Whats in a SIGN?

The tutorial above describes a mechanism by which we can patch the FLEXlm licensing layer to use the license key checkout (this is the oldest and simplest of the FLEXlm validation methods and was chosen purely for simplicity). The basic SIGN attribute was added by Globetrotter at around v7.x (it has only 12 chars) and offers merely an improved algorithm (perhaps more resistance to brute forcing) and better seed hiding, these are about the only 'enhancements' if one wishes to call them that.

These days a lot of customers have switched to using the CRO or TRO (counterfeit/tamper resistant options), really the same thing under a new name. This offers customers the ability to generate the newest style ECC SIGN licenses with strings starting at 58 chars, as far as I know and can verify there have been no successful attacks against ECC FLEXlm which enables either complete recovery of the private key or the LM_SEED's (I do not rule out however that there is enough processing power somewhere to recover them).

The new SIGN length has resulted in most crackers choosing to patch _lm_pubkey_verify() and generating a SIGN= license using their own LM_SEED's. There is however an alternative approach which involves forcing the licensing layer to do the old style SIGN=12 chars checkout and it simply involves patching only the 2nd bad flag we found inside _l_n36_buf() (see above). We can then recover the encryption seeds as before and generate a license using either the SDK or Lmcryptgui available on this site. The patch works by simply telling the licensing layer not to get the address of _lm_pubkey_verify() which is checked shortly after _l_sg().

Another important thing to note, its easy to verify if your target will allow the old style SIGN= checkout, after _l_sg() set a breakpoint on the mangled seeds in the vendor code structure, if it hits the seeds are being recovered and you can generate the old style standard SIGN, if not, you'll need a patch; after a patch a breakpoint on the mangled seeds should hit, just prior to them being recovered.

[课程]FART 脱壳王！加量不加价！FART作者讲授！