View Single Post
  #1  
Old 07-17-2009, 18:05
nathan nathan is offline
Friend
 
Join Date: Jul 2009
Posts: 37
Rept. Given: 4
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 17
Thanks Rcvd at 26 Times in 17 Posts
nathan Reputation: 5
Flexlm ECC alternate patching methods

After the v8.01 release, I know only 2 ways to bypass ECC protection in Flexlm license manager:
1) a binary patch to force "the good guy" at the end of of _lm_pubverify
2) a binary patch that forces the license manager to use the no ECC option for checking out licenses

I want to state that has been quite a while since I worked on that, however, I was wondering if anyone has ever considered to build patches based on the obsucated signature that you can find inside the binary.

For instance I analize the vendor_struc and I can fish out the obfuscated signature used for the handshaking between the client and daemon. The interesting part of it is that the signature is unique for any product and it could be easily found by hex searching.

I was wondering if it would be possible to write a personalized daemon with the correct seed1-2 and our own ECC and inject the personalized ECC sig inside the binary and generate licenses accordingly.

Any thoughs ? Am I missing somting fundamental here ?

Thnx,

nathan
Reply With Quote
The Following User Says Thank You to nathan For This Useful Post:
Indigo (07-19-2019)