
- Windoze
|