How to find flexlm seeds from 64bit demo?
I have got the seeds of the attached demo with 32bit demo(I know the seeds for 32bit and 64bit are the same. To get the seeds is not the purpose of this thread). However, I cannot find it in 64bit flexlm 11.12. Could someone kindly show me how to find out the seeds of the attached demo as an example? Appreciate if you can show me the procedure and provide me the name of an useful 64bit decode tool.
Attachment 41337
Thank you so much!
Re: How to find flexlm seeds from 64bit demo?
I used x64dbg (64 bits) and the same parameters (demon + fake lic file, etc) and I found the seeds of my target without any issue
Re: How to find flexlm seeds from 64bit demo?
the seeds of the 32bit same for 64bit
Re: How to find flexlm seeds from 64bit demo?
yes, this is true as well.........as an "exercise for practicing " I worked with demonx32 and demonx64 and this was the result.
thanks for the clarification BfoX, this is a good advice for many people
Re: How to find flexlm seeds from 64bit demo?
Quote:
Originally Posted by
prospect2005
I have got the seeds of the attached demo given by 32bit demo. However, I cannot find it in 64bit flexlm 11.12. Could someone kindly show me how to find out the seeds of the attached demo as an example? Appreciate if you can show me the procedure and provide me the name of an useful 64bit decode tool.
Attachment 41337
Thank you so much!
lgcx.exe seeds {0x1F47C5D5, 0xEFEFDB21};
Re: How to find flexlm seeds from 64bit demo?
Quote:
Originally Posted by
BfoX
the seeds of the 32bit same for 64bit
Yes, I know the seeds are the same for 32bit and 64bit. I just want to know how to get it with only 64bit demo. The purpose of the thread is not to get the seeds but to know the produre of getting seeds from 64bit demo.
Thank you any way.
Re: How to find flexlm seeds from 64bit demo?
Quote:
Originally Posted by
carlitos
I used x64dbg (64 bits) and the same parameters (demon + fake lic file, etc) and I found the seeds of my target without any issue
Thank you so much for your valuable reply. x64dgb(64 bit) is the tool I used. However, I don't know how to get the seeds.
When decoding with OllyDgb, the steps I took are in the following(According to Darsy's method):
Quote:
Originally Posted by
Darsy
• Check the memory address inside ecx or edx.(follow in dump).One of them will contain the location of
the job structure. ( note that this new Job structure starts with 00 00 00 00 instead of 66 00 00 00)
• Delete the 16 random bytes inside the job structure, (starting @ job+04 and ending @ job+13), and
replace with “00”
• Run the program & let it break at BP#2 (“Break on RET”, after returning from the call to _l_n36_buff)
• Now Look at the following stack locations: (follow in dump)
o ESP+04: Pointer to vendor name (name of vendor daemon)
o ESP+08: Pointer to vendor code (which now will contain the clean seed 1 and 2)
o VC+04 = Seed1
o VC+08 = Seed2
However, I don't know which register should I refer to. And x64dgb does not support the "follow in dump" function. Could you explain this step and the following steps with x64dbg in detail? Thank you very much!
Re: How to find flexlm seeds from 64bit demo?
Quote:
Originally Posted by
kjms
lgcx.exe seeds {0x1F47C5D5, 0xEFEFDB21};
Thank you so much for kindly providing the seeds. I have got the seeds of the attached demo with 32bit demo(I know the seeds for 32bit and 64bit are the same.
Could you kindly show me how to find out the seeds of the attached 64bit demo as an example?
Thank you very much!
1 Attachment(s)
Re: How to find flexlm seeds from 64bit demo?
Hi watch the video, lets know if any question :)(:
Re: How to find flexlm seeds from 64bit demo?
This is really helpful! Thanks a lot:)