Scribd
Upload
110 views13 pages

Ourdev - 558346 en

Uploaded by

pool7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
110 views13 pages

Ourdev - 558346 en

Uploaded by

pool7
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Subscribe to DeepL Pro to translate larger documents.

Visit www.DeepL.com/pro for more information.


Codewarrior License Creator
Tutorial

CONTENTS

Chapter 1 Codewarrior License Creator Tutorial..................................................... 1


1.1 Preparation ................................................................................................................ 1
1.2 Production Steps ....................................................................................................... 1
1.2.1 Determining the FlexLm Version Number.............................................. 1
1.2.2 Find FEATURE ............................................................................................... 2
1.2.3 Find a vendor................................................................................................... 5
1.2.4 Find key data for calculating seed............................................................. 6
1.2.5 Calculation ENCRYPTION_SEED ............................................................... 8
1.2.6 Creating a License Generator ....................................................................... 9
1.2.7 Generate License ............................................................................................ 9

i
Codewarrior License Creator
Tutorial

C h ap t er 1 Codewarrior License Making Tutorials


herald
The author writes this article for learning purposes and the reader is responsible for
all consequences arising from the use or dissemination of the article, for which the
author is not liable.

Let's take Freescale Codewarrior for HC08 v6.0 as an example to introduce the
production process.

1.1 preliminary
We need to prepare the following software beforehand:
⚫ Lmtools
⚫ OllyICE
⚫ Calcseed
⚫ Lmcryptgui

1.2 manufacturing process


The main thing to break Flexlm is to find 4 things:
⚫ Determine the Flexlm version number
⚫ Find FEATURE
⚫ Find a vendor
⚫ Calculate ENCRYPTION_SEED
1.2.1 Determine the FlexLm version number
Run Lmtools, select the Utilities tab, click Browse to select lmgr8c.dll in the bin
directory of the Codewarrior installation directory, and then click Find Version, as in

Figure 1.1.

F i g u r e 1.1 D e t e r m i n i n g t h e Flexlm Version Number


1
Codewarrior License Creator
Tutorial

1.2.2 Find FEATURE


Run OllyICE with the interface shown in Figure 1.2.

F i g u r e 1.2 OllyICE Running Interface

Click "File/Open"
, select IDE.exe in the bin directory of Codewarrior installation
directory, the interface is shown in Figure 1.3.

F i g u r e 1.3 O p e n IDE.exe Interface

2
Codewarrior License Creator
Tutorial

Right click in the disassembly window, select "View"and open the module
'LMGR8C' as in Figure 1.4.

Figure 1.4 Opening module 'LMGR8C'

Right click in the disassembly window, select "Find"and open "All Reference
Text String"
, as in Figure 1.5.

F i g u r e 1.5 Open all reference text strings

Right click in the reference text string window, select "Find Text" , enter
"lm_ckout.c"to search. Find two next to each other, as in Figure 1.6, F2 set the
3
Codewarrior License Creator
Tutorial
breakpoint.

4
Codewarrior License Creator
Tutorial

Figure 1.6 Finding "lm_ckout.c"

Press F9 to run, the program is interrupted and the stack is viewed as shown in
F i g u r e 1.7.

5
Codewarrior License Creator
Tutorial

F i g u r e 1.7 Stack situation

We get: FEATURE -
Win32_CWIDE_Unlimited version - 5.5
1.2.3 Find vendor
Click "File/Open" , select IDE.exe in the bin directory of the Codewarrior
installation directory, the interface is as in Figure 1.3. Right click in the
disassembly window, select "View" , open the module 'LMGR8C',
as in Figure 1.4. Right click in the disassembly
window, select "View", and open the module
'LMGR8C', as in Figure 1.4.
Right click in the disassembly window, select "Find" -> "Constants",as in
Figure 1.8. enter "87654321"tofindit.to perform the search.

6
Codewarrior License Creator
Tutorial

F i g u r e 1.8 Find Constants

Refer to Figure 1.9 Press F2 to set a breakpoint.

Figure 1.9 Finding "87654321"

Press F9 to run, the program is interrupted down, check the register window, and

get the vendor, as in Figure 1.10.

F i g u r e 1.10 Finding a vendor

1.2.4 Find key data for calculating seed


First make a fake license.dat and place it in the codewarrior installation directory
and enter
FEATURE the following: metrowks 5.5 permanent uncounted 123456789012 HOSTID=ANY
Win32_CWIDE_Unlimited
7
Codewarrior License Creator
Tutorial

Click "File/Open" , select IDE.exe in the bin directory of the Codewarrior


installation directory, the interface is as in Figure 1.3. Right click in the
disassembly window, select "View" , open the module 'LMGR8C',
as in Figure 1.4. Right click in the disassembly
window, select "View", and open the module
'LMGR8C', as in Figure 1.4.
Right click in the disassembly window, select "Find" -> "Constants",as in
Figure 1.8. enter "87654321"tofindit.to perform the search.
Refer to Figure 1.11 Press F2 to set a breakpoint.

Figure 1.11 Finding "87654321"

Press F9 to run, the program is interrupted down, press F7 to single step as


shown in Figure 1.12 to set three breakpoints. Press F9 to run and stop at 00E5354E,
press F9 again and stop at 00E53526, press F9 again and stop at 00E5354E, press F9
again and stop at 00E53565, press F8 and then stop at 00E5356B.

8
Codewarrior License Creator
Tutorial
F i g u r e 1.12 Single-step stepping

9
Codewarrior License Creator
Tutorial

The next task we will do is to find the key data needed to calculate seed. Type the
command d [esp+4] in the Command area of the Memory window, as shown in Figure

1.1.
Figure 1.13 Typing the "d [esp+4]" Command

Typing the d [esp+8] command, we get data[0], data[1], as shown in Figure 1.14.

Figure 1.14 Typing the "d [esp+8]" Command

Typing the d [esp] command, we get job+0x08, job+0x0c, and job+0x10, as shown in

Figure 1.15.

Figure 1.15 T y p i n g t h e "d [esp]" Command

1.2.5 Calculation ENCRYPTION_SEED


Run calcseed and enter the data obtained above to get seed0 and seed1, as shown in

10
Codewarrior License Creator
Tutorial

Figure 1.16.

11
Codewarrior License Creator
Tutorial

F i g u r e 1.16 Calculating ENCRYPTION_SEED

1.2.6 Make License generator


Run Lmcryptgui, enter seed0 and seed1, and click New to make a License generator, as
shown in Figure 1.17. The resulting lmcryptmetrowks.exe is what we need.

F i g u r e 1.17 Creating a License Generator

1.2.7 Generate License

Drag the fake License.dat we created earlier into lmcryptmetrowks.exe to generate a new
License.

bibliography
1 Watching the snow forum bbs--http://bbs.pediy.com
2 Freescale website - http://www.freescale.com
3 CrackZ.zip - http://www.woodmann.com/RCE-CD/CrackZ.zip contains Calcseed and Lmcryptgui
Two of the software mentioned above.
4 OllyICE - http://www.pediy.com/tools/Debuggers.htm
5 Lmtools - https://www.freescale.com/lgfiles/updates/FlexLM/installers/win/MW_FLEXlm_V1_4.exe

12

You might also like