![]() |
#1
|
|||
|
|||
Flexlm ECC alternate patching methods
After the v8.01 release, I know only 2 ways to bypass ECC protection in Flexlm license manager:
1) a binary patch to force "the good guy" at the end of of _lm_pubverify 2) a binary patch that forces the license manager to use the no ECC option for checking out licenses I want to state that has been quite a while since I worked on that, however, I was wondering if anyone has ever considered to build patches based on the obsucated signature that you can find inside the binary. For instance I analize the vendor_struc and I can fish out the obfuscated signature used for the handshaking between the client and daemon. The interesting part of it is that the signature is unique for any product and it could be easily found by hex searching. I was wondering if it would be possible to write a personalized daemon with the correct seed1-2 and our own ECC and inject the personalized ECC sig inside the binary and generate licenses accordingly. Any thoughs ? Am I missing somting fundamental here ? Thnx, nathan |
The Following User Says Thank You to nathan For This Useful Post: | ||
Indigo (07-19-2019) |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Alternate Approach to FlexLM Brute-Force | Windoze | General Discussion | 9 | 10-21-2020 19:23 |
Anti tamper methods - .Net | msaly | General Discussion | 1 | 07-27-2020 05:27 |
Where are the Class methods? | 5Alive | General Discussion | 0 | 07-28-2005 03:22 |
Different Detection Methods | OHPen | General Discussion | 0 | 10-21-2003 10:11 |