Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 03-30-2021, 03:55 AM
intelliweb intelliweb is offline
Member
 
Join Date: Feb 2010
Posts: 19
Default Need a tool to decrypt Usbtrace please

Good morning all,

I hope you are well,

I'm looking for a way to decrypt the USB TRACE logs to see the exchanges between the software and the dongle in clear.
If there is any tool, please give me the link,

Otherwise if there is a manual way, thank you for clarifying the ideas by guiding me to read the logs well.

Thanks in advance.
Reply With Quote
  #2  
Old 03-30-2021, 04:02 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 327
Exclamation

not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.
__________________
dongle backup

Last edited by user1 : 03-30-2021 at 04:13 AM.
Reply With Quote
  #3  
Old 03-30-2021, 06:59 AM
intelliweb intelliweb is offline
Member
 
Join Date: Feb 2010
Posts: 19
Default

Quote:
Originally Posted by user1 View Post
not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.
Thank you for your reply, i appreciate.
Reply With Quote
  #4  
Old 03-30-2021, 07:14 AM
intelliweb intelliweb is offline
Member
 
Join Date: Feb 2010
Posts: 19
Default

Quote:
Originally Posted by user1 View Post
not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.
@User1

I get from Internet new vusbbus code, to support SRM functions and AES keys

see that please:
"
//------------------ SRM Data ------------------

UCHAR FeatureAES_last_driver[16] = // for 6.56 drivers
{
0x76, 0x76, 0xD8, 0x98, 0x01, 0xA1, 0x01, 0xA8,
0x48, 0x69, 0xA2, 0x9F, 0x51, 0x4E, 0x00, 0xCA
};

//UCHAR plugAES[] = //
UCHAR FeatureAES[16] = // Firmware until 3.25
{
0x03, 0x43, 0x03, 0xF1, 0xF1, 0xA0, 0x9F, 0x67,
0x5C, 0x4D, 0x11, 0x0C, 0x04, 0xA0, 0xFC, 0x23
};

//UCHAR plugAES_new[] = //
UCHAR FeatureAES_new[16] = // Firmware 3.25
{
0xF9, 0xA7, 0x4C, 0x5E, 0x9D, 0xC1, 0x01, 0x1C,
0x42, 0xDE, 0x48, 0x1B, 0x6B, 0x8D, 0x13, 0x38
};

//UCHAR FirstSessionAES[] = //
UCHAR VendorAESKey[16] =
{
0xDF, 0xBA, 0x29, 0x8A, 0xBF, 0x83, 0x19, 0x12,
0x67, 0x42, 0xFA, 0xC8, 0x7F, 0x79, 0x17, 0xD9
};"

is this is usefull to encrypt and decrypt ?
Reply With Quote
  #5  
Old 03-30-2021, 08:10 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 327
Exclamation

dude

please don;t waste your time with old 10 + years sources.

THEY useless for your target !
__________________
dongle backup
Reply With Quote
  #6  
Old 04-01-2021, 12:51 AM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 320
Default

@intelliweb
The first three keys are sessions keys.
4th - sesison key for vendor 41240 (PVElite, CAESAR, etc.)
__________________
nodongle.biz
Reply With Quote
  #7  
Old 04-01-2021, 07:05 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 327
Post

from official Thales protection guide....

Quote:
Emulating Protection Keys

To emulate the software of a protection key manufacturer, a software cracker creates an application that replays previously recorded calls, as if an actual protection key is returning the calls.

Limited functionality emulators only record and replay calls. Full-functionality emulators also emulate the key, including its encryption. A software cracker requires access to the encryption key to create a full-functionality emulator.

There are several places in which emulators can reside. Primarily, they are an attempt to replace the driver.
Sentinel LDK Solution

Sentinel LDK provides a secure channel between an application and the Sentinel HL key. Data that passes between the protected application and the key is encrypted. Taking advantage of the secure channel functionality between your application and a Sentinel HL key provides you with the strongest possible protection.

A different encryption key is used in every session. This means that someone recording data passing through the secure channel cannot replay the data, since the encryption key used to encrypt the data will differ from that used to decrypt the data.
DO you understand? you can NEVER emulate with old ways, NOT possible.
__________________
dongle backup
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.