Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 07-12-2011, 08:56 PM
TomD43 TomD43 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 3
Default

You could use procmon, or an api spying program, to look at the calls the program makes to access the registry.
Reply With Quote
  #12  
Old 07-14-2011, 10:24 AM
TEMS TEMS is offline
Member
 
Join Date: Jul 2010
Posts: 23
Default Please help

Quote:
Originally Posted by narciszu View Post
DC,07 is in fact 07DC in hex and 2012 in dec.
DB,07 is 7DB hex and 2011 dec.

You could start from here.
dear brother
please help me on this one
this info bellow is belong for HASP time
can you help me where the reg code can know time limited

"Name"=""
"DongleType"=dword:00000001
"Created"="14/07/2011 20:21:34"
"SN"=dword:609DE9C7
"Type"=dword:000000DA
"Memory"=dword:00000020
"SecTable"=hex:82,F5,6A,7D,EE,FD,6E,7D
"NetMemory"=hex:00,00,00,00,00,00,00,00,00,00,FD,F F
"Option"=hex:00,01,02,4A,1F,01,0E,06,0B,01,0D,15,3 2,00
"HaspTimeMemory"=hex:00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,\
C7,E9,9D,60,00,00,00,00,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF
"TimeShift"=hex:00,00,00,00,00,00,00,00
"Data"=hex:\
14,06,BE,4F,7E,32,94,D8,8B,A9,FB,27,33,80,9C,95,\
32,F5,11,71,B4,AA,71,C9,07,57,44,6C,71,4F,10,5B,\
9C,10,DA,77,4B,82,1B,BC,6B,38,FB,AE,BB,E3,69,13,\
58,40,60,60,CF,ED,FD,14,86,F0,82,B1,95,DD,F0,A4,\
EB,DE,EA,72,25,3A,A4,B8,AF,C5,8E,44,BC,E6,18,6A,\
CC,89,72,0C,9E,78,A0,00,57,AD,D4,EE,ED,5F,52,9E,\
33,B7,CE,5C,7D,D6,44,0F,FF,C9,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\

this dongle expire on 01-11-2010

Please help
Reply With Quote
  #13  
Old 07-14-2011, 10:58 AM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

as git said several times:
OR INTO MEMORY DATA
OR HERE: last 16 bytes of timememory
,00 ,00,00,00,00,00,00,00,\
C7,E9,9D,60,00,00,00,00,\
Reply With Quote
  #14  
Old 07-14-2011, 11:24 AM
xs2smith xs2smith is offline
Junior Member
 
Join Date: Nov 2009
Posts: 3
Default

Quote:
Originally Posted by abhilasha View Post
Thanks for the guidance.
plz confirm that this modification worked for u and the software expiry date has now been extended
Reply With Quote
  #15  
Old 07-14-2011, 12:39 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

@TEMS upload here your dump we will help you.....
Reply With Quote
  #16  
Old 07-14-2011, 11:57 PM
TEMS TEMS is offline
Member
 
Join Date: Jul 2010
Posts: 23
Default

Quote:
Originally Posted by sparpacillon View Post
as git said several times:
OR INTO MEMORY DATA
OR HERE: last 16 bytes of timememory
,00 ,00,00,00,00,00,00,00,\
C7,E9,9D,60,00,00,00,00,\
how can we modify it to get no expire
Reply With Quote
  #17  
Old 07-15-2011, 02:20 AM
sparpacillon sparpacillon is offline
Senior Member
 
Join Date: Aug 2007
Posts: 210
Default

if it is like hasp time just replace C7,E9,9D,60 with 00,00,00,00
to make it unlimited.. otherwise i don't know
Reply With Quote
  #18  
Old 07-15-2011, 02:27 AM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

I was about to say that. Seems people don't even TRY it. Remember what I told you, sparpa? Katt Williams phrase, lol..

Considering it says "HaspTimeMemory", and whole memory is 00-es, but those 4 bytes, wouldn't it be appropriate to NULL everything out and test?..
Reply With Quote
  #19  
Old 07-15-2011, 05:11 AM
narciszu narciszu is offline
Senior Member
 
Join Date: Apr 2008
Location: r0m4n14
Posts: 77
Default

Quote:
Originally Posted by TEMS View Post
"SN"=dword:609DE9C7
...
"HaspTimeMemory"=hex:\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
C7,E9,9D,60,00,00,00,00,\
FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF

"TimeShift"=hex:00,00,00,00,00,00,00,00
As I know, in HaspTimeMemory need to be serial number of the dongle (in reverse order).

C7,E9,9D,60 = 609DE9C7 in reverse order

I have one case when I changed this four bytes (for testing purpose) and message was: "Clock no power" (or something like this)

So, these bytes are not related with the expiration date. In this case I think the expiration time is coded somewhere in the dongle memory area ("Data" field).

Last edited by narciszu : 07-15-2011 at 05:42 PM.
Reply With Quote
  #20  
Old 07-15-2011, 11:37 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

If no plain data found in memory of dongle try to patch app it is easy to do tat but the hardest thing could be unpacking the envelope
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.