Need a tool to decrypt Usbtrace please

[intelliweb]

Good morning all,

I hope you are well,

I'm looking for a way to decrypt the USB TRACE logs to see the exchanges between the software and the dongle in clear.
If there is any tool, please give me the link,

Otherwise if there is a manual way, thank you for clarifying the ideas by guiding me to read the logs well.

Thanks in advance.

[user1]

not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

[intelliweb]

Quote:

Originally Posted by user1

not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

Thank you for your reply, i appreciate.

[intelliweb]

Quote:

Originally Posted by user1

not possible in your case

Safenet / Gemalto / Thales are big companies that know that usb trace log can emulate so since starting 5.10 ( 2010 - 2011 ) and up to last 8.15 they added new WBAES encryption that breaks any tables emulator ring 0 emulators for envelope and RW - RO usage, in your case, simply as that,

NOT possible emulate with old vbus based emulators in your case old use HASP4 no vendor session aes key and new use WBA envelope that use new encryption and get any wba keys from envelope impossible.

simply NOT possible with vbus based emulators.

now you know, good luck.

@User1

I get from Internet new vusbbus code, to support SRM functions and AES keys

see that please:
"
//------------------ SRM Data ------------------

UCHAR FeatureAES_last_driver[16] = // for 6.56 drivers
{
0x76, 0x76, 0xD8, 0x98, 0x01, 0xA1, 0x01, 0xA8,
0x48, 0x69, 0xA2, 0x9F, 0x51, 0x4E, 0x00, 0xCA
};

//UCHAR plugAES[] = //
UCHAR FeatureAES[16] = // Firmware until 3.25
{
0x03, 0x43, 0x03, 0xF1, 0xF1, 0xA0, 0x9F, 0x67,
0x5C, 0x4D, 0x11, 0x0C, 0x04, 0xA0, 0xFC, 0x23
};

//UCHAR plugAES_new[] = //
UCHAR FeatureAES_new[16] = // Firmware 3.25
{
0xF9, 0xA7, 0x4C, 0x5E, 0x9D, 0xC1, 0x01, 0x1C,
0x42, 0xDE, 0x48, 0x1B, 0x6B, 0x8D, 0x13, 0x38
};

//UCHAR FirstSessionAES[] = //
UCHAR VendorAESKey[16] =
{
0xDF, 0xBA, 0x29, 0x8A, 0xBF, 0x83, 0x19, 0x12,
0x67, 0x42, 0xFA, 0xC8, 0x7F, 0x79, 0x17, 0xD9
};"

is this is usefull to encrypt and decrypt ?

[user1]

dude

please don;t waste your time with old 10 + years sources.

THEY useless for your target !

[nodongle]

@intelliweb
The first three keys are sessions keys.
4th - sesison key for vendor 41240 (PVElite, CAESAR, etc.)

[user1]

from official Thales protection guide....

Quote:

Emulating Protection Keys

To emulate the software of a protection key manufacturer, a software cracker creates an application that replays previously recorded calls, as if an actual protection key is returning the calls.

Limited functionality emulators only record and replay calls. Full-functionality emulators also emulate the key, including its encryption. A software cracker requires access to the encryption key to create a full-functionality emulator.

There are several places in which emulators can reside. Primarily, they are an attempt to replace the driver.
Sentinel LDK Solution

Sentinel LDK provides a secure channel between an application and the Sentinel HL key. Data that passes between the protected application and the key is encrypted. Taking advantage of the secure channel functionality between your application and a Sentinel HL key provides you with the strongest possible protection.

A different encryption key is used in every session. This means that someone recording data passing through the secure channel cannot replay the data, since the encryption key used to encrypt the data will differ from that used to decrypt the data.

DO you understand? you can NEVER emulate with old ways, NOT possible.

[nodongle]

Absolutely not a problem.

[user1]

FOR HIM it is NOT, possible.

[nodongle]

more more bigger font ))