( ESNUG 311 Item 1 ) ---------------------------------------------- [2/18/99]
Subject: ( ESNUG 310 #1 ) Three Other Ways To Crack FLEX-lm Licensing
> The first way to bypass FLEX-lm is to simply keep resetting your system
> clock to a day when your license keys were still legitimate. This does get
> to be a hassle because companies like Cadence and ViewLogic use start
> and end dates in their licensing forcing you to be resetting the system
> clock quite often. Also, Cadence is rumored to do some nasty things if
> it finds files newer than your current date in your system.
>
> The second way is to 'steal' EDA licenses from other companies over the
> Internet. All you need is a copy of the FLEX-lm license key from your
> target company to get the server name and the port number FLEX-lm uses on
> it. For example, if you used to work at Texas Instruments and you're now
> at a small start-up that needs more Synopsys licenses than the one you
> legally have, grep your copy of that TI license key for 'SERVER'. It'll
> spit out something like 'SERVER achilles 55431234 995'. This says that
> 'achilles' uses port 995 for FLEX-lm keys. Ping ti.com to get their dotted
> quad (192.94.94.33) and add '192.94.94.33 achilles' in your /etc/hosts to
> make their machine local to you. After that, 'setenv LM_LICENSE_FILE
> 995@achilles.ti.com' on your machine. You now have those TI Synopsys
> licenses for your machine.
>
> This works because the net admin and EDA admin people don't interact much.
> The net admin guy could easily stop me by blocking external access at the
> firewall to those specific ports that FLEX-lm uses.
>
> My third, and favorite hardware hacker way to bypass FLEX-lm, is by using
> my PROM burner to copy my workstation's boot PROM. That way, all 16 of my
> workstations have the same machine ID, they each run their own copy of
> Synopsys/Cadence/whatever, yet I only pay for one copy. They're hell to
> network together, though. Makes them not too useful for large chip dsgns.
>
> - [ Gozer, the Gozerian ]
From: [ Not Me, I Didn't say This! ]
Hi John,
Can you post this anonymous
In the last posting about licenses it was mentioned that you could try to
change the nodeid of the system.
For everything there is a faq on the internet so also for this 'Frequently
Asked Questions about Sun NVRAM/hostid'
ftp://ftp.mindlink.net/pub/crypto/sun-stuff/sun-nvram-hostid.faq.html
ftp://ftp.netcom.com/pub/he/henderso/sun-nvram-hostid.faq.html
http://www.squirrel.com/squirrel/sun-nvram-hostid.faq.html
Plain text versions of this document are available from the following:
ftp://ftp.mindlink.net/pub/crypto/sun-stuff/sun-nvram-hostid.faq
ftp://ftp.netcom.com/pub/he/henderso/sun-nvram-hostid.faq
http://www.squirrel.com/squirrel/sun-nvram-hostid.faq
and it refers to the software method for changing the hostid
'change-sun-hostid'
Here is the relevant extract from the faq:
This FAQ is also distributed as part of a larger package for spoofing
the hostid on Sun workstations called change-sun-hostid. In particular,
parts of change-sun-hostid can be used to modify the apparent hostid for
some or all processes on a UNIX system without messing with the NVRAM.
This package even provides a way to make a host seem to have multiple
hostids (different processes see different hostids). If you are interested
in changing your hostid to deal with software licence issues, you should
probably try the scripts/programs in this package first, as most of them
don't make permanent changes to a chip on your motherboard. Changing
the NVRAM should be a last resort. You can retrieve this package from:
ftp://ftp.mindlink.net/pub/crypto/sun-stuff/change-sun-hostid.tar.gz
http://www.squirrel.com/squirrel/sun-stuff/change-sun-hostid.tar.gz
As you can see it is sun only.
It is a nice solution for the license server reliability problem. What
happens if your license server goes up in smoke?
1. you can transfer your licenses to a new server. This will takes days
and need a lot of administration. Meanwhile you are without any license.
2. you use a three servers in a redundant configuration. If one machine
goes down or needs updating your back to solution 1, but without the
time pressure.
3. you pay for a 4 hour intervention on your sun and hope that they
are able to get the nodeid back.
4. Use this system and boot another sun with the same node id as license
server.
- [ Not Me, I Didn't say This! ]
---- ---- ---- ---- ---- ---- ----
From: "Alex Kumets" <kumets@hotmail.com>
John,
It's easy to avoid problem with 'resetting your system clock' solution.
Just use `find -atime +1` and `touch` commands together.
- Alex Kumets
ASIC Consulting
---- ---- ---- ---- ---- ---- ----
From: [ Zul, The EDA Marketing Demi-God ]
(anonymity please)
What, now you're a hacker's reflector? If I want to steal software, I
could just go to my local Starbucks and find some tattooed, pierced,
haiku-writing, goatee-wearing slacker-boy and have him do it for an "all
the coffee you can drink" card.
It is a well-proven law that any licensing/encryption/lock can be broken.
It is also a law that one cannot aid and abet in a crime. Passing out this
kind of information is questionable at best.
- [ Zul, The EDA Marketing Demi-God ]
---- ---- ---- ---- ---- ---- ----
From: [ A Cadence Reader ]
John, I had to reply to this one...
What's up with this dude? I assume most of my customers can figure out
how to bypass the system and use licenses without paying for them, but they
just don't do it. It's illegal, and I know from a personal customer
experience that it is VERY embarassing when you get caught. I guess because
it's software he/she thinks it doesn't count???
I wouldn't be bragging if I was "Gozer". I'm not impressed!
Please don't print my name in case it's one of my customers. I
sure hope not.....
- [ A Cadence Reader ]
---- ---- ---- ---- ---- ---- ----
From: [ No, Flames, Please ]
John -
Yawn... Anyone who dreams up ways to weasel their way around license
management like this is just being stupid. Doing this kind of thing is
not rocket science, and will probably work for a while, but it will catch
up with you eventually. No, I don't speak from experience, but your
readers should be warned that anyone running a company like this is probably
in trouble all around.
Please don't use my real name, I'm not particularly interested in being
flamed for this.
- [ No, Flames, Please ]
---- ---- ---- ---- ---- ---- ----
From: danlutes@crystal.cirrus.com (Daniel Lutes)
John,
I hate to sound like an EDA company lackey, but please cease and desist.
We're all engineers, whether software or hardware. Publishing articles
like these to facilitate theft of one engineer's work by another doesn't
seem to me like a legitimate productivity enhancer.
On the other hand, since the senior execs at the EDA companies now all
seem to read your ESNUG newsletter, perhaps publishing these security holes
at the beginning of your column is the best way to get them patched.
With that in mind, feel free to publish, withold, or edit as you see fit.
- Dan Lutes
Cirrus
|
|
