Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-11-2009, 06:05 PM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 121
Default Emulator: Working - Protected Software: Very Slow!

Hasp HL Time
OS: WinXP Pro & WinVista 32bit (emulator/protected SW runs similarly on both)
Emu: Multikey v18.0.3
Dumper: H5DMP
Converter: UniDmp2Reg v1.1b5 PB (vUSB Hasp HL scheme)

Reg file is set up to run with multikey.


Protected software is running with emu. However, the SW runs slow. Actually, it's painfully slow - not practical at all. Sometimes, I receive errors due to all of the delays. The program seems to get slower the longer I run it and mess around with it. If I close it and reopen it again, it seems to return to its original operating speed (still slow, however). If I open my task manager while running the SW, I can look at the applications tab and depending on what I am doing (with the protected software), I can see that the program sometimes toggles between 'running' and 'not responding' under the status column (in the task manager).

Additional notes: SW is also running with LMTOOLS/FlexLM. There is also another .exe file that is required to run the SW - it is a vendor specific program (vendor daemon) that acts like a server, I think. If I 'end process' (end process tree, more specifically) on this .exe file, I receive an error saying 'the desired vendor daemon is down' - and I can no longer operate my protected software.

Also, although my hasp is HASP HL Time, when I plug it in, most of the time, Hasp HL key doesn't even install. And the SW that I run performs just fine with only these two items installed:

1. Aladdin usb key
2. Aladdin hasp key
(no Aladdin hasp hl key is installed. Sometimes it will install, but my program runs with or without it -- i.e. not needed).

I have no HL_ENCRYPT/HL_DECRYPT listings in my toro log file. I was only able to get toro monitor to run once - even then, I don't know that it ran properly. (My reg file has no Q/A, E/D Tables, yet the protected SW still runs - slowly, however).

I was also able to emulate hasp and run protected SW with Chingachguk & Denger2k Emulator 0.15.4 (the protected SW runs slowly with this emulator as well).


This thread is a break away from the following thread:
Code:
http://www.reteam.org/board/showthread.php?t=1870

Thank you.

Last edited by GNIREENIGNE : 09-12-2009 at 02:36 AM.
Reply With Quote
  #2  
Old 09-12-2009, 08:53 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Quote:
Also, although my hasp is HASP HL Time, when I plug it in, most of the time, Hasp HL key doesn't even install. And the SW that I run performs just fine with only these two items installed:
I think there is a something important in there, but I don't quite understand what you are saying.

1) If the dongle fails to install, does the software run?

2) At any time, has the software run slowly before you used emulator?

At the very minimum, I would completely uninstall the app and clean th registry, ditto for the dongle and ditto for the emulator. Then reinstall the app and dongle drivers and test it.

My gut feeling is that either your OS installation or the dongle is toast.

Git
Reply With Quote
  #3  
Old 09-12-2009, 10:37 AM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 121
Default

Git-

Thanks for replying.

1. When I plug in my dongle (emulator is not installed), I can see the devices being installed when I click on the message box (there are three items that get installed). First, the Aladdin USB key gets installed (it is always successful). Second, the Aladdin Hasp key gets installed (it, too, is always successful). The last item is the Aladdin Hasp HL key (sometimes it installs successfully - the last 10 times or so, it has installed successfully).

Now, whether or not the last item (Hasp HL key) gets installed or not - the protected software runs flawlessly. In fact, I can go to my device manager and uninstall it manually - and the protected software will run flawlessly.

2. The software never ran slowly prior to emulation. The software only runs slowly during emulation. If I uninstall the emulator and plug in my dongle, the software returns to normal (fast).


I have uninstalled the app, cleaned the registry, uninstalled the drivers, uninstalled the original hasp drivers, upgraded the original hasp drivers, reinstalled everything; even reformatted my hard drive.

The protected software runs slowly when it is running off of the emulator - no matter what.

I have even downgraded my LMTOOLS/FlexLM etc.
I have reverted back to an older version of the protected SW to no avail.

I don't think the dongle is toast - as it functions flawlessly (with the exception of the Hasp HL key failing to install occasionally - which is becoming more seldom).
I also don't think it's the OS - as I have run similar tests on two different computers with two different OS's etc (with the same results).

I have tried running Ollydbg and IDA Pro to see what I could find. Unfortunately, my experience with these programs is very minimal (i.e. I don't know what I'm doing).

At this point, I can't help but think that there is no way around this - without cracking the target SW (which I can't do at this point in my life).

I am beginning to think that the protection schemes are either too great or the emulators that are available to the public are not sufficient for this particular SW.

All in all, I just don't possess the knowledge to consider my opinion on the matter to be a valid one.

However, I haven't given up yet. I will continue to think of different possibilities and continue to read read read.

Thanks again, Git.
-G.
Reply With Quote
  #4  
Old 09-12-2009, 06:01 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

If I understand you correctly there is one obvious question that I have to ask.

If it runs OK without the dongle, why are you trying to emulate the dongle??

Quote:
I don't think the dongle is toast - as it functions flawlessly (with the exception of the Hasp HL key failing to install occasionally - which is becoming more seldom).
What does that mean?. Does it work flawlessly or does it fail to install. How do you klnow it works flawlessly if the app runs without it??. This makes no sense at all.


