Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 07-09-2011, 01:21 PM
sungog sungog is offline
Member
 
Join Date: Sep 2009
Posts: 46
Default Why not get Password of hasp hl pro 3.25

view hasp dongle info at:http://localhost:1947/_int_/devices.html
Key Type:HASP HL Pro (puple)
Version:3.25

I can't get the password when Use TORO.HASP.LOGGER 4 .

Logger Url:http://www.money988.com/sungog/dongle_logger.txt

Is it SRM?Why not get password? Thanks
Fn80:> KEY_FN_SET_CHIPER_KEYS
Data:
02 EA 00 19 03

FnA0:> SRM Is Dongle Active?
Status=0x0

FnA1, SubFn03:> Read Hardware Seed
DongleSide KeySeed=0000000000005A

FnA1, SubFn01:> Read Hardware Parameters
Data:
41 FD 04 A1 06 01 00 00 02 CA 00 0B 00 00 3A 06
02 54 00 02 00 00 00 00 03 19 22 C3 7B 00 00 00
00 00 00 00 34 00 00 60 00 01 A2 19 00 00

FnA9:> Crypt Result
Data:
A6 4F 68 4E DC A9 32 C0 A1 A9 AF F1 B8 40 C5 A6
Decrypted Data:
0F 08 1B 53 E7 FD 4C 86 52 5A 17 19 A5 A2 93 09

FnAB:> SRM Logout, HASP_FILE_ID==0001, HASP_FILE_INDEX==000B
Status=0x0
Reply With Quote
  #2  
Old 07-09-2011, 09:36 PM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 320
Default

Your protected software using SRM API only.
Therefore no exists HASP4 passwords in the log.
Reply With Quote
  #3  
Old 07-11-2011, 10:09 AM
sungog sungog is offline
Member
 
Join Date: Sep 2009
Posts: 46
Default

Thanks!then how to dump and backup my dongle ?
Reply With Quote
  #4  
Old 07-11-2011, 10:37 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You can't, there is no SRM emulator freely available.

Git
Reply With Quote
  #5  
Old 07-11-2011, 01:28 PM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

still u can dump and backup ur dongle with h6dm but as git said no free emulator
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
  #6  
Old 07-11-2011, 02:28 PM
TORO TORO is offline
Senior Member
 
Join Date: Dec 2007
Posts: 53
Send a message via ICQ to TORO Send a message via MSN to TORO Send a message via Yahoo to TORO
Default

i guess you already backed up your dongle because you have a log of your program and dongle activities btw do it with my universal usb logger v5.5.1 .
and about emulator, i think it will be shared soon :d
Reply With Quote
  #7  
Old 07-11-2011, 06:21 PM
crackslab crackslab is offline
Member
 
Join Date: Nov 2010
Posts: 28
Default

Toro
your new monitor release available at public 5.5.1?
Reply With Quote
  #8  
Old 07-13-2011, 04:10 AM
sungog sungog is offline
Member
 
Join Date: Sep 2009
Posts: 46
Default

Thanks TORO
I used usb hasp4/hasphl/haspsrm logger/dumper v4.0 to dump my dongle,i can't find your dumper 5 and emulator so I don't know how to backup my dongle.Where can i download the dumper 5 and emualtor ?

bin dump file:http://www.money988.com/sungog/TORO_...2_22_08_29.BIN

Somebody know how to unpack this srm protected software?I try unpack it these days but not success.
1,I open the protected software with od debug,then set hardware write break point at "ExitProcess"
2,press "F9" run ,when break, press "ALT+M" ,on "text" segment press "F2"
3,press "F9" to run,break at one address but seemed not OEP,but now the software unpacked entirely
but it is hard to repaired the IAT,can somebody who tell some about this?thanks

Last edited by Git : 07-13-2011 at 08:03 AM.
Reply With Quote
  #9  
Old 07-14-2011, 08:17 PM
sungog sungog is offline
Member
 
Join Date: Sep 2009
Posts: 46
Default

Thanks for help,i can't backup my dongle ,but now i unpacked it.
1,find oep
2,dumped software
3,find IAT decrypt VM
4,repaired iAT
you can find about video demo on web.
Reply With Quote
  #10  
Old 07-14-2011, 08:30 PM
SunBeam SunBeam is offline
Senior Member
 
Join Date: Jun 2011
Posts: 61
Default

@sungog: The "ExitProcess" breakpoint is mentioned anywhere, in any article? Am asking cuz I noticed Sentinel/HASP hooks ExitProcess right before reaching OEP. Can you kindly point me to where you learned of this "trick"?

As for IAT, simple HASP has 1 check, while Sentinel has a secondary IA table (where some entries are filled with -1 values - 0xFFFFFFFF).

EDIT: Think I found it - http://reteam.org/board/showthread.p...=ExitProces s. None other than robin :-)

Last edited by SunBeam : 07-14-2011 at 08:33 PM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.