Reverse Engineering Team Board > Reverse Engineering Board >
Reverse Code Engineering Emulating Hasp HL max User Name Remember Me? Password FAQ Members List Calendar Today's Posts Search Page 1 of 48 1 2 3 11 > Last Thread Tools Display Modes 01-14-2008, 02:21 PM fejkus Member
Join Date: Dec 2007 Posts: 43 Emulating Hasp HL max Dumping Hasp HL keys How can be emulated hasp HL max http://www.aladdin.com/hasp/max.aspx . It works of course for Pro and Time. What we need: a key dumper i used h5dmp.exe TORO hasp monitor Satarons UniDMP2reg convertor emulator i used Chingachguk vusb emulator 1. So at first, install dongle drivers, connect a dongle, run Toro monitor. 2. start your protected application and used it. 3. in TORO monitor you will see password for your key and memory of your dump. So use your protected software as usual, try to open all menus and dialogs, use every function 4. Save log file, and save log file. 5. use dumper and dump the key. Result will be two files hasp.dmp (about 790 B in my case) and hhl_mem.dmp (about 4 KB). 6. then use Satarons Unidump2reg and make a reg file (use vUSB Hasp HL option). You can edit this regfile and change licensing of your program (if it uses hl max can be used for 112 programs) 7. And now the most important thing. Hasp HL uses enveloping technology with 128-bit AES symmetric encryption engine on key. In TORO log we will find pairs. They can be found in the pairs window too. Instructions can look like this one: Code: HaspHL In:> Hasphl_decrypt, Length=32 Data: 4284 ... ... ... 84ADA4 It is a question for hash key HaspHL Out:> Hasphl_decrypt Status=0 (0x0) Response: 8222 ... ... ... 84ADA4 And the key respond it is his answer (I remove part of code) So what we will do with it? We will do Q/A table. This is Questions and Answers table in reg file. I Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644 1 of 5 30/05/2014 20:04 #2 #3 added it on the end of file. Data or question of IN write in Qtable Response or answer or OUT write in Atable Data shoul be write in pairs like these: 4284 ... ... ... 84ADA4 should be write: 42,84, ... ... ... 84,AD,A4 The end of regfile shoul look: Code: ... regfile "QTable"=hex:\ 42,84,... 84,AD,A4,\
"ATable"=hex:\ 82,22,C2 ... 84,AD,A4,\ Your program can use only one Q/A or too many. You must add them all. Then you can save your regfile. 8. Add reg file into registry 9. unplug your dongle 10. Install Chingachguk & Denger emulator, vusbbus.sys must be 0.15 or above. If all went fine, new device Hasp HL was found. 11. Your program should run I hope, this text will help. Vusb 0.15.1.4 can handle encrypt function too. For a large Q/A pairs from Toro Emulator, you can use splitter. Attached Files Splitter.zip (43.2 KB, 2890 views) Splitter1.1.zip (39.7 KB, 2387 views) vusb_0.15.zip (51.4 KB, 2721 views) vusb_0.15.4.zip (24.1 KB, 2113 views) multikey_18.0.2-x86.ZIP (59.7 KB, 2016 views) Last edited by fejkus : 10-13-2009 at 06:08 AM. 01-14-2008, 02:50 PM benito Senior Member
Join Date: Jul 2007 Posts: 685 Hm, but what will you do if the program generate in each run another Q/A pairs ? 01-14-2008, 03:25 PM justine Senior Member
Join Date: Dec 2007 Location: Serbia,Belgrade Posts: 82 Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644 2 of 5 30/05/2014 20:04 #4 #5 #6 #7
i never saw application that uses one query/response i have one haspHL protected soft that have about 1200 pairs ) so its almost imposible to construct table manualy 01-14-2008, 03:27 PM Tyrus Senior Member
Join Date: Dec 2007 Posts: 58 Quote: Originally Posted by benito Hm, but what will you do if the program generate in each run another Q/A pairs ? dump program on the first AES request & find QA tables, but public emulator is not fully correct works Last edited by Tyrus : 01-14-2008 at 03:33 PM. 01-14-2008, 03:43 PM fejkus Member
Join Date: Dec 2007 Posts: 43 you can always make some program to solve this problem automaticaly. this problem Q/A table probably will not solve. Last edited by Git : 08-10-2010 at 10:37 AM. 01-14-2008, 05:48 PM foffa Senior Member
Join Date: Jul 2007 Location: %TEMP% Posts: 344 Quote: Originally Posted by fejkus this problem Q/A table probably will not solve. i dont know that is this right ?? program generate random q\r 01-14-2008, 05:49 PM Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644 3 of 5 30/05/2014 20:04 #8 #9 #10 benito Senior Member
Join Date: Jul 2007 Posts: 685 Quote: Originally Posted by Tyrus dump program on the first AES request & find QA tables, but public emulator is not fully correct works I thought that also commercial emulators support only table emulation, so in this case if program generates at each start different Q/A pairs you cant emulate it...?! Or i am wrong and there are full solutions? 01-14-2008, 06:00 PM foffa Senior Member
Join Date: Jul 2007 Location: %TEMP% Posts: 344 I Have Seen Full solutions HERE IS TABLE BASED EMULATOR WITH THE SAMPLE REG FILE suitable with what fejkus said Attached Files hasp_HL TABLE BASED.zip (58.8 KB, 3619 views) Last edited by foffa : 01-14-2008 at 06:07 PM. 01-15-2008, 03:42 AM Tyrus Senior Member
Join Date: Dec 2007 Posts: 58 Quote: Originally Posted by foffa I Have Seen Full solutions HERE IS TABLE BASED EMULATOR WITH THE SAMPLE REG FILE suitable with what fejkus said HASP HL have 2 AES funcz - AES Encode & AES Decode [0x013F/0x0140] but its emulator supports only one function 01-15-2008, 04:12 AM TORO Senior Member
Join Date: Dec 2007 Posts: 53
you must extract pair tables from .protect section of envelope, envelope use these tables to make randome query check. Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644 4 of 5 30/05/2014 20:04 there are 5 tables at max, each contain 256 pair, then add those pairs with pairs from log file and then construct hasp hl emulator, it will work Page 1 of 48 1 2 3 11 > Last Previous Thread | Next Thread Posting Rules You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off Forum Jump Reverse Engineering Team - Archive - Top Powered by vBulletin Version 3.6.4 Copyright 2000 - 2014, Jelsoft Enterprises Ltd. Emulating Hasp HL max - Reverse Engineering Team Board http://www.reteam.org/board/showthread.php?t=644 5 of 5 30/05/2014 20:04