Thanks Thanks:  114
Page 6 of 8 FirstFirst ... 45678 LastLast
Showing results 51 to 60 of 71

Thread: FLEXNET: HOW TO build your own lmcrypt

  1. #51
    Member Reputation: 39
    Join Date
    2011-04-11
    Posts
    19


    1 out of 1 members found this post helpful.

    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Hi Carlitos

    Share you daemon vendor and install of target (upload MEGA)
    I help you
    Regards

  2. Thanks carlitos, kometata thanked for this post
  3. #52
    Member Reputation: 16
    Join Date
    2015-04-20
    Posts
    8


    3 out of 3 members found this post helpful.

    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Hi bilbobaggins,

    Yes, it's l_prikey_sign, I fully understand that it's caused by IDA limitation, and this proc is not directly called, so IDA can't convert it to pro directly. After manually creating function, I can trace it now. Thanks for the great help, I need to look at more IDA doc for such tips.

    I just setup the macosx environment and matlb in virtual machine, wha file do you analyze in IDA? I find that MLM(daemon program) seems to be obfuscated. There are ecc in 2014alibmwservices.dylib/2014alibmwservices_p.dylib/2014blibmwservices.dylib/2014blibmwservices_p.dylib, but l_prikey_sign/l_pubkey_verify is not found directly, l_sg/l_checkoutand and some other functions are non-obfuscated. My IDA is 6.6 windoze version, matlab is 2014b mac version. Please help share your step and tool version/platform, thanks a lot.
    Last edited by dionysosww; 2015-05-09 at 11:36 AM

  4. #53
    Member Reputation: 96
    Join Date
    2015-03-07
    Location
    EU
    Posts
    57


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Quote Originally Posted by alekine322 View Post
    Hi Carlitos

    Share you daemon vendor and install of target (upload MEGA)
    I help you
    Regards
    Please share when you make solution. It will be interesting for us, thanks in advance!

  5. #54
    Member Reputation: 17
    Join Date
    2013-11-18
    Posts
    12


    1 out of 1 members found this post helpful.

    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Hi dionysosww,

    There is only one file you need to be concerned with .. libmwservices.dylib. ( in the windoze verson there are 4 files PST.exe. compiler.dll etc, but in Macosx , normally one the one file) If I recall, MLM just uses libmwserices.dylib. AS Matlab will run standalone or server, will just work with it in standlaone mode.
    Some functions will not be found directly becasue . well IDA hasn't traversed the code , so it hasn't identified them as functions yet. However, it does know their "names" as that hasn't been obfuscated. View NAMES and you'll see pretty much all Flexlm "functions" Some will have a "D" symbol if they haven't been identified yet. In the NAMES window , find _l_pubkey_verify. Double click on it and it'll take you the start of the routine. IDA hasn't even defined the bytes as CODE, so Left click the first bytes , right click and select CODE, right click CREATE FUNCTION. Poof .. _l_pubkey_verify appears in functions list. Very simple. IDA is an incredibly powerful tool but sometime needs a little help. ( Analyze obfuscated malware and you'll be "helping" IDA a lot)
    It's not always necessary though .. Load MATLAB2015a MACOSX in IDA and it it finds most functions correctly at the start, with no help. The linux versions ( MATLAB for example ) are similar . IDA is basically telling you it needs help .. you just have to look at the NAMES and go from there. Just take a few minutes to the scan the names and you'll see references to the Flexlm src that you have. Like _l_n36_buff, lmpubkey.h etc.

    I should also mention that there will be occasions when IDA "gets it wrong" and makes mistakes. You'll have to UNDEFINE the bytes, then CODE, then CREATE FUNCTION etc... How to know when to you need to do that ? That will come with experience

    EDIT : One thing I forgot to mention : Chris Eagles : IDA Pro Book (2011 2nd edition) is still a fantastic resource for using IDA ( just in case you weren't already aware of that) Chapter 21 provides a great overview of the challenges that disassemblers face when performing static analysis.

    Hope this helps
    Last edited by bilbobaggins; 2015-05-10 at 12:58 AM

  6. Thanks dionysosww, istigatore, alekine322, kometata thanked for this post
  7. #55
    Member Reputation: 32
    Join Date
    2014-01-24
    Posts
    42


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    thanks alekine322, check your pm box

