Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > General Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #31  
Old 10-31-2009, 12:55 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

G497RGT - no, what you mean is when YOU find them they are wrong. If minthus followed that document correctly then the seeds are 100% correct. I have used that method for a long time and never seen it fail. Even in V11+
. I am sure others here will testift likewise. I suggest you check your facts more carefully before jumping onto a forum where you are not known and tell people they are wrong when they are not.

Bad start.

Git
Reply With Quote
  #32  
Old 11-01-2009, 01:19 AM
G497RG G497RG is offline
Junior Member
 
Join Date: Sep 2009
Posts: 2
Default

Sorry, my mistake. Steps are good. Thanks.
Reply With Quote
  #33  
Old 11-01-2009, 02:43 PM
ssabb ssabb is offline
Member
 
Join Date: Oct 2009
Posts: 6
Default

I see.
Anyway, the daemon started, the software needed SIGN= but also uses the stronger eliptic curve / public key stuff, so the program exe or dll's need to be patched in order to checkout old-school licenses.
I havent seen any tuts regarding patching to dll/exe in order to force the software to checkout old-school licenses.

I ended up with a daemon serving old-school licenses that the software do not checkout since it needs patching.
Reply With Quote
  #34  
Old 11-01-2009, 06:16 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You need to patch the VendorCode struct in the data section. There is a single byte field that specifies the type of SIGN used. Change it to normal 12/20 digit.

Git
Reply With Quote
  #35  
Old 11-02-2009, 01:57 AM
ssabb ssabb is offline
Member
 
Join Date: Oct 2009
Posts: 6
Default

Approximately, thats what I have figured out.
I dloaded an exe called FlexECCPatch.exe that indeed found some sort of pattern inside the dll that I found keeps the flex calls.
But running FlexECCPatch.exe onto the dll didn't make it work, instead the software gave a huge error & exited.

Man, this is difficult.
Reply With Quote
  #36  
Old 11-02-2009, 02:53 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,240
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

FlexECCPatch.exe developed not for v11.x of the flexlm
__________________
... Either you work well or you work much ....
Reply With Quote
  #37  
Old 11-02-2009, 12:00 PM
ssabb ssabb is offline
Member
 
Join Date: Oct 2009
Posts: 6
Default

Exactly what I also have read. In fact, supposodly, the patch is done but flex ignores it.
And my feeling is that what eccpatch does, is not exactly what I am supposed to do. Similair, probably.
Can someone of you really clever/talented guys give som more hints on how to proceed?
I cannot remember seeing any tuts on patching dll/exe to revert to regular sign-checking & avoid using the cro-stuff, on say 11.x v targets...
Reply With Quote
  #38  
Old 11-02-2009, 12:08 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,240
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

may be simply upload the vendor daemons file?
__________________
... Either you work well or you work much ....
Reply With Quote
  #39  
Old 11-02-2009, 01:01 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

I just told you exactly what to do. There are other ways, but that is the easiest.

Git
Reply With Quote
  #40  
Old 11-03-2009, 02:59 PM
ssabb ssabb is offline
Member
 
Join Date: Oct 2009
Posts: 6
Default

I totally believe that I am the stupid one here.
I totally would like to wrap my head around this last step of patching.

I read up on what the flexeccpatch does and it patches _l_pubkey_verify() to always return "ok" (wild guess...) and this is not the way to get it to fall back to pre-sign checking, for this, I need to
a) find the data structure
b) and read up on what value inside this structure need to be changed from something to something else.

So, I applied my newly learned method combining stuff learnt from a certain PDF & using calcseed (this is replacing the patching method provided in the PDF) & inside my dll I do find the same two "6F7330B8" as inside the daemon, so I kinda understand what you were trying to explain to me Git. But not totally.

* I have found the point where I would put my two bp's inside the DLL if it was a daemon.
Q: Can the dll be patched without running it (by loading the exe that calls it in the disassembler) or should I read the PDF once more, using the explained-but-not-understood-method of patching to somehow patch the dll?

Last edited by ssabb : 11-03-2009 at 03:18 PM. Reason: a bit more researched reply...
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.