The algorithm used by FlexLM is as follows: (Pseudocode)
Code:
byte in1[32] = {0};
in1[0..3] = Seed1;
in1[4..7] = Seed2;
in1[8..11] = Seed3;
hash1 = SHA1(in1);
byte in2[64] = {0};
in2[0..19] = hash1;
hash2 = SHA1(in2);
if (hash2[0..3] == EncryptionSeed1 && hash2[4..7] == EncryptionSeed2) {
Seeds found :)
}
So it is a double SHA1. Also since the second hash has 64 input-bytes you need 2 rounds. So it is 3 rounds of SHA1 in total for each try.
Also some of the Seed Values can be skipped, since FlexLM will not accept them.
Code:
l_reasonable_seed(unsigned int seed)
{
if (!seed ||
(seed == 1234567890) ||
(seed == 123456789) ||
(seed == 0x11223344) ||
(seed == 0x00112233) ||
(seed == 0x44556677) ||
(seed == 0xdeadbeef) ||
(seed == 0x12345678) ||
(seed == 0x87654321) ||
(seed == 0xabcdef01) ||
(seed == 0x90abcdef) ||
(seed == 0x01234567) ||
(seed == 0x76543210) ||
(seed > 0xfff00000) || /* small negative number */
(seed < 0x00f00000) ) /* small number */
return 0;
return 1; /* success */
}