Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-19-2010, 10:32 AM
hsingh12 hsingh12 is offline
Member
 
Join Date: Sep 2010
Posts: 6
Default Extracting master pair table (HASP HL Max)

Hi,

Does anybody have any information on how to extract the master key table? I am dealing with a HASP HL Max protection. I have tried searching but I cannot seem to find much about this...

I have tried logging the q/a's but there is soo many and they keep changing so I think these are random all the time..

The software I am dealing with does not give any envelope errors (it always launches - it just disables features when no valid dongle is present), so quite lost as to where I should be setting breakpoints etc in search for this table..

Any help is very appreciated!
Reply With Quote
  #2  
Old 09-19-2010, 11:09 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You haven't searched enough, there is a whole tutorial on the subject, several large threads and some tools to help you extract the information from the binary.

Git
Reply With Quote
  #3  
Old 09-29-2010, 04:35 PM
hsingh12 hsingh12 is offline
Member
 
Join Date: Sep 2010
Posts: 6
Default

So after some more searching and head banging...I actually found out the reason I was so confused is because there seems to be no master key table in my application to begin with

It seems the application generates the same 16 questions each time when the application is started, based on some data from the dongle. A minute later, the 16 answers are used as 16 questions and the process seems to repeat itself infinatly, always starting with the same set of initial 16 questions.

Having access to the dongle for short periods only (so only being able to gather Q/A's for about an hours worth of emulation), I wondered if its possible to essentially forcefully send the same A/Q sequence to build up several hours of Q/A in a short space of time...is there any way to do this without having the vendor code? Or perhaps a way to extract the vendor code from the application (as it uses the HASP API, I'm guesing it must be stored somewhere?).

I was hopeing to then code something up which will just loop through grabbing as much Q/A as it can...

Any pointers would be really appreciated!

Last edited by hsingh12 : 09-29-2010 at 04:42 PM.
Reply With Quote
  #4  
Old 09-29-2010, 05:57 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

To do that you would need to know the AES key, but if you knew the key you wouldn't need tables. (that's a no)

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.