|
Answers;
1. The vendor daemon is designed to accept the lowest common denominator of FLEXlm license, hence it being the one reliable place for digging out the seeds. I commented on a previous thread elsewhere that a lot of implementations now explicitly check for HOSTID=ANY licenses and reject them, alternatively your target may be using the Security Builder routines, identifying lm_pubkey_verify() and checking to see if the code reaches it is a pretty good way of determining which problem your license has ;-).
2. FLEXlm's major flaw is its licensing layers backwards compatibility, that and in the marketplace FLEXlm operates (high-end CAD/CAM applications) developers are loathed to change licensing schemes and annoy customers, a lot of FLEXlm's internal functions are circa 1995-97, in fact I've seen the same bugs in several of the functions since about v5 ;-).
The other reason that developers won't upgrade is one Macrovision wouldn't care to publicise, the Security Builder add-on is something like $10k, since it can be compromised with a 1-3 byte patch, I'm rather pleased Macrovision's customers aren't desperate to upgrade.
I would like to add that with some work FLEXlm could also become a really good protection.
Regards
CrackZ.
|