Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-01-2012, 01:15 PM
steveyb86 steveyb86 is offline
Member
 
Join Date: Sep 2010
Posts: 22
Default Cracked & Emulated Dongle - But, VTC Upgrade Required?

Hello again,

You guys have helped me previously crack a dongle, so I thought id come bother ya again with another one....Any help will be much appreciated.

Ok, so, I have recently upgraded my software, and to do so, they took back my old dongle, then gave the same one back to me through the post with the new software install disk. I assumed they had changed the code n stuff on the dongle, so......

Just in case I lose the dongle, I am trying to emulate it.

I dumped the dongle with HL_DUMP, and I have solved the seeds, but all the info is the same, the seeds are the same, and the hex memory is the same. Apart from the "ID"=dword actually, they are different.

When I put the dongle in the machine and start the software it says "upgrade hardlock". Now with the new original dongle I search for the VTC file which is on the disc they gave me and it works, but with my emulated dongle, it doesn't.

What I have noticed is that when it asks for the upgrade file my new dongle says "Upgrade Hardlock #6187" and with my emulated dongle the number is #338, which is the same as my old dongle. But I have dumped the new dongle 3 times now, and the info is definitely the same.

I cant figure out where I'm going wrong, and I would greatly appreciate any help.

Thanks again

Steve

Last edited by steveyb86 : 10-01-2012 at 01:34 PM.
Reply With Quote
  #2  
Old 10-01-2012, 02:47 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

RUS option inside?
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 10-01-2012, 03:35 PM
steveyb86 steveyb86 is offline
Member
 
Join Date: Sep 2010
Posts: 22
Default

I haven't seen RUS anywhere, not sure where I'd find it if it was inside....?
Reply With Quote
  #4  
Old 10-01-2012, 04:01 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

simply show dump
__________________
... Either you work well or you work much ....
Reply With Quote
  #5  
Old 10-02-2012, 02:36 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

typedef struct rus_fib
{
Byte MARKER[2];
Long SERIAL_ID;
Byte VERSION[2];
Word FIXED;
Word VAR;
Word CRC;
} RUS_FIB;

0F,DE,71,00,00,00,4E,04,00,00,16,00,2B,9F

GeoVision SERIAL_ID not match VTC-file SERIAL_ID
__________________
... Either you work well or you work much ....
Reply With Quote
  #6  
Old 10-02-2012, 03:17 AM
steveyb86 steveyb86 is offline
Member
 
Join Date: Sep 2010
Posts: 22
Default

Thanks for looking into this for me,but I have no clue what to do with the code u have written for me. Do I need to add it to my .reg file? Or completely start again? And do I need to replace the red text with my dongle I'd?

Thanks again
Reply With Quote
  #7  
Old 10-02-2012, 11:44 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

For GeoVision you cant generate valid vtc-file context (he use RSA-512 or more. not remember it), but you can change SERIAL_ID in the dongle context and re-sign it...
__________________
... Either you work well or you work much ....
Reply With Quote
  #8  
Old 10-03-2012, 04:16 PM
Trit0n Trit0n is offline
Senior Member
 
Join Date: Feb 2008
Posts: 115
Default

Sorry, but this code does not belong in a Reg File.
....
typedef struct rus_fib
{
MARKER byte [2];
Long SERIAL_ID;
VERSION byte [2];
Word FIXED;
Word VAR;
Word CRC;
RUS_FIB};
0F, DE, 71,00,00,00,4 e, 04,00,00,16,00,2 B, 9F
GeoVision 335 file not match VTC 7345
....
(but is meant more symbolic)
Reply With Quote
  #9  
Old 10-08-2012, 02:43 PM
steveyb86 steveyb86 is offline
Member
 
Join Date: Sep 2010
Posts: 22
Default

Thanks for your help guys.....I think.

All sorted now, HL_dump was finding and dumping my old emulated dongle, what a plonker! lol

Thanks anyway
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.