Need Help Seed Flexlm (BP)

fkecil · #1 12-22-2010, 03:00 AM

Dear All master,
I already trying Flexlm Encryption seed recovery technique.pdf
but, I confuse to find BP1, BP2 and BP 3
Can you help me
The vendor.exe and the lic is in http://www.mediafire.com/?x4vddcb3h3ym7nr

thanks
-fkecil-

I try to capture my process

Quote:

But I don't know this is right BP???

Thanks for your help

-fkecil-

for the information
i use flexlm version 9.2

thanks

-fkecil-

zhengwei · #2 12-23-2010, 03:44 AM

Hi all there,
after a long time I'll be back at this board.

This time I have a WIBU-BOX/RU+ Dongle and already search the board about "wibu". But I found not exactly answer about this special dongle.

So, before I search deeper about this dongle, I would ask you if there is any possibility to emulate the dongle?

Thanks all,

hock · #3 12-23-2010, 03:46 AM

on first look
your license file is missing the USE SERVER line

hock

fkecil · #4 12-23-2010, 05:31 AM

dear hock,
the license in http://www.mediafire.com/?x4vddcb3h3ym7nr is real license that i get from the vendor, the problem is this license is expire,
in my process
I want to make my license, so first i must know seed, i try to follow manual (from git), but i confuse to find BP1, BP2, and BP3..
also the seed.

i don't understand step "Delete the 16 random bytes inside the job structure, (starting @ job+04 and ending @ job+13), and
replace with “00”
in dump windows the job structure is

Quote:

00952BA5 6D 63 66 6C 6F 6F 72 00 00 00 00 00 00 00 00 00 mcfloor.........
00952BB5 00 00 00 00 00 00 00 00 00 00 00 50 2E 95 00 00 ...........P.•..
00952BC5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952BD5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952BE5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952BF5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C35 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952C55 00 00 00 00 00 00 00 00 00 00 00 F8 60 95 00 B0 ...........ø`•.°
00952C65 61 95 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a•..............

where is job+04 and job+13??
can anyone help me to find the seed,thanks

hock · #5 12-23-2010, 02:58 PM

do your self a favor. remove the original license file posted by you. use this file for recovering the seeds. just reupload the daemon if some one needs it.

SERVER this_host any 27000
VENDOR lmcfloor
USE_SERVER

INCREMENT test lmcfloor 1 1-jun-2020 1 0123456789AB

BP#1 at 00415437
BP#2 at 0040CFA1
BP#3 at you have to search it.

read the paper very very carefully.
the job structure begins with 66 in your case. it is usually the first argument to the function call to _l_n36_buff which gets populated via the _time call.

hock

fkecil · #6 12-24-2010, 02:14 PM

dear hock,
thanks for your reply,
i already find BP#3 is in 0040CE49

at step "Check the memory address inside ecx or edx.(follow in dump).One of them will contain the location of
the job structure"
this is the job structure

Quote:

00952838 66 00 00 00 87 00 B3 00 ED 08 68 82 25 B9 D3 00 f...‡.³.íh‚%¹Ó.
00952848 00 00 88 00 00 00 00 00 00 00 00 00 00 00 00 00 ..ˆ.............
00952858 00 00 00 00 74 65 73 74 00 00 00 00 00 00 00 00 ....test........
00952868 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952878 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00952898 38 28 95 00 00 00 00 00 08 24 95 00 08 50 95 00 8(•.....$•.P•.
009528A8 00 00 00 00 00 BE 95 00 00 00 00 00 38 77 95 00 .....¾•.....8w•.
009528B8 01 00 00 00 01 00 00 00 60 77 95 00 98 30 95 00 ......`w•.˜0•.
009528C8 04 00 00 00 38 7C 69 0C 5A E8 00 71 7B A2 77 07 ...8|i.Zè.q{¢w
009528D8 BF 45 69 F4 DC 6E 63 70 E0 9D 7F 8E 09 00 02 00 ¿EiôÜncpàŽ...

yes, the job structure begin with 66
but i still confuse where is job+14 and job+13, that i must delete and replace with "00"

thanks

hock · #7 12-25-2010, 04:32 AM

job structure starts at 66 (Job stracture+0), job stracture+4 is 5th byte. replace bytes up to Job stracture+0x13H with 0.

hock

fkecil · #8 12-25-2010, 08:43 AM

thanks very much hock...
now, i know:
BP:

Quote:

BP#1 : 00415437
BP#2 : 0040CFA1
BP#3 : 0040CE49

SEED

Quote:

SEED1 : 046A4D8D
SEED2 : 51DC558B

I'm nubiee in this topic, but i believe that all master in this forum can help me..
dear hock and all master, can you tell me what next must i do to make own license, I promise will try step by step..
thanks

hock · #9 12-26-2010, 01:17 AM

your seeds are not correct.
please check again.

repeat the procedure two or three times and check if you get the same results every time.

hock

008348 · #10 12-26-2010, 02:39 AM

BP#1 : 00415437
BP#2 : 0040CE49
BP#3 : 0041543D

your seeds is wrong.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode