Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   Need a tool to decrypt Usbtrace please (http://www.reteam.org/board/showthread.php?t=7494)

intelliweb 03-30-2021 03:55 AM

Need a tool to decrypt Usbtrace please
 
Good morning all,

I hope you are well,

I'm looking for a way to decrypt the USB TRACE logs to see the exchanges between the software and the dongle in clear.
If there is any tool, please give me the link,

Otherwise if there is a manual way, thank you for clarifying the ideas by guiding me to read the logs well.

Thanks in advance.

user1 03-30-2021 04:02 AM

not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

intelliweb 03-30-2021 06:59 AM

Quote:

Originally Posted by user1 (Post 39535)
not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

Thank you for your reply, i appreciate.

intelliweb 03-30-2021 07:14 AM

Quote:

Originally Posted by user1 (Post 39535)
not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

@User1

I get from Internet new vusbbus code, to support SRM functions and AES keys

see that please:
"
//------------------ SRM Data ------------------

UCHAR FeatureAES_last_driver[16] = // for 6.56 drivers
{
0x76, 0x76, 0xD8, 0x98, 0x01, 0xA1, 0x01, 0xA8,
0x48, 0x69, 0xA2, 0x9F, 0x51, 0x4E, 0x00, 0xCA
};

//UCHAR plugAES[] = //
UCHAR FeatureAES[16] = // Firmware until 3.25
{
0x03, 0x43, 0x03, 0xF1, 0xF1, 0xA0, 0x9F, 0x67,
0x5C, 0x4D, 0x11, 0x0C, 0x04, 0xA0, 0xFC, 0x23
};

//UCHAR plugAES_new[] = //
UCHAR FeatureAES_new[16] = // Firmware 3.25
{
0xF9, 0xA7, 0x4C, 0x5E, 0x9D, 0xC1, 0x01, 0x1C,
0x42, 0xDE, 0x48, 0x1B, 0x6B, 0x8D, 0x13, 0x38
};

//UCHAR FirstSessionAES[] = //
UCHAR VendorAESKey[16] =
{
0xDF, 0xBA, 0x29, 0x8A, 0xBF, 0x83, 0x19, 0x12,
0x67, 0x42, 0xFA, 0xC8, 0x7F, 0x79, 0x17, 0xD9
};"

is this is usefull to encrypt and decrypt ?

user1 03-30-2021 08:10 AM

dude

please don;t waste your time with old 10 + years sources.

THEY useless for your target !

nodongle 04-01-2021 12:51 AM

@intelliweb
The first three keys are sessions keys.
4th - sesison key for vendor 41240 (PVElite, CAESAR, etc.)

user1 04-01-2021 07:05 AM

from official Thales protection guide....

Quote:

Emulating Protection Keys

To emulate the software of a protection key manufacturer, a software cracker creates an application that replays previously recorded calls, as if an actual protection key is returning the calls.

Limited functionality emulators only record and replay calls. Full-functionality emulators also emulate the key, including its encryption. A software cracker requires access to the encryption key to create a full-functionality emulator.

There are several places in which emulators can reside. Primarily, they are an attempt to replace the driver.
Sentinel LDK Solution

Sentinel LDK provides a secure channel between an application and the Sentinel HL key. Data that passes between the protected application and the key is encrypted. Taking advantage of the secure channel functionality between your application and a Sentinel HL key provides you with the strongest possible protection.

A different encryption key is used in every session. This means that someone recording data passing through the secure channel cannot replay the data, since the encryption key used to encrypt the data will differ from that used to decrypt the data.
DO you understand? you can NEVER emulate with old ways, NOT possible.

nodongle 04-01-2021 07:47 AM

Absolutely not a problem.

user1 04-01-2021 12:03 PM

FOR HIM it is NOT, possible.

:)

nodongle 04-01-2021 02:49 PM

more more bigger font ))


All times are GMT -4. The time now is 06:30 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.