Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 04-05-2008, 08:58 PM
nihatmala nihatmala is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default HASP HL, BIN to DNG ?

Cheers everyone,

I am trying to solve a USB Hardlock dongle. I'm not a experienced user on the matter.


I have HASP 5.20 drivers installed on my system.


I used HASPHL2007 from EDGE to create BIN file via DUMPER option.
The resulting file is a 8400 byte bin file. (I guess that's the correct size as far as I read in the forums)

http://rapidshare.com/files/105198226/hl0773.zip.html

Then I load this file into edgehasp.exe (HASP HL tab)
As I don't have any DNG files and I suppose it should be created by the exe, I set a target DUMP.DNG file name.

Then I hit the SOLVE button.

It says

Reading...
Decrypting...
Solving...

and is stuck from this point after. I didn't wait for hours but after quite a while the resulting DNG file is 0 bytes.



I tried Sporaw's dumper but it gives hlvdd.dll error. (Something about Ordinal 45)

I tried Toro's HASPMON32 it displays the dongle data but nothing is filled in the table. (Actually I'm not quite sure about what I can do with this app)


Any help on how to create the DNG file will be highly appreciated.

Thanks in advance.
Reply With Quote
  #2  
Old 04-07-2008, 08:34 PM
EdWood EdWood is offline
Junior Member
 
Join Date: Mar 2008
Posts: 2
Default Ordinal 45

Ok, first of all your ordinal error comes from an out of date version of hlvdd.dll. See the link below for the file, drop it in system32.

http://www.sendspace.com/file/wlt169

Now are you trying to crack a "HASP HL" or hardlock? Be aware that they are not the same thing.

Try the version of TORO Monitor below. You have to plug your dongle in, start the monitor, and then start the program that is locked. You should see data appear as the dongle is accessed. Make sure to use every part of the program, every menu, command, etc. It's boring, yes, but they like to link the dongle to random parts of the application in order to thwart efforts to emulate the dongle without enough information. Saving this will generate two dump files, see this post for more detailed instructions on what to do with this data from a HASP HL and a (better) description of the whole process.

http://www.sendspace.com/file/r6r2pz

Try that out and then let us know if you're still having issues.
Reply With Quote
  #3  
Old 04-12-2008, 05:13 AM
nihatmala nihatmala is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

EdWood thanks a lot for your interest.


I'm guessing mine is a HASP device. Can you tell me how I can differentiate these two? (A blue USB device and it writes hardlock on it - I am suspecting it is a Luna Asic - API Version 387 - as I saw it in Sporaw's dumper)

All I know is I can use it with Aladdin Hardlock Monitor.


I tried the Toro software you've linked. It prints new lines as I play with the software. But it didn't create any files. Instead I saved the log file with txt extension.

Also as far I read in the forums, I guess I should be given PW pairs in Toro output. But I searched the whole file and there are no pairs in the output. So I couldn't use the H4DMP.EXE or H5DMP.EXE as it requires parameters.

This was one of the lines in the output.

Hardlock Out:> HL_CODE: ModAd=1907 (0x773) , Bcnt=7 -> Status=STATUS_OK


Using modad as 1907 I tried Sporaw's dumper (2.1)
It created a reg (32624 bytes) and a dat file (8340 bytes).



I also tried nodongle@inbox.ru DUMP.EXE it created a REG file with a size of 32499 bytes and a dat file with a size of 8321 bytes. I inserted the REG file into the registry but this didn't work as a dongle.


After this point I'm left with no clues. Can you suggest me any further steps?
Reply With Quote
  #4  
Old 04-13-2008, 03:25 PM
EdWood EdWood is offline
Junior Member
 
Join Date: Mar 2008
Posts: 2
Default

When you run the TORO monitor, it should show you the password in a text box. (See the attached picture below). Also, try running "File-> Read HASP Dongle Memory" if it doesn't show up at first. Your two passwords will be four characters each, in my example it would be "4D83" and "64C5". Try that for your dumper.

Now, as far as the QA pairs, are you sure there are none in your file? Can you share the output from the TORO monitor? I'm not an expert by any means but I can take a look at it.

Here's an example from my HASP HL dongle. The pair would look something like this:

Code:
HaspHL In:> Hasphl_decrypt, Length=16
Data:
AB2E51189EC8D8EDB181A2B013047268
HaspHL Out:> Hasphl_decrypt Status=0 (0x0)
Response:
18546F6F6E426F6F6D546563686E6F6C

And then you would have to manually change (each occurrence) to this:

Code:
"QTable"=hex:\
AB,2E,51,18,9E,C8,D8,ED,B1,81,A2,B0,13,04,72,68
"ATable"=hex:\
18,54,6F,6F,6E,42,6F,6F,6D,54,65,63,68,6E,6F,6C

So you were correct in your first post, you do have a hardlock, but it is easy to assume that HL stands for hardlock, so I wanted to make sure that wasn't the case.

After you get this data, I think there are other posts with more specific information on how to emulate for a hardlock, I haven't dealt with any hardlock dongles myself. Let me know if this helps...

http://img369.imageshack.us/my.php?image=toroeu8.jpg
Reply With Quote
  #5  
Old 04-13-2008, 03:59 PM
benito benito is offline
Senior Member
 
Join Date: Jul 2007
Posts: 685
Default

nihatmala talking about hardlock not hasphl.

2nihatmala: I think you should upload files you made with hldump (reg+dat). Then somebody will help you
Reply With Quote
  #6  
Old 04-19-2008, 07:36 AM
nihatmala nihatmala is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

Hi and thanks again guys.

Here's my dump file

http://www.zshare.net/download/107892214cf09bbf/

I hope it can be solved.
Reply With Quote
  #7  
Old 04-19-2008, 09:02 AM
benito benito is offline
Senior Member
 
Join Date: Jul 2007
Posts: 685
Default

Quote:
Originally Posted by nihatmala View Post
Hi and thanks again guys.

Here's my dump file

http://www.zshare.net/download/107892214cf09bbf/

I hope it can be solved.
solved algo ==> Seed1=0xA7C8, Seed2=0x9595, Seed3=0xC026

BR
Reply With Quote
  #8  
Old 04-19-2008, 02:10 PM
nihatmala nihatmala is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

OK

I also found the same Seeds with HL Solver

Then I used MyLock.FST Builder to create the FST file.


Now I should use SafeKey emulator right?

(But I can't find it on the web)
Reply With Quote
  #9  
Old 04-20-2008, 09:17 AM
gelar gelar is offline
Member
 
Join Date: Mar 2008
Posts: 25
Default

Quote:
Originally Posted by nihatmala View Post
OK

I also found the same Seeds with HL Solver

Then I used MyLock.FST Builder to create the FST file.


Now I should use SafeKey emulator right?

(But I can't find it on the web)
Try use vbus...
Reply With Quote
  #10  
Old 05-28-2011, 01:55 PM
korkutcihan korkutcihan is offline
Member
 
Join Date: May 2011
Posts: 5
Default Please Convert

Would you please return the file format DNG

English is bad sorry

link : https://rapidshare.com/files/677217681/1B69.bin
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.