Flexlm ECC alternate patching methods

[nikkapedd]

nathan i tried the tool, but you need also to change the pub key in the crypter, otherwise the new license will be always useless...
Unfortunately the tool does not recognize the pubkey in the crypter.....
Now i see the version is v1.70...
Have you tried to patch the ecc inside the crypter...????
anyway thanks for the new version....

[nathan]

Quote:

Originally Posted by nikkapedd

nathan i tried the tool, but you need also to change the pub key in the crypter, otherwise the new license will be always useless...
Unfortunately the tool does not recognize the pubkey in the crypter.....
Now i see the version is v1.70...
Have you tried to patch the ecc inside the crypter...????
anyway thanks for the new version....

Well, I'm not that junior in Flexlm ;-). I changed the pubkey in the crypter of course and to be honest I haven't tried to patch the crypter (with a different originating pubkey) but I'll try to do that next ... BTW: lmseeds1=0x1111111 lmseed2=22222222 lmseed3=33333333

[arlequim]

Why do you all still spend so much time trying to patch this silly Elliptic Curve ?!?!? The best alternate, fastest and working method is to patch the return compare of pubkey verify, isn't it? Here is the solution applied on some well-known flexlm library.

ORIGINAL CODE

.textidx:1015779B loc_1015779B: ; CODE XREF: sub_10157010+73Aj
.textidx:1015779B ; sub_10157010+76Aj
.textidx:1015779B lea ecx, [ebp+var_4]
.textidx:1015779E push ecx
.textidx:1015779F lea edx, [ebp+var_D8]
.textidx:101577A5 push edx
.textidx:101577A6 lea eax, [ebp+Dst]
.textidx:101577A9 push eax
.textidx:101577AA mov ecx, [ebp+Memory]
.textidx:101577B0 add ecx, 44h
.textidx:101577B3 push ecx
.textidx:101577B4 mov edx, [ebp+Memory]
.textidx:101577BA mov eax, [edx+4]
.textidx:101577BD push eax
.textidx:101577BE call sub_100B28B0
.textidx:101577C3 add esp, 14h
.textidx:101577C6 mov [ebp+var_20], eax
.textidx:101577C9 cmp [ebp+var_20], 0
.textidx:101577CD jz short loc_101577EB
.textidx:101577CF ; ---------------------------------------------------------------------------
.textidx:101577CF mov ecx, [ebp+var_20]
.textidx:101577D2 push ecx
.textidx:101577D3 push 2930h
.textidx:101577D8 mov edx, [ebp+arg_0]
.textidx:101577DB push edx
.textidx:101577DC call sub_10129060
.textidx:101577E1 add esp, 0Ch
.textidx:101577E4 mov eax, 0FFFFFF8Dh
.textidx:101577E9 jmp short loc_10157853
.textidx:101577EB ; ---------------------------------------------------------------------------
.textidx:101577EB
.textidx:101577EB loc_101577EB: ; CODE XREF: sub_10157010+7BDj
.textidx:101577EB cmp [ebp+var_4], 0
.textidx:101577EF jnz short loc_10157850

PATCHED CODE

.textidx:1015779B loc_1015779B: ; CODE XREF: sub_10157010+73Aj
.textidx:1015779B ; sub_10157010+76Aj
.textidx:1015779B lea ecx, [ebp+var_4]
.textidx:1015779E push ecx
.textidx:1015779F lea edx, [ebp+var_D8]
.textidx:101577A5 push edx
.textidx:101577A6 lea eax, [ebp+Dst]
.textidx:101577A9 push eax
.textidx:101577AA mov ecx, [ebp+Memory]
.textidx:101577B0 add ecx, 44h
.textidx:101577B3 push ecx
.textidx:101577B4 mov edx, [ebp+Memory]
.textidx:101577BA mov eax, [edx+4]
.textidx:101577BD push eax
.textidx:101577BE call sub_100B28B0
.textidx:101577C3 add esp, 14h
.textidx:101577C6 mov [ebp+var_20], eax
.textidx:101577C9 cmp [ebp+var_20], 0
.textidx:101577CD jmp short loc_101577EB
.textidx:101577CF ; ---------------------------------------------------------------------------
.textidx:101577CF mov ecx, [ebp+var_20]
.textidx:101577D2 push ecx
.textidx:101577D3 push 2930h
.textidx:101577D8 mov edx, [ebp+arg_0]
.textidx:101577DB push edx
.textidx:101577DC call sub_10129060
.textidx:101577E1 add esp, 0Ch
.textidx:101577E4 mov eax, 0FFFFFF8Dh
.textidx:101577E9 jmp short loc_10157853
.textidx:101577EB ; ---------------------------------------------------------------------------
.textidx:101577EB
.textidx:101577EB loc_101577EB: ; CODE XREF: sub_10157010+7BDj
.textidx:101577EB cmp [ebp+var_4], 0
.textidx:101577EF jmp short loc_10157850

After all, you can't achieve the impossible without attempting the absurd

Hi, friends.
I just a student, and study Flexlm ECC, hope study updates.