it gave me some ideas. it makes it easy to confirm how crappy some protection mechanisms are. this is a script for auto-skipping flexlm on ICC (available for free anyhow)
#!/bin/bash
# icc_crack.sh: icc uses flexlm. This traces functions involved in the
# license check and forcibly skips the final validation (on success).
# grabbed from the web
# -----------------------------------------------------
# The HOSTID -- [DEMO|ANY|HOSTNAME=$HOSTNAME|USER=$USER]?
# uncounted -- no need for a server.
# 1-jan-0 -- default infinite license.
# 1-jan-1990 from $(strings iccbin)
# 9999.9999 is an arbitrarily high version number
# "CCompL" was given by FlexLM error messages
# "intel" wad just guessed
cat <<EOF > $INSTALLDIR/bin/cracked.lic
INCREMENT CCompL intel 9999.9999 1-jan-0 \\
uncounted permanent \\
HOSTID=ANY ISSUED=1-jan-1990 ISSUER=lordMOLE NOTICE="Enjoy" \\
SN=00000000000000000000000000000000 START=1-jan-1990 \\
SIGN=010101010101
EOF
# run icc once under flayer tainting the license file
echo "!! performing exploratory run"
valgrind --tool=flayer --log-file-exactly=/tmp/icc.log --taint-file=yes \
--file-filter="$INSTALLDIR/bin/cracked.lic" \
--xml=yes \
$INSTALLDIR/bin/iccbin &> /dev/null
# get the instruction pointers and see if any are calls we can step over.
echo "!! extracting interesting instruction pointers"
ips=$(grep \<ip\> /tmp/icc.log | # Grab the ips from the xml output
cut -f2 -d\> |
cut -f1 -d\< |
grep 0x8 |
sort |
uniq -c |
sort -rn |
head -30 | # top 30
tr -s ' ' |
cut -f3 -d' ' |
sed 's/\(.*\)/\1:1\n\1:0/g')
# make a test C file
cat <<EOF > icctest.c
#include <stdio.h>
int main() { return printf("cracked\n"); }
EOF
echo "!! $(echo $ips | wc -w) candidates identified"
# Brute force our way to freedom!
trap "" ERR
cmd=""
p=("." "o" "0" "o" "."); r=0
echo -n "!! "
for action in $ips; do
# no need to trace - use mkf
cmd="mkf --alter-fn=$action $INSTALLDIR/bin/iccbin"
echo -en "${p[$((r%5))]}${p[$((r+1%5))]}${p[$((r+2%5))]}${p[$((r+3%5))]}"
(command $cmd icctest.c -o icctest &> /dev/null;:)
if [[ -f icctest ]]; then
echo -en "\r!! cracked in $r attempts"
break
fi
r=$((r+1))
action=""
done
echo
if [[ ! -z "$action" ]]; then
echo "!! creating icc-cracked"
echo "#!/bin/bash" > icc-cracked
export >> icc-cracked
echo "$cmd \"\$@\"" >> icc-cracked
chmod +x icc-cracked
echo -e " . o\n __m_v_m__ thanks you for your patronage\n lord MOLE"
exit 0
else
echo "!! bad luck"
exit 1
fi
Note: Registration is required to post to the forums.