Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #451  
Old 05-20-2011, 10:14 PM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

"hasp_get_sessioninfo" should not be trivially patched, you should at least, feed a simple xml format to this function and fix the return address in ESP, (refer to documentation or simply cheat from the real dongle)
Reply With Quote
  #452  
Old 05-20-2011, 10:27 PM
008348 008348 is offline
Senior Member
 
Join Date: Jun 2010
Posts: 50
Default

@robin1044,
Thank you for your good suggestion.
But it's complicated to understand.
Can you post a patched "hasp_get_sessioninfo" code example?
Reply With Quote
  #453  
Old 05-21-2011, 01:07 AM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

I could take a look at your target,
Pm or share the link here .

Last edited by robin1044 : 05-21-2011 at 01:28 AM.
Reply With Quote
  #454  
Old 06-22-2011, 06:35 AM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

[Please DO NOT quote whole messages, it is unnecessary]

Correction, session doesn't appear if a hasp_logout command is issued while software runs ;-) Best practice, get rid of envelope, find hasp_login, break it in Olly, trace out of it, then check page for any live sessions.

Last edited by Git : 06-22-2011 at 07:56 AM.
Reply With Quote
  #455  
Old 06-22-2011, 06:47 AM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 300
Default

Or check Access logs
__________________
nodongle.biz
Reply With Quote
  #456  
Old 06-22-2011, 07:35 AM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

If he enabled them, that is ;-) By default they're not enabled.
Reply With Quote
  #457  
Old 06-22-2011, 08:51 AM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

@sunbeam:
in case of SRM envelope, envelope Hasp_Logout would not be called by the time app is running and session is active. in case of APIs you are right
Reply With Quote
  #458  
Old 06-22-2011, 09:08 AM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

Yeah, I meant it like that. You said something earlier and I tested your 2 suggestions. But I didn't see anything in the Sessions page while running the software. That's because this application has a wrapper, comprised of 3 HASP APIs: hasp_login, hasp_decrypt (thanks Tyrus) and hasp_logout. When I run application, I don't catch the session in sight, since all happens fast..
Reply With Quote
  #459  
Old 09-14-2011, 02:19 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

@nodongle i got the gettickcount file export to registry, when run the application its crashed......
Reply With Quote
  #460  
Old 09-14-2011, 10:03 PM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

Simply,.. the registry file is yet incomplete. search for the next layer of envelope and the next gettickcount ...
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.