( ESNUG 310 Item 1 ) ----------------------------------------------- [2/7/99]

Subject: ( ESNUG 308 #6 )  Three Other Ways To Crack FLEX-lm Licensing

> Many softwares (like Solaris software design kit, Cadence, Synopsys,
> Specctra) on UNIX use FLEXlm as their license manager, but FLEXlm is not
> secure, it can be cracked. Is anyone interested?  Please email to:
> flexlm@hotmail.com.  ...  I use adb to crack, it is tiring, so this
> service is not free.  :)  Are you interested for a deal?
>
>     - [ Flexlm Cracker ]


From: [ Gozer, the Gozerian ]

John,

Off the top of my head I can name three easy ways to crack FLEX-lm without
adb.  (If you publish these, give me the name "Gozer, the Gozerian", OK?)

The first way to bypass FLEX-lm is to simply keep resetting your system
clock to a day when your license keys were still legitimate.  This does get
to be a hassle because companies like Cadence and ViewLogic use start
and end dates in their licensing forcing you to be resetting the system
clock quite often.  Also, Cadence is rumored to do some nasty things if
it finds files newer than your current date in your system.

The second way is to 'steal' EDA licenses from other companies over the
Internet.  All you need is a copy of the FLEX-lm license key from your
target company to get the server name and the port number FLEX-lm uses on
it.  For example, if you used to work at Texas Instruments and you're now
at a small start-up that needs more Synopsys licenses than the one you
legally have, grep your copy of that TI license key for 'SERVER'.  It'll
spit out something like 'SERVER  achilles  55431234  995'.  This says that
'achilles' uses port 995 for FLEX-lm keys.  Ping ti.com to get their dotted
quad (192.94.94.33) and add '192.94.94.33 achilles' in your /etc/hosts to
make their machine local to you.  After that, 'setenv LM_LICENSE_FILE
995@achilles.ti.com' on your machine.  You now have those TI Synopsys
licenses for your machine.

This works because the net admin and EDA admin people don't interact much.
The net admin guy could easily stop me by blocking external access at the
firewall to those specific ports that FLEX-lm uses.

My third, and favorite hardware hacker way to bypass FLEX-lm, is by using
my PROM burner to copy my workstation's boot PROM.  That way, all 16 of my
workstations have the same machine ID, they each run their own copy of
Synopsys/Cadence/whatever, yet I only pay for one copy.  They're hell to
network together, though.  Makes them not too useful for large chip designs.

    - [ Gozer, the Gozerian ]
 Sign up for the DeepChip newsletter.
Email
 Read what EDA tool users really think.


Feedback About Wiretaps ESNUGs SIGN UP! Downloads Trip Reports Advertise
"Relax. This is a discussion. Anything said here is just one engineer's opinion. Email in your dissenting letter and it'll be published, too."
This Web Site Is Modified Every 2-3 Days
Copyright 1991-2024 John Cooley.  All Rights Reserved.
| Contact John Cooley | Webmaster | Legal | Feedback Form | 

   !!!     "It's not a BUG,
  /o o\  /  it's a FEATURE!"
 (  >  )
  \ - / 
  _] [_     (jcooley 1991)