Flexlm ECC alternate patching methods

Hi Nathan,
This is what I bumped into, some recent (Jan 2013) comments on the specific method of creating your own daemon with your own ECC seed:

===

Hiya,

This is the approach I've been using for the last 5 years or so. I had planned to write a quick tutorial showing the method I'm using, but essentially it goes something like this.

1. Build a lmcrypt.exe for target vendor using your own LM_SEEDS.
2. Dig out the 3 public keys from generated lmcrypt. They are 0x10/0x16 & 0X1F bytes in length as I recall.
3. Replace public keys in target with those from your lmcrypt.
4. Licenses can now be generated.

This is an over-simplification of the process, the public keys are rebuilt byte by byte at run-time so digging out all of the bytes to patch is kind of boring, (I wrote a program to do it). There are some other pitfalls I've seen, some targets have multiple public keys, you can also patch only the public key length your actually interested in, so if the program uses short ECC keys then only the shortest key needs patching.

Best regards,

CrackZ.

===

Cheers,
roli

Quote:

Originally Posted by roli_bark

Hi Nathan,
This is what I bumped into, some recent (Jan 2013) comments on the specific method of creating your own daemon with your own ECC seed:

===

Hiya,

This is the approach I've been using for the last 5 years or so. I had planned to write a quick tutorial showing the method I'm using, but essentially it goes something like this.

1. Build a lmcrypt.exe for target vendor using your own LM_SEEDS.
2. Dig out the 3 public keys from generated lmcrypt. They are 0x10/0x16 & 0X1F bytes in length as I recall.
3. Replace public keys in target with those from your lmcrypt.
4. Licenses can now be generated.

This is an over-simplification of the process, the public keys are rebuilt byte by byte at run-time so digging out all of the bytes to patch is kind of boring, (I wrote a program to do it). There are some other pitfalls I've seen, some targets have multiple public keys, you can also patch only the public key length your actually interested in, so if the program uses short ECC keys then only the shortest key needs patching.

Best regards,

CrackZ.

===

Cheers,
roli

how to patch pubkey��

[nathan]

Quote:

Originally Posted by roli_bark

Hi Nathan,
This is what I bumped into, some recent (Jan 2013) comments on the specific method of creating your own daemon with your own ECC seed:

===

Hiya,

This is the approach I've been using for the last 5 years or so. I had planned to write a quick tutorial showing the method I'm using, but essentially it goes something like this.

1. Build a lmcrypt.exe for target vendor using your own LM_SEEDS.
2. Dig out the 3 public keys from generated lmcrypt. They are 0x10/0x16 & 0X1F bytes in length as I recall.
3. Replace public keys in target with those from your lmcrypt.
4. Licenses can now be generated.

This is an over-simplification of the process, the public keys are rebuilt byte by byte at run-time so digging out all of the bytes to patch is kind of boring, (I wrote a program to do it). There are some other pitfalls I've seen, some targets have multiple public keys, you can also patch only the public key length your actually interested in, so if the program uses short ECC keys then only the shortest key needs patching.

Best regards,

CrackZ.

===

Cheers,
roli

Hi roli,

a long time since we talked on old edaboard !!! Yes that is exactly the method I was mentioning.
It has a significant advatange on the ECC pacth since the pubkey is unique for each daemon and can be easily found in the binary.

Any chance you can send me the link to the discussion or involve me into that one ?

Thnx,

nathan

[nathan]

Nevermind ... found it ...