Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #81  
Old 02-25-2008, 12:00 AM
uel888 uel888 is offline
Member
 
Join Date: Nov 2007
Posts: 36
Default

Then lets ask the help of HASpHL master Tyrus

@ Tyrus

Sir ,we need your solution or revised Vusbus for chingachuk

Any help, hint, idea or source code for us to play with.
Reply With Quote
  #82  
Old 02-25-2008, 12:44 AM
kiki kiki is offline
Senior Member
 
Join Date: Jun 2007
Posts: 186
Default

http://www.reteam.org/board/attachme...1&d=1203914267
Attached Images
File Type: jpg tyrus_dumper.jpg (7.8 KB, 1369 views)
Reply With Quote
  #83  
Old 02-25-2008, 10:56 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Quote:
Originally Posted by uel888 View Post
Therefore, there is really a solution but we need to pay
There is really a **TABLE** solution. There is not YET a full Algorithmic solution to HASP HL AES Encryption and Decryption routines. Anywhere. Period.

Git
Reply With Quote
  #84  
Old 03-02-2008, 03:35 AM
Lojack Lojack is offline
Member
 
Join Date: Feb 2008
Posts: 12
Wink I am stuck

Quote:
Originally Posted by fejkus View Post
Dumping Hasp HL keys

How can be emulated hasp HL max http://www.aladdin.com/hasp/max.aspx . It works of course for Pro and Time.

What we need:
  • a key
  • dumper – i used h5dmp.exe
  • TORO hasp monitor
  • Sataron’s UniDMP2reg convertor
  • emulator – i used Chingachguk vusb emulator

1. So at first, connect a dongle, run Toro monitor.
2. start your protected application and used it.
3. in TORO monitor you will see password for your key and memory of your dump. So use your protected software as usual, try to open all menus and dialogs, use every function …
4. Save log file, and save log file.
5. use dumper and dump the key. Result will be – two files hasp.dmp (about 790 B in my case) and hhl_mem.dmp (about 4 KB).
6. then use Sataron’s Unidump2reg and make a reg file (use vUSB Hasp HL option). You can edit this regfile and change licensing of your program (if it uses – hl max can be used for 112 programs)
7. And now the most important thing. Hasp HL uses enveloping technology with 128-bit AES symmetric encryption engine on key.

In TORO log we will find pairs. They can be found in the pairs window too.

Instructions can look like this one:

Code:
HaspHL In:> Hasphl_decrypt, Length=32
Data:
4284 ... ... ... 84ADA4 – It is a question for hash key
HaspHL Out:> Hasphl_decrypt Status=0 (0x0)
Response:
8222 ... ... ... 84ADA4 – And the key respond – it is his answer
(I remove part of code)
So what we will do with it? We will do Q/A table. This is Questions and Answers table in reg file. I added it on the end of file.

Data or question of IN – write in Qtable
Response or answer or OUT – write in Atable
Data shoul be write in pairs like these: 4284 ... ... ... 84ADA4 should be write: 42,84, ... ... ... 84,AD,A4

The end of regfile shoul look:

Code:
... regfile

"QTable"=hex:\
42,84,... 84,AD,A4,\

 
"ATable"=hex:\
82,22,C2 ... 84,AD,A4,\
Your program can use only one Q/A or too many. You must add them all. Then you can save your regfile.


8. Add reg file into registry
9. unplug your dongle
10. Install Chingachguk & Denger emulator, vusbbus.sys must be 0.15 or above. If all went fine, new device Hasp HL was found.
11. Your program should run


I hope, this text will help.


For a large Q/A pairs from Toro Emulator, you can use splitter.
When I monitor my dongle with Toro, I get what appears to be answeres but no questions. when I say no questions, I mean the output would say: "memory: 4D8E .... .. . so on, in this case what should I put into the questions part of the Reg file as this information does not seem to be shown in the Toro log file.
Reply With Quote
  #85  
Old 03-02-2008, 04:16 AM
fejkus fejkus is offline
Member
 
Join Date: Dec 2007
Posts: 46
Default

place somewhere log file from toro.

Quote:
Originally Posted by Lojack View Post
When I monitor my dongle with Toro, I get what appears to be answeres but no questions. when I say no questions, I mean the output would say: "memory: 4D8E .... .. . so on, in this case what should I put into the questions part of the Reg file as this information does not seem to be shown in the Toro log file.
Reply With Quote
  #86  
Old 03-03-2008, 05:32 AM
Lojack Lojack is offline
Member
 
Join Date: Feb 2008
Posts: 12
Thumbs up I apologize

Quote:
Originally Posted by fejkus View Post
place somewhere log file from toro.
Hello and thank you for your tutorial Fejkus, I actually got a little confused, everything happened as you said it would and I managed to emulate my dongle last night, without a single problem.

When I monitor my dongle using toro, during software operation (going in and out of all the programs features) the dongle was not giving me any Encrypt or Decrypt information as I thought it would as per your tutorial for some or other reason

Eventually I got irritated and started doing a little exploring, around the time I made my last post. When I discovered that using Toro there is a "File" drop down menu giving you the option of "read hasp dongle memory", instantly after clicking on that I was given all of my Q's and A's.

THANK YOU FOR YOUR HELP....you rock.
Reply With Quote
  #87  
Old 03-03-2008, 11:03 AM
iassael iassael is offline
Junior Member
 
Join Date: Feb 2008
Posts: 3
Default

hello i installed the usbfilter however i cannot monitor anything with TORO... Moreover the application does not start and says license not found... when i have toro running. I got the passwords with another programm... So i tried dumping with h5dmp with success... What can i do now?
Reply With Quote
  #88  
Old 03-03-2008, 02:40 PM
Lojack Lojack is offline
Member
 
Join Date: Feb 2008
Posts: 12
Default

Quote:
Originally Posted by iassael View Post
hello i installed the usbfilter however i cannot monitor anything with TORO... Moreover the application does not start and says license not found... when i have toro running. I got the passwords with another programm... So i tried dumping with h5dmp with success... What can i do now?
Have you converted the Dump file with DumpToReg?

if not that would be the next step.
Reply With Quote
  #89  
Old 03-03-2008, 03:05 PM
gamebit0 gamebit0 is offline
Senior Member
 
Join Date: Mar 2007
Posts: 98
Default

Quote:
Originally Posted by iassael View Post
hello i installed the usbfilter however i cannot monitor anything with TORO... Moreover the application does not start and says license not found... when i have toro running. I got the passwords with another programm... So i tried dumping with h5dmp with success... What can i do now?
may be your SW "see" monitor? try Xyrurg&sataron logger.
Reply With Quote
  #90  
Old 03-04-2008, 03:08 PM
merlin merlin is offline
Junior Member
 
Join Date: Mar 2008
Posts: 2
Default

Hi all I'm new here.

Have read through this thread. Where do you find the TORO monitor for Hasp HL? I only find it for other devices.

Thanks!
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.