14th September - Naughty Naughty Rebels?

Here is some information on the now informous Rebels FlexGen application and the recent media attention it has been getting. This was a message that started it all, it was sent to all CAD/CAM/CAE/FEA users via a mailing list.

From: jcooley@world.std.com ( John Cooley )
Subject: Warning To EDA Vendors/Makers -- Flex-LM Compromised On Windows NT

There I was, happily minding my own business doing my work when the phone
rang and an EDA vendor buddy I've known & trusted for years called. "John,
you'll love this one. It's a big story. Flex-LM has been compromised
on Windows NT by a group of hackers and they're giving away the software
that does it for free on their web site. It's a 6 Meg download and the
guys at [ EDA Company Name Deleted ] have already tested it. It
successfully created working Flex-LM keys for their software. Ran their
tools and everything. I know you like scoops in ESNUG. Here's a big one."

He told me the http for the hacker site and the name for the Flex-LM
cracking software. He also told me the technical details of exactly how
the software took advantage of a security hole in NT to create keys.

"Oh, and we never had this conversation."

I checked out the web site. Sure enough, there it was with some hacking
propaganda and instructions how to download and use it.

Whoa.

For those who don't know, virtually all of the EDA vendors license their
software using Globetrotter's Flex-LM. This crack would enable anyone
anywhere to use any Windows NT based EDA product for free. And it
gets worst with the fact that most EDA vendors offer "evaluation copies" of
their tools -- suddenly, now, these are technically "free" copies of their
tools for the users who got their hands on this Flex-LM key creator. Plus
networking NT and UNIX systems probably means this crack could enable the
"free" use of UNIX based EDA tools.

Whoa.

In the past, I have published in ESNUG the full details of how Flex-LM was
bypassed by users (setting your system clock back, burn an identical PROM
for all your workstations, plus the details of an Internet hole that, if
your SysAdmin didn't fix would enable others to "borrow" your EDA licenses).
But in each of those cases these details only enabled users who already
*had* paid licenced copies of their EDA tools to do some temporary games,
at best. That is, licensed customers have this need to have to interact a
lot with their EDA tool suppliers. Use these tricks over an extended period
of time, and eventually the sleazy customer would be caught red handed
and they'd be standing right behind Avant!'s Gerry Hsu waiting to go to
jail once his legal stalling tactics all eventually fail...

But this crack is different. It's a FULL crack. It's not a trick to use
when you're on a project and your licenses *just* ran out and you need
something just to get two more weeks, TWO MORE WEEKS! (Hey, I've been
there before. I *know* what that hot seat is like.) This crack is
different. It's a *full*, in-your-face, no-possible-redeeming-value,
no-grey-areas, we're-just-gunna-steal-this-software crack...


And my screwy sense of ethics won't let me support something like this.


So, if you're an EDA *developer* (as in you work at a *verifiable*,
checkable actual EDA company), and you e-mail me your complete contact
information, I will tell you the http, the name, and the technical details
of how how this Flex-LM Windows NT cracker works -- so your technical and
legal staff can work on stopping it. And I'll wish you luck.

And if you're another nosey EDA user (like me) wanting to know these
details, I'll have to just say: "Eh?!, no habla... uh. huh? Was ist Das?
Qu'est-ce que what???" :^)

- John Cooley
the ESNUG guy

Article 1
Article 2
Article 3