Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 09-25-2009, 01:33 AM
Trit0n Trit0n is offline
Senior Member
 
Join Date: Feb 2008
Posts: 114
Default

Why do not you use Rapidshare?
http://rapidshare.com/
Maximum upload size 200 MB (Split archives allowed!)
Note: create under "Free Zone" your own Collector's Account
then the file can be downloaded more than 10 times
Reply With Quote
  #12  
Old 09-25-2009, 02:05 AM
vaingum vaingum is offline
Member
 
Join Date: Sep 2009
Posts: 10
Default

็Thank you Trit0n

I will try rapidshare tonight

this time I use adsl 512kbps Is very slow
Reply With Quote
  #13  
Old 09-25-2009, 10:47 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

Quote:
Originally Posted by vaingum View Post
I have binar log from hasploger (but don't have log from DataGather.exe
@vaingum - If the DataGather.exe is a public dongle loger, Could you please upload it ?

Last edited by SonofabiT : 09-25-2009 at 12:46 PM.
Reply With Quote
  #14  
Old 09-25-2009, 01:22 PM
vaingum vaingum is offline
Member
 
Join Date: Sep 2009
Posts: 10
Default

Quote:
Originally Posted by SonofabiT View Post
@vaingum - If the DataGather.exe is a public dongle loger, Could you please upload it ?

That file is in install folder (BIN)

Do you have some idea to use it??


UPDATE & Need help

I can't get full log from Toro Aladdin Dongles Monitor or Hasplogger1.7


It's appear unknow error when I run that program


anybody can tell me why? or how I can get full log?



Thanks for help me
Reply With Quote
  #15  
Old 10-08-2009, 08:47 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

I have been emulating my haspHL dongle using multikey 0.16.1.0. When i have been runing the .exe, I have got an Error 1031:Enveloped Unknown error.
Ok, i am extracting the master pair table. Short story the enveloped has been passed. The last error which i 've found :
The instruction at "0x69....." referenced memory at "0x69...". The memory could not be "read.

Questions :
I wonder if i could extract several pair(s) again, my haspHL dongle would emulated properly.
1. Could anyone please point me what should i do next for my above problem ?

I had managed so many Queries-Answers from two large binary file by hand.
2. Are there any public tools which will be convert a large bytes of binary file into Query-Table registry notations for the use of multikey emulator ?

btw, If i will use Xyrurg&Sataron's hasp Loger 1.71, i could not use "File-->Save dump" menu on the public Xyrurg&Sataron's hasp loger 1.71.
3.Has it been disabled defaultly ?

TIA
SonofabiT

Last edited by SonofabiT : 10-11-2009 at 04:11 AM. Reason: typing 80% less
Reply With Quote
  #16  
Old 10-11-2009, 03:28 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

Hello guys
OK, i could extract the master pairs (Decrypt) Table on almost all .exe and these .exe didn't show a Window MessageBox "Error 1031:Envelope unknown error" anymore. The next messages which displayed when i have been runing each exe were that a message window "cannot be run in standalone". I think the "Error 1031" has been solved.

Next, i have been tried to run my s/w but i have got another error which tell me that one of .dll file cannot load.

Further, i 've found that there is another .exe which stll display "Error 1031:Envelope unknown error" at console/command prompt screen (Not a Window MessageBox).

Next, i am reversing this .exe to see if there is a .pair(s) table again which i should extract. Short story, i 've used olly and ready to extract the following block :
Code:
00377D6E .. .. .. ..|.. .. .. ..|.. .. .. ..|.. .. .. ..| 
00377D7E .. .. .. ..|12 34 56 78|9A BC DE F1|F2 F3 F4 F5| ; Start at 00377D83
........ .. .. .. ..|.. .. .. ..|.. .. .. ..|.. .. .. ..| 
0037838E 66 77 88 99|AA BB CC DD|EE FF 55 44|33 22 11 FF|
0037839E 69 00 00 00|00 00 00 00|00 00 00 00|00 00 00 00| ; From 0037839F - 0037899A, all byte are 0x00
003783AE 00 00 00 00|00 00 00 00|00 00 00 00|00 00 00 00|
........ .. .. .. ..|.. .. .. ..|.. .. .. ..|.. .. .. ..|
0037897E 00 00 00 00|00 00 00 00|00 00 00 00|00 00 00 00|
0037898E 00 00 00 00|00 00 00 00|00 00 00 00|           | ; Start at 0037899B, there are not next bytes
The problem is i can not get 4096 bytes from this step.

Any hints please ?
Reply With Quote
  #17  
Old 10-11-2009, 08:09 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Maybe you are looking at the wrong instance of GetTickCount ?. You can try searching the exe/dll for the value of Query shown in the logger, but be very careful of endianism.

Git
Reply With Quote
  #18  
Old 10-11-2009, 08:16 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

WHAT A STUPID I AM !!!! Sory guys .. the above hex were not form the right section. Now i 've found the first 16 byte of somethings which Toro's logs given to me. I think i am in the right place and will be back here again if there are another problem.
Reply With Quote
  #19  
Old 11-05-2009, 02:55 AM
zphdt zphdt is offline
Member
 
Join Date: Oct 2009
Posts: 11
Default need ur help the program can't run

thanks ur make a reg file .when i install the MultiKey eum,then the program show a message :Error 1031:Enveloped Unknown error
using hasp hl 3.21
can u give me a help?please
the links is the program & dump &logs files
http://www.4shared-china.com/file/14...i_pioneer.html

thanks ..
zphdt

Last edited by Git : 11-01-2010 at 11:54 AM.
Reply With Quote
  #20  
Old 11-05-2009, 10:46 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Please don't quote such large sections of the original message. It is entirely unnecessary as we can all see the original right in front of us.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.