View Single Post
  #1  
Old 09-09-2021, 02:23
DominicCummings DominicCummings is offline
Friend
 
Join Date: Mar 2021
Posts: 14
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 28
Thanks Rcvd at 17 Times in 8 Posts
DominicCummings Reputation: 0
Flexlm license timout / Error -88,309 -- a trivial workaround

Hi all

In case you haven't seen this, it is moderately hilarious: (real link, archive url).

It's an official KB entry (stating "NOTE: For security reasons, the following information is not to be shared with Enduser customers.") that highlights error -88,309 is displayed if a user tries to overcome a Flexlm time-linked license by setting their computer's clock back on either linux or windows.

Clearly, setting the clock back is an absolutely trivial way to overcome time-limited legit licenses. So, how to prevent that error from occurring? Just make sure that you fix atime/otime/what stat displays on a few key files that are OS dependent:

Quote:
The way our method works is to examine file dates in certain directories, and if dates are found > 24 hours in the future, then to deny usage. This is to prevent system clock tampering to allow extended usage of licenses. You will need to change all the files with dates in the future back to the current date.

The directories which you need to check for these files are:

For Windows
(windows or winnt)
------------------
C:\
C:\windows
C:\windows\system
C:\windows\system32
C:\flexlm
the directory where the app is located

For UNIX
------------
v6+ checks these directories
/etc
/tmp
/var

It is recommended to write a batch file or binary to do this that looks like it does something else as providing this information to your end user could enable them to get round the licensing on your software.
The ls_a_check_baddate behavior is as mentioned below:

During the initial handshake between the license server and the client, the system of the client is compared with the system time of the server.

If it is a permanent license, no error is thrown on time differences or bad date checks.
If it is an expiring license, then:
- If bad date on the server is detected, then the error “LM_BADSYSDATE” (-88, minor error 335) is thrown
- If the difference between the client time and server time is more than 24 hrs, then “LM_CLOCKBAD” (-34, minor error 336) is thrown
- If both of the above errors are present, only the first one (LM_BADSYSDATE) is thrown.

A bad date is detected if one of the system files has a last modification time stamp that is greater than the current system time (adjusting for some tolerance)."

Another possibility would be a discrepancy in the time/date between the various machines involved ( server / client / mapped drive's machine).
I am a newbie poster (wanting to learn more and level up) but do find it hilarious that you don't even need to patch _anything_ to get around time limits...

Last edited by DominicCummings; 09-09-2021 at 04:45.
Reply With Quote
The Following 3 Users Say Thank You to DominicCummings For This Useful Post:
niculaita (09-11-2021), qzr (09-11-2021), Windoze (09-11-2021)