Emulating Hasp HL Max - Reverse Engineering Team Board

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

#1

Reverse Engineering Team Board > Reverse Engineering Board >


Reverse Code Engineering
Emulating Hasp HL max
User Name
Remember Me?
Password
FAQ Members List Calendar Today's Posts Search
Page 1 of 48 1 2 3 11 > Last
Thread Tools Display Modes
01-14-2008, 02:21 PM
fejkus
Member

Join Date: Dec 2007
Posts: 43
Emulating Hasp HL max
Dumping Hasp HL keys
How can be emulated hasp HL max http://www.aladdin.com/hasp/max.aspx . It works of course for
Pro and Time.
What we need:
a key
dumper i used h5dmp.exe
TORO hasp monitor
Satarons UniDMP2reg convertor
emulator i used Chingachguk vusb emulator
1. So at first, install dongle drivers, connect a dongle, run Toro monitor.
2. start your protected application and used it.
3. in TORO monitor you will see password for your key and memory of your dump. So use your
protected software as usual, try to open all menus and dialogs, use every function
4. Save log file, and save log file.
5. use dumper and dump the key. Result will be two files hasp.dmp (about 790 B in my case) and
hhl_mem.dmp (about 4 KB).
6. then use Satarons Unidump2reg and make a reg file (use vUSB Hasp HL option). You can edit this
regfile and change licensing of your program (if it uses hl max can be used for 112 programs)
7. And now the most important thing. Hasp HL uses enveloping technology with 128-bit AES
symmetric encryption engine on key.
In TORO log we will find pairs. They can be found in the pairs window too.
Instructions can look like this one:
Code:
HaspHL In:> Hasphl_decrypt, Length=32
Data:
4284 ... ... ... 84ADA4 It is a question for hash key
HaspHL Out:> Hasphl_decrypt Status=0 (0x0)
Response:
8222 ... ... ... 84ADA4 And the key respond it is his answer
(I remove part of code)
So what we will do with it? We will do Q/A table. This is Questions and Answers table in reg file. I
Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644
1 of 5 30/05/2014 20:04
#2
#3
added it on the end of file.
Data or question of IN write in Qtable
Response or answer or OUT write in Atable
Data shoul be write in pairs like these: 4284 ... ... ... 84ADA4 should be write: 42,84, ... ... ...
84,AD,A4
The end of regfile shoul look:
Code:
... regfile
"QTable"=hex:\
42,84,... 84,AD,A4,\

"ATable"=hex:\
82,22,C2 ... 84,AD,A4,\
Your program can use only one Q/A or too many. You must add them all. Then you can save your
regfile.
8. Add reg file into registry
9. unplug your dongle
10. Install Chingachguk & Denger emulator, vusbbus.sys must be 0.15 or above. If all went fine, new
device Hasp HL was found.
11. Your program should run
I hope, this text will help.
Vusb 0.15.1.4 can handle encrypt function too.
For a large Q/A pairs from Toro Emulator, you can use splitter.
Attached Files
Splitter.zip (43.2 KB, 2890 views)
Splitter1.1.zip (39.7 KB, 2387 views)
vusb_0.15.zip (51.4 KB, 2721 views)
vusb_0.15.4.zip (24.1 KB, 2113 views)
multikey_18.0.2-x86.ZIP (59.7 KB, 2016 views)
Last edited by fejkus : 10-13-2009 at 06:08 AM.
01-14-2008, 02:50 PM
benito
Senior Member

Join Date: Jul 2007
Posts: 685
Hm, but what will you do if the program generate in each run another Q/A pairs ?
01-14-2008, 03:25 PM
justine
Senior Member

Join Date: Dec 2007
Location: Serbia,Belgrade
Posts: 82
Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644
2 of 5 30/05/2014 20:04
#4
#5
#6
#7

i never saw application that uses one query/response
i have one haspHL protected soft that have about 1200 pairs )
so its almost imposible to construct table manualy
01-14-2008, 03:27 PM
Tyrus
Senior Member

Join Date: Dec 2007
Posts: 58
Quote:
Originally Posted by benito
Hm, but what will you do if the program generate in each run another Q/A pairs ?
dump program on the first AES request & find QA tables, but public emulator is not fully correct
works
Last edited by Tyrus : 01-14-2008 at 03:33 PM.
01-14-2008, 03:43 PM
fejkus
Member

Join Date: Dec 2007
Posts: 43
you can always make some program to solve this problem automaticaly.
this problem Q/A table probably will not solve.
Last edited by Git : 08-10-2010 at 10:37 AM.
01-14-2008, 05:48 PM
foffa
Senior Member

Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Quote:
Originally Posted by fejkus
this problem Q/A table probably will not solve.
i dont know that is this right ??
program generate random q\r
01-14-2008, 05:49 PM
Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644
3 of 5 30/05/2014 20:04
#8
#9
#10
benito
Senior Member

Join Date: Jul 2007
Posts: 685
Quote:
Originally Posted by Tyrus
dump program on the first AES request & find QA tables, but public emulator is not fully
correct works
I thought that also commercial emulators support only table emulation, so in this case if program
generates at each start different Q/A pairs you cant emulate it...?! Or i am wrong and there are full
solutions?
01-14-2008, 06:00 PM
foffa
Senior Member

Join Date: Jul 2007
Location: %TEMP%
Posts: 344
I Have Seen Full solutions
HERE IS TABLE BASED EMULATOR WITH THE SAMPLE REG FILE
suitable with what fejkus said
Attached Files
hasp_HL TABLE BASED.zip (58.8 KB, 3619 views)
Last edited by foffa : 01-14-2008 at 06:07 PM.
01-15-2008, 03:42 AM
Tyrus
Senior Member

Join Date: Dec 2007
Posts: 58
Quote:
Originally Posted by foffa
I Have Seen Full solutions
HERE IS TABLE BASED EMULATOR WITH THE SAMPLE REG FILE
suitable with what fejkus said
HASP HL have 2 AES funcz - AES Encode & AES Decode [0x013F/0x0140]
but its emulator supports only one function
01-15-2008, 04:12 AM
TORO
Senior Member

Join Date: Dec 2007
Posts: 53

you must extract pair tables from .protect section of envelope, envelope use these tables to make
randome query check.
Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644
4 of 5 30/05/2014 20:04
there are 5 tables at max, each contain 256 pair, then add those pairs with pairs from log file and
then construct hasp hl emulator, it will work
Page 1 of 48 1 2 3 11 > Last
Previous Thread | Next Thread
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump
Reverse Engineering Team - Archive - Top
Powered by vBulletin Version 3.6.4
Copyright 2000 - 2014, Jelsoft Enterprises Ltd.
Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644
5 of 5 30/05/2014 20:04

You might also like