Flexlm ECC alternate patching methods

[WRP]

2 glucose :

Simply convert base64 code to binary )
h**p://www.motobit.com/util/base64-decoder-encoder.asp

[nathan]

In the perspective of digging deeper into the pubkey patch approach I would like to share few very useful information for those that intend to spend time on it.

Find attached the Generic pubkey replacer made by Tanker (win + linux). I tested the Win version on a couple of targets (v11.10 and v11.9.1) and it identifies the pubkey correctly (I double checked in the vendorcode struct in memory), however, I didn't manage to produce a working license, yet (work in progress as I may be missing something crucial in the generation).

Also I would like to recommend the follwing discussion which is quite informative IMHO:
http://bbs.pediy.com/showthread.php?t=152615

What am missing: reverse the obsucation algorithm used to store the pubkey in the client binary (any help is appreciated: CrackZ may be have something to say about ) (note: not the one the scramble it in memory).

Anyone who would like to join the challenge is more than welcome of course. Feel free to test the Pubkey Replacer and feed back with success/unsuccess stories.

Enjoy !

nathan

Quote:

Originally Posted by nathan

In the perspective of digging deeper into the pubkey patch approach I would like to share few very useful information for those that intend to spend time on it.

Find attached the Generic pubkey replacer made by Tanker (win + linux). I tested the Win version on a couple of targets (v11.10 and v11.9.1) and it identifies the pubkey correctly (I double checked in the vendorcode struct in memory), however, I didn't manage to produce a working license, yet (work in progress as I may be missing something crucial in the generation).

Also I would like to recommend the follwing discussion which is quite informative IMHO:
http://bbs.pediy.com/showthread.php?t=152615

What am missing: reverse the obsucation algorithm used to store the pubkey in the client binary (any help is appreciated: CrackZ may be have something to say about ) (note: not the one the scramble it in memory).

Anyone who would like to join the challenge is more than welcome of course. Feel free to test the Pubkey Replacer and feed back with success/unsuccess stories.

Enjoy !

nathan

i cann't download it..

[bridgeic]

Quote:

Originally Posted by nathan

......
Find attached the Generic pubkey replacer made by Tanker (win + linux). I tested the Win version on a couple of targets (v11.10 and v11.9.1) and it identifies the pubkey correctly (I double checked in the vendorcode struct in memory), however, I didn't manage to produce a working license, yet (work in progress as I may be missing something crucial in the generation).
......
nathan

If use this patch, what we should do at FlexLM SDK side? Which files should be modified? lmprikey.h? or some other files together? How to modify?

[bridgeic]

Quote:

Originally Posted by bridgeic

If use this patch, what we should do at FlexLM SDK side? Which files should be modified? lmprikey.h? or some other files together? How to modify?

For license with 239bit SIGN2, I see two groups of private keys as below after compiler SDK. Then whether this ecc patch still work? Or should add the 2nd corresponding pubkey into the patcher also?

static unsigned char lm_prikey[2][3][40] = {{{0x0, 0xb2, 0x45, 0x2c, 0xbc, 0x7e, 0x72, 0xc1, 0x3a, 0x39, 0x5e, 0x67, 0x25, 0xce, 0xd9},
{0x2, 0x1c, 0x8f, 0xa2, 0xe4, 0xb6, 0x4f, 0x7a, 0x2c, 0xd2, 0x6, 0x81, 0xb5, 0xd8, 0xf9, 0xf1, 0x81, 0x6, 0x4a, 0x8e, 0x17},
{0x3, 0xa0, 0x58, 0x89, 0xd2, 0x30, 0x22, 0xd8, 0xca, 0x5e, 0xac, 0x59, 0x33, 0xb3, 0x69, 0xdc, 0x30, 0x9b, 0xb6, 0x8d, 0x24, 0x56, 0x60, 0x23, 0xf0, 0x8c, 0x11, 0xb8, 0xc2, 0xba}}
,
{{0x0, 0x5b, 0xd9, 0xeb, 0xa1, 0xb8, 0x16, 0x1f, 0x95, 0xf5, 0x21, 0x5b, 0xf2, 0x2a, 0x68},
{0x1, 0x6f, 0x67, 0xae, 0x86, 0xe0, 0x58, 0x7e, 0x57, 0xd4, 0x85, 0x6f, 0xc8, 0xa9, 0xa1, 0x6e, 0x2b, 0x9, 0xd8, 0xed, 0xb2},
{0xb, 0x7b, 0x3d, 0x74, 0x37, 0x2, 0xc3, 0xf2, 0xbe, 0xa4, 0x2b, 0x7e, 0x45, 0x4d, 0xb, 0x71, 0x58, 0x4e, 0xc7, 0x6d, 0x95, 0xf, 0x34, 0x9c, 0x4, 0xa3, 0x67, 0x57, 0xa6, 0xd1}}
};

[bridgeic]

Quote:

Originally Posted by bridgeic

If use this patch, what we should do at FlexLM SDK side? Which files should be modified? lmprikey.h? or some other files together? How to modify?

License pass check with <1> use the patch <2> compile SDK with setting s below.

#define LM_SEED1 0x11111111
#define LM_SEED2 0x22222222
#define LM_SEED3 0x33333333

Seems the private keys is related with the values LM_SEED1~3, but don't know the relationship, anyone can give some clue?