Exetools  

Go Back   Exetools > General > General Discussion

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 07-19-2020, 16:34
Windoze Windoze is offline
Friend
 
Join Date: Nov 2019
Location: Germany
Posts: 33
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 45
Thanks Rcvd at 32 Times in 13 Posts
Windoze Reputation: 0
Alternate Approach to FlexLM Brute-Force

Hello,

I was looking through the old leaked FlexLM v9.2 source and had an idea...

What we want is LM_SEED1 - 3 but they are nowhere in the shipped files.
But we can get ENCRYPTION_SEED1 and ENCRYPTION_SEED2 from the target.
They are directly generated from the LM_SEEDS via a FIPS186 random generator.
The algorithm used in this RNG is SHA1. This should be much faster to brute force than the elliptic curve crypto.

Did anyone try this approach before? Do you think this is possible?

- Windoze
Reply With Quote
The Following User Says Thank You to Windoze For This Useful Post:
WRP (07-20-2020)
 

Tags
flexlm

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Flexlm ECC alternate patching methods nathan General Discussion 102 05-31-2019 06:30
Brute Forcing a Custom CRC chessgod101 Source Code 0 05-30-2014 03:48


All times are GMT +8. The time now is 18:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )