 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#1
04-15-2010, 04:27 AM
|
|||
|
|||
How to extract/resolve the dtable "30"?
How to extract the dtable "30"?
hi all I have this file. reg, and I could create Dtable "10", but the program asks for the tables "30" the tables could be drawn from memory with hexedit, but I can not extract the "30" could someone help me? reg file : http://rapidshare.com/files/376088872/type3.html tables : http://rapidshare.com/files/37608927..._tabl.rar.html software : typ e-ed it 200-7 log file : http://rapidshare.com/files/376089951/NoName.txt.html Does anyone have the complete file, v.2007 or v.2008? thanks 
|
|
#2
04-15-2010, 06:18 AM
|
|||
|
|||
|
There are two reasons for Q/A pairs being used. The common one is when the whole program exe is wrapped in the shell/envelope. The Q/A values for this are stored in data arrays and are easily extracted, they are always 16 bytes (0x10) long. The second reason is correct use of the API, where the program will make random encrypt/decrypt calls to ensure the dongle is still there, or to decrypt some data or code used in the program. In those cases, the Q/A pairs can be 16, 32 or 48 bytes (0x10, ox20 or 0x30) long. These Q/A pairs are not stored in the program, so you have to use a logger/monitor to capture them while your program is running.
Git
|
|
#7
12-11-2010, 12:41 AM
|
|||
|
|||
|
Quote:
Is it possible to catch them from disassembler/debugger by applying some hasphl signatures ? @ all - Is it possible to retrieve p1 & p2 of hasp4/hl dongle from "decrypting" a log of USB protocal analyzer softwares such as USBTrace ?
|
Linear Mode
