Hello Woodmann comunity,

In search for the flexlm 11.6 sdk or at least the IDA signature, I stumbled upon this post in exetools forums: http://forum.exetools.com/showthread.php?t=11897 ("http://forum.exetools.com/showthread.php?t=11897").

As it looks the rapidshare-stored archive, containing the signatures from the u_f_o's post, expired. I would greatly appreciate if anyone here could point me to the respective signatures, or, if it's not too much of a hassle to upload them again.

I am searching for help in this community as I have no access to the exetools forums.

Thanks in advance,
johnyjack

Well since that thread is from 2008, it's not at all suprising that the link has expired.

Regards,

Just to state the obvious, it is true JMI: the post in exetools is from 2008. But my thread was also started hoping someone will upload the signatures or the lmgr.lib for the 11.6 version.

johnyjack

Here are the files from that thread.

After v9.5 all lmgr.libs feature obfuscation of the function names not explicity required to be fixed by the linker, this means a lot of the more interesting internal functions aren't explicitly recognised and there have been some notable function additions in the v11.x generation; of course one might also notice (just as a starting point) that the obfuscated names are all the same length as the real names so the 'obfuscating method' might not be particularly complex ;-).

Regards,

CrackZ.

similar to?

/*
* Function: Strip names from a binary
*
* Description: Run this program on executables license by FLEXlm.
* It strips important strings from the program.
*
* CAUTION: DO NOT RUN this if a shared library
* makes calls to any FLEXlm functions. If you do,
* the program won't run, so this won't be hard to
* detect.
*
* Arguments:
* lmstrip file [ -l ] [ -n | -N ] [ strings ... ]
* file: to be stripped -- replaced
* -l: list internal and external strings that
* get stripped
* -e: don't use external table.
* -n: don't use internal and external table.
* -v: verbose
* -z: replace strings with zeroes.
* strings: Added to list to be stripped.
*
* Return:
*/

Thank you CrackZ for your reply. Unfortunately I too noticed the obfuscated names in the signatures. However, if I remember correctly, the signatures posted by u_f_o for v11.4 (which were reposted on the exetools forum) were deobfuscated, or at least using them on a 11.6 target triggered some readable flexlm function names, as opposed to the completely scrambled signatures I obtained with FLAIR. I hoped that the u_f_o's signatures for 11.6 were similarly deobfuscated.

Thank you FoxB: if I'm interpreting your post correctly, lmgr.lib's names might have been modified in a similarly way the lmstrip utiliy work.

johnyjack