  8. #56
    Member Reputation: 16
    Join Date
    2015-04-20
    Posts
    8


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Quote Originally Posted by bilbobaggins View Post
    Some functions will not be found directly becasue . well IDA hasn't traversed the code , so it hasn't identified them as functions yet. However, it does know their "names" as that hasn't been obfuscated. View NAMES and you'll see pretty much all Flexlm "functions" Some will have a "D" symbol if they haven't been identified yet. In the NAMES window , find _l_pubkey_verify. Double click on it and it'll take you the start of the routine. IDA hasn't even defined the bytes as CODE, so Left click the first bytes , right click and select CODE, right click CREATE FUNCTION. Poof .. _l_pubkey_verify appears in functions list. Very simple. IDA is an incredibly powerful tool but sometime needs a little help. ( Analyze obfuscated malware and you'll be "helping" IDA a lot)
    It's not always necessary though .. Load MATLAB2015a MACOSX in IDA and it it finds most functions correctly at the start, with no help. The linux versions ( MATLAB for example ) are similar . IDA is basically telling you it needs help .. you just have to look at the NAMES and go from there. Just take a few minutes to the scan the names and you'll see references to the Flexlm src that you have. Like _l_n36_buff, lmpubkey.h etc.

    Hi bilbobaggins,

    I would say this is greate guide to identify function when IDA fails, I follow it and can identify most famous function in flex now, this also solved my questions why some program looks confusing in IDA. Really appreciate your help!

    I didn't find Matlab2015a osx version, 2014b osx is also non-obfuscated, following names to create function is very convenient. The 2014b linux version shows much fewer names, however the important functions are included there. My plan is to traverse flexlm sign proc in IDA. For matlab, libmwservices.dylib contains main ecc, and is dynamicly loaded by MLM or Matlab. I have experience to deal with daemon or main program with ecc, but has no idea on such dylib/so/dll, Could you please point me some tutorial/webpage on this, I just need the right direction. Sorry for so many question, I really learned a lot from your answers.

    Thanks

  9. Thanks kometata thanked for this post
  10. #57
    Member Reputation: 33
    Join Date
    2014-05-02
    Posts
    28


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    dionysosww & bilbobaggins, i checked the last matlab version, the R2015a x64 ans x86 and the ecc is not obfuscated at all.. Even the python extensions that contains the flexnet routine.. And the patch made of TBE is the usual ECC.. So maybe the linux and the mac version have the same building.. And patch te ECC is easy.. I also foud my holes to work without licenses, and that holes are present also the the tecnosoft target...


  11. Thanks bilbobaggins, dionysosww thanked for this post
  12. #58
    Member Reputation: 17
    Join Date
    2013-11-18
    Posts
    12


    1 out of 1 members found this post helpful.

    Default Re: FLEXNET: HOW TO build your own lmcrypt

    istigatore,
    Thanks, Yes, Matlab2015a was just a _l_pubkey_verify patch as it has been in prior years. ( I do recall having to patch _l_prikey_sign as well in 2014a ?) It's been a while since I looked at it.
    I have fixed both 2015a Linux and Macosx as they were the same Flexlm as windoze. I only suggested using the Macosx version as a guide as the function names are not obfuscated as they appear to be in windoze. It has made it easier , for me, to navigate in IDA/FLEXLM without using signature files. ( Although I do see what you mean about the python functions, I'm ashamed to say that I never noticed that ...Doh !
    I'm extremely interested in how get FLEM targets to work without a license , as I've always assumed that it wasn't practical, too many patches etc. Is there any way I could convince you to point us in the right direction. Truth be told I'm far more interested in FLEXLM and it's inner workings than using any of the targets I've worked on. You obviously know your way around in flexlm, while I'm just scratching the surface.
    Any hints wouldn't mind sharing ? I've been concentrating on the lm_checkout routine with little success. I find myslef , patching this to get to that,patching that to get this and so on and so on... a very simplistic "serial"approach that lacks any real "3D" or system level approach.
    I did successfully patch Vivado 2014.4 ( 11.11.x.x.) to run without a license, but then the author implemented only very basic flexlm options/protections. It did provide a little deeper insight into flexlm, but I'm still stumbling on "multi option" flexlm targets

    regards,

    SB7
    Last edited by bilbobaggins; 2015-05-11 at 10:59 AM

  13. Thanks carlitos, dionysosww, kometata thanked for this post
  14. #59
    Member Reputation: 33
    Join Date
    2014-05-02
    Posts
    28


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    bilbobaggins, watching your posts i see you are good with ida.. Patch the program to work without license is not hard.. It works with all flex targets and with some trusted storage targets.. Even if some program does not accept if you patch the checkout and you still need a fake license file.. Good hunt

  15. Thanks dionysosww, bilbobaggins, synkro thanked for this post
  16. #60
    Senior Member Reputation: 306
    Join Date
    2011-09-21
    Location
    green planet
    Posts
    57


    Default Re: FLEXNET: HOW TO build your own lmcrypt

    Patching lm_checkout used to be easy in the past, and you could run programs without a license file. But that was changed in higher flexlm versions, and doesn't work anymore.

  17. Thanks darsy, dionysosww, bilbobaggins, kometata thanked for this post

Tags for this Thread

Bookmarks

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •