Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Old 07-19-2020, 16:34
Windoze Windoze is offline
Join Date: Nov 2019
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 7 Times in 4 Posts
Windoze Reputation: 0
Alternate Approach to FlexLM Brute-Force


I was looking through the old leaked FlexLM v9.2 source and had an idea...

What we want is LM_SEED1 - 3 but they are nowhere in the shipped files.
But we can get ENCRYPTION_SEED1 and ENCRYPTION_SEED2 from the target.
They are directly generated from the LM_SEEDS via a FIPS186 random generator.
The algorithm used in this RNG is SHA1. This should be much faster to brute force than the elliptic curve crypto.

Did anyone try this approach before? Do you think this is possible?

- Windoze
Reply With Quote
The Following User Says Thank You to Windoze For This Useful Post:
WRP (07-20-2020)


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 08:39.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )