Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-20-2011, 12:06 AM
abhilasha abhilasha is offline
Member
 
Join Date: Jun 2011
Posts: 5
Question Removing time limit of protected program

After reading various posts, and a lot of searching on this forum, I have finally managed to emulate a hasp4 using h4dmp,unidmptoreg and uUSBbus.Perhaps this may not be big job to most of you guys on here, but I'm glad I to do it successfully thanks to the post from team members of this forum.I have successfully emulated the dongle, it is a 1 year license, and I am wondering if it's possible to edit the reg file I've created, to remove this limit.

Any help or pointers in this direction would be most helpful. I could also upload the dmp and reg files if needed.

Thank you
Reply With Quote
  #2  
Old 06-24-2011, 06:03 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

may be show us a some stuff like dump, .reg, software, etc.
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 06-24-2011, 07:48 AM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

From what I've seen with a SRM protected application, written in Visual Basic, this license time limit can be removed from software itself, given you've unpacked it first. HASP logs on the hardware key and checks validity of license. This info is then sent to the enveloped target and a check/comparison is made by software's code - not HASP. If check passes, target will still run.

Now, if you have a bit of reversing experience, you may find this check by forcing your application to expire and debug from the error message window you get on-screen - again, it should be a software message, not a HASP one ;-)

Am not yet sure through what means HASP gets the present date, but from what I've seen, it uses standard Windows APIs (like GetSystemTime, for instance). So if you move clock 2 years forward (2013) you may probably find that your software no longer runs.

Other than that, I don't know where exactly in HASP's internal memory is the license type identifier stored, or the expire date/year value.

Just outputting some ideas I had in mind.

Last edited by SunBeam : 06-24-2011 at 07:51 AM.
Reply With Quote
  #4  
Old 06-29-2011, 04:44 AM
abhilasha abhilasha is offline
Member
 
Join Date: Jun 2011
Posts: 5
Default

To add further to my request, I have dump tried to dump the dongle h4dmp,h5dmp &h6dmp.
h4dmp & h6dmp successfully create the dump.However h5dmp give error "Dongle not found".

Can anybody help me in deciding which type of dongle it is. HASP4 or HASP SRM ?

It is purple dongle. having written "HASP HL" on one side and "Pro 325-61" on other side.
Reply With Quote
  #5  
Old 07-02-2011, 06:13 AM
abhilasha abhilasha is offline
Member
 
Join Date: Jun 2011
Posts: 5
Default

Quote:
Originally Posted by BfoX View Post
may be show us a some stuff like dump, .reg, software, etc.
The reg file as follows:

REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\NEWHAS P\Services\Emulator\HASP\Dump\61AD1A24]
"Name"=""
"Copyright"="Copyright (C) 2011 ABC"
"Created"="15/06/2011 23:31:34"
"SN"=dword:5A14E7C1
"Type"=dword:0000000A
"Memory"=dword:00000001
"SecTable"=hex:87,C5,AA,E8,65,65,68,68
"NetMemory"=hex:00,00,00,00,00,00,00,00,00,00,FF,F F
"Option"=hex:00,01,02,54,24,00,00,00,00,00,00,00,0 0,C9
"Data"=hex:\
FF,FF,31,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,03,00,A7,00,DC,07,A7,00,DC,07,03,00,\
A7,00,DC,07,A7,00,DC,07,92,00,DB,07,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
A3,56,35,3E,56,63,88,B0,03,F1,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF
"EDStruct"=hex:\
A0,02,77,69,CF,96,01,5D,1E,72,31,BB,BA,B4,B5,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ColumnMask"=dword:000000AB
"CryptInitVect"=dword:0000003C

Please help me modifying the expiry date.
Reply With Quote
  #6  
Old 07-02-2011, 09:40 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,251
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

expired in 2012?
__________________
... Either you work well or you work much ....
Reply With Quote
  #7  
Old 07-02-2011, 03:11 PM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

Quote:
FF,FF,FF,FF,03,00,A7,00,DC,07,A7,00,DC,07,03,00,\
A7,00,DC,07,A7,00,DC,07,92,00,DB,07,FF,FF,FF,FF,\
Does that part have anything to do with your speculations?
Reply With Quote
  #8  
Old 07-03-2011, 12:41 PM
abhilasha abhilasha is offline
Member
 
Join Date: Jun 2011
Posts: 5
Default

[Please DO NOT quote whole messages, it is unnecessary]

Bfox :
Thanks for your response.
Can you point where the date is encoded in REG file.

Last edited by Git : 07-03-2011 at 12:59 PM.
Reply With Quote
  #9  
Old 07-03-2011, 03:35 PM
narciszu narciszu is offline
Senior Member
 
Join Date: Apr 2008
Location: r0m4n14
Posts: 77
Default

Quote:
FF,FF,FF,FF,03,00,A7,00,DC,07,A7,00,DC,07,03,00,\
A7,00,DC,07,A7,00,DC,07,92,00,DB,07,FF,FF,FF,FF,\
DC,07 is in fact 07DC in hex and 2012 in dec.
DB,07 is 7DB hex and 2011 dec.

You could start from here.

Last edited by narciszu : 07-03-2011 at 03:39 PM.
Reply With Quote
  #10  
Old 07-04-2011, 07:39 AM
abhilasha abhilasha is offline
Member
 
Join Date: Jun 2011
Posts: 5
Default

[Please DO NOT quote whole messages, it is unnecessary]

Thanks for the guidance.

Last edited by Git : 07-04-2011 at 04:53 PM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.