Git
Reply With Quote
  #5  
Old 09-12-2009, 11:49 PM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 121
Default

Git-

Hmm. Maybe I did not explain myself very well. I apologize. Let me try to explain it better:

The program works flawless when I have the dongle plugged in. The program runs very slowly if I do not have the dongle plugged in and am trying to emulate it.

The part about the Hasp HL key not installing is irrelevant - I just mentioned it in case you experts could make any sense of it. The fact is, the program runs flawlessly even if the Hasp HL key doesn't install - in other words, only the Aladdin USB key and the Aladdin Hasp key need to be installed for the program to run flawlessly.

I want to be able to run the program flawlessly during emulation as well (in other words, without the presence of the dongle).

So, to answer your question: It does not run okay without the dongle. It runs very slowly.

Like I said, when I plug in my dongle, three items get installed:

1. Aladdin USB Key.
2. Aladdin Hasp Key.
3. Aladdin Hasp HL Key.

The Aladdin Hasp HL Key is not needed - but the other two are - to run flawlessly.

So, technically, although I was trying to emulate a Hasp HL Key, all I really needed to do was emulate a Hasp Time Key - standard. --- I guess.

Anyway, do you understand, now?

Protected software with Hard Hasp plugged in:
Flawless operation (even if Hasp HL Key does not install, but the USB Key and Hasp Key do get installed).

Protected software without the Hard Hasp plugged in:
Program is nearly worthless - as it runs very, very slowly. The emulators allow me to open the program, do some basic functions, but once I do anything that requires more data to be sent/received, the program slows down to a halt - and I have to wait for things to process. It can get so bad, that I receive errors due to the delays.

Thanks.
-G
Reply With Quote
  #6  
Old 09-13-2009, 05:07 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

It makes no sense. Previously, you said :

Quote:
Now, whether or not the last item (Hasp HL key) gets installed or not - the protected software runs flawlessly. In fact, I can go to my device manager and uninstall it manually - and the protected software will run flawlessly.
What did you mean by that?. The dongle is uninstalled but the program works flawlessly?

Git
Reply With Quote
  #7  
Old 09-13-2009, 05:14 AM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 121
Default

Git-

What I mean is - if my dongle is plugged in (no emulator running), I can manually uninstall the aladdin hasp hl device (thus, leaving only the aladdin usb key and aladdin hasp key installed - in device manager) - and the program runs flawlessly.

In fact, I just tried it, and uninstalled both, aladding hasp key and aladdin hasp hl key - and the program runs.

So, now, it seems that the program is running with the aladding usb key only.

Also, this particular program also runs with different dongle types. I know someone else that has the program, but he has an older, parallel port/type dongle.

What are your thoughts, Git?
Thanks.
-G
Reply With Quote
  #8  
Old 09-13-2009, 05:15 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

I don't have a clue what you are talking about, sorry. The only thing I can read from it is that you have both the real dongle and emulator in use at once, which is madness. Worse, I think you are uninstalling half of the emulated dongle, which is binary suicide.

Git
Reply With Quote
  #9  
Old 09-13-2009, 05:16 AM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 121
Default



-The program runs whether I have those hasp keys installed or not - as long as the usb key is installed.

But...no matter what combination I use with the emulator(s) - the program is slow.
-G


Edit: I am not running the emulater with the dongle at the same time. Also, I am only uninstalling the hasp devices for the hard dongle - to see what would work and what wouldn't work.

-G

Last edited by GNIREENIGNE : 09-13-2009 at 05:25 AM.
Reply With Quote
  #10  
Old 09-13-2009, 05:56 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

OK, It is what I feared. The emulator will usually put 2 entries in the Device Manager window, in your case :

Aladdin HASH HL Key
Aladdin USB Key

I don't have a real HASP or HL dongle so I don't know for certain, but it looks like the real dongle puts 3 entries in :

1. Aladdin USB Key.
2. Aladdin Hasp Key.
3. Aladdin Hasp HL Key.

Why both Hasp and Hasp HL I do not know. Maybe it is because the HL can emulate a Hasp, maybe it is a dual.

Emulator or real dongle, here is the vital thing :

************************************************** ********
** NEVER EVER EVER TRY TO UNINSTALL PART OF ANY OF THOSE ENTRIES **
************************************************** ********

Each entry under the USB section of Device Manager is a transient thing, that is the nature of USB. Plug it in and it appears, unplug it and it disappears. If you have uninstalled half of an entry from there you have screwed your installation up well and true. It is in an unstable state because some of it's registry entries are now gone. You must now unplug all dongles, uninstall the emulator, uninstall the program, uninstall the HASP drivers, clean the registry of any trace of them, and then reinstall. You will find a program called (i think) HaspClean on the Aladdin site which will clean the HASP registry entries. So your natural reaction now is to think how can I get around doing all that. That would be a waste of time. Bite the bullet and clean it up and start again. It won't take more than an hour or so. Thereafter, if you want to remove dongle entries, unplug it and remove the drivers from Add or Remove Programs. If you want to remove emulated dongle entries, delete the reg entry from the registry and restart the emulator.

Quote:
Also, I am only uninstalling the hasp devices for the hard dongle
No, you were not. You can't do that. The same device drivers are used for the real dongle and the emulator.

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.