Unidentifyied Dongle - Page 2

Harleych · #11 09-14-2008, 11:11 AM

inro key doesn't hardlock.

so can't emulate the dongle now.

vanity · #12 09-14-2008, 12:24 PM

well,

so there's no simple way to emulate it?

As I said, I'm quite a newbie in dongle emulation,so maybe what I'm asking may sound foolish, but would it worth trying to create a table using a USB sniffer of the responses the dongle sends, and with that create an emulator?

Any way, there is a long road ahead.

kodyazan · #13 09-15-2008, 06:05 AM

@Vanity,

What I see, (and you can also see with debugger )

All socket communication. Connect(), Send(), Select(),Recv() functions.

After successfull connect, emma is sending 48 bytes to the server, below is a sample snapshot.

00EEF4A8 A5 AF 01 52 0E 0D 34 43 2F B7 62 26 97 F9 84 FD
00EEF4B8 E5 D3 47 7B 78 99 90 F1 01 6A 1C E4 BD 13 97 1B
00EEF4C8 6B 1B A1 E5 45 9F 7B 02 5B 4B 63 79 59 17 E9 EE

and after a good return from select() , recv() called with following parameters:

buffersize 512.
buffer:015bf988
pfrom=015bf95c
pfromlen=015bf8e0

And returns 31 bytes below:
015BF988 01 32 09 32 09 33 09 30 09 30 09 30 09 70 65 74
015BF998 73 6F 09 30 09 09 32 2E 30 2E 32 09 30 09 00

(Forexample above contains my computer name.)

The crack SOLUTION should be:
1-Succesfull return values (zero or one) of socket functions maybe simulated. They are well-known. (WS2_32.lib). connect returns 0. etc.

2-So running InroKeyServer is not needed.

3-RECV() returns receives number of bytes and fills a memory area with received bytes. TRACKING THOSE BYTES , where they are used/compared may yield a FINAL SOLUTION.

3-If i had a dongle, I could trace where good solution goes in the code, and try to target there step by step.So tracking good responses may take you to solution faster.

Seperate small debugger notes:

-Put a breakpoint on 0070f0b0, where socket communication begins.
-Software is designed with QT. Dont tracein to QT function calls.
-Debugging while INROserver is running does timing errors.(Sometimes.)
-Socket communication is nonblocking.
-It opens atleast 2 threads in memory, they may communicate with shared memory.

I am only free at weekends, so may not look till next week. hope it helps.

vanity · #14 09-17-2008, 09:48 PM

kodyazan,

I'd like to kindly thank you! I won't write much right now, as I'm still debugging, and trying to understand the results, but until the weekend I will write a complete message.

Thanks!
van

Harleych · #15 09-18-2008, 10:11 AM

nodongle.biz can make the emulator for INRO EMME

kapatmalan · #16 10-01-2009, 12:19 PM

can anyone emuuuuuuu the rockey4nd dungle ??

BfoX · #17 10-01-2009, 12:24 PM

@kapatmalan: read a previsions post carefull...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode