Emulating Hasp HL max

[unforgiven]

Quote:

What emulation you you recomand ?

You Must Extract Pair Table From .Protect.
And its need Software installation and Deluging experience.
As i know Sporaw Have Full Solution(Universal) for HL Max with envelope.

[Freeware]

Quote:

You Must Extract Pair Table From .Protect.

Exactly from where ? Toro Monitor ?

Quote:

And its need Software installation and Deluging experience.

My software or what kind of software do you mean ? Can you explain in 2-3 words what is the "deluging experience" ?

Quote:

As i know Sporaw Have Full Solution(Universal) for HL Max with envelope.

But is he willing to help me with his solution ?

[benito]

debugging experiences...it dont need any other explanation.
If you still dont know what we are talking about: http://en.wikipedia.org/wiki/Debugging

BR

[Freeware]

10x I started a new topic about my problem

[viperware]

Quote:

Originally Posted by bloodlust026

First post here...

I have the same problem. I start the monitor and then my software. It starts to read the table keys and then software gives an error and monitor stops. I tried both Toro and Xyrurg&Sataron. It gives me less than 100 table keys. I save log file and convert to dump file. Then convert to registry. I add the Q/A tables to registry file. I add file to registry and then try to run my software. It gives me error "Unknown Envelope". I think that SW detects monitor and stops the table generation. Is there a way to hide the monitor from SW?

I was able to get the dump files from the dongle and the passwords. Is it possible to emulate a dongle without getting the Q/A tables?

(Using Hasp HL 2.16)

I think I am getting the same problem. I have dumped my dongle and converted it to .reg file. But my software detects the use of both TORO's and Sataron's dongle monitors. Since I have my reg file, I think all I need now is my Q/A tables but have not yet been able to log them yet. I was able to monitor the dongle during the installation of my software, and I did log some information. I also tried starting toro monitor after software startup. The result is my software begins to react strangely.
My log file says I have logged 109 pairs. Is this amount standard? These were logged during installation of software only, I have no Q/A pairs logged from operating the software. My next guess is to attempt to monitor with busTrace 6.0. Has anyone tried monitoring for Q/A pairs with this software? I have also logged the installation of my software with Sataron's logger.
If anyone is curious, I can post log files as well. Thanks for any info.

[Freeware]

try to install the usb filter first

[Freeware]

double post

[Sinaptik]

Hi to everyone,

First, I would like to thanks all participant of this topic for great information and sources for HL Max dongle.

So, I need some help about a dongle, here's my questions.

I got a dongle from my work, it's an HL Max one (green USB).
The software protected with it seems to use random QA pairs.

My first question is about QA pairs, if I got something like that:

Code:

2008/08/25  17:43:06.812	 ==> HaspHL_decrypt: Status = 0x00

==================================================================

2008/08/25  17:43:06.875	 <== Application: C2.EXE

2008/08/25  17:43:06.875	 <== HaspHL_decrypt: Pass1 = 0x795F (31071), Pass2 = 0x1F82 (8066)

2008/08/25  17:43:06.875	 <== HaspHL_decrypt: Length = 0x30

2008/08/25  17:43:06.875	 <== HaspHL_decrypt: Input Data = 

2008/08/25  17:43:06.875	

  4B BE E8 6D | 82 9D 42 CF | 8D 7A 49 35 | A4 5A 56 F0 	[K..m..B..zI5.ZV.]

  7F B3 B6 AE | 4D 05 09 A1 | 8F 6C 5B 70 | 30 AD C2 61 	[...M....l[p0..a]

  26 D3 DB FC | E5 6F 48 4B | 84 CE E2 EE | 56 0B 74 58 	[&....oHK....V.tX]



2008/08/25  17:43:06.937	 ==> HaspHL_decrypt: Output Data = 

2008/08/25  17:43:06.937	

  A4 F4 6B 02 | 39 04 56 C6 | 48 00 64 A1 | 00 00 00 00 	[..k.9.V.H.d.....]

  7F B3 B6 AE | 4D 05 09 A1 | 8F 6C 5B 70 | 30 AD C2 61 	[...M....l[p0..a]

  26 D3 DB FC | E5 6F 48 4B | 84 CE E2 EE | 56 0B 74 58 	[&....oHK....V.tX]

Am I right if I say it's a 48 bytes long key ?
If so, the question has to be encoded in 1 line on the QTable and 1 line in ATable, like follow ?

Code:

 4B,BE,E8,6D,82,9D,42,CF,8D,7A,49,35,A4,5A,56,F0,7F,B3,B6,AE,4D,05,09,A1,8F,6C,5B,70,30,AD,C2,61,26,D3,DB,FC,E5,6F,48,4B,84,CE,E2,EE,56,0B,74,58,\

Secondly, it seems I got a 32 bytes long key then a 48 bytes one that is partially the same as the 32 bytes long, is it common from HL protected software to act like this ?
Here's an example to illustrate my word:

Code:

2008/08/25  17:43:07.000	 <== HaspHL_decrypt: Input Data = 

2008/08/25  17:43:07.000	

  6A 41 C3 DC | D2 2C F5 40 | 17 C2 BD 89 | C4 82 78 97 	[jA...,.@......x.]

  D2 40 99 BB | 8D E9 03 35 | 6F 75 32 79 | 55 A1 29 4D 	[.@.....5ou2yU.)M]



2008/08/25  17:43:07.062	 ==> HaspHL_decrypt: Output Data = 

2008/08/25  17:43:07.062	

  47 51 3F 7F | 2D 04 B3 C7 | 95 CD 36 EB | 7E 2B 0D 14 	[GQ?-.....6.~+..]

  D2 40 99 BB | 8D E9 03 35 | 6F 75 32 79 | 55 A1 29 4D 	[.@.....5ou2yU.)M]

2008/08/25  17:43:07.062	 ==> HaspHL_decrypt: Status = 0x00

==================================================================

2008/08/25  17:43:07.125	 <== Application: C2.EXE

2008/08/25  17:43:07.125	 <== HaspHL_decrypt: Pass1 = 0x795F (31071), Pass2 = 0x1F82 (8066)

2008/08/25  17:43:07.125	 <== HaspHL_decrypt: Length = 0x30

2008/08/25  17:43:07.125	 <== HaspHL_decrypt: Input Data = 

2008/08/25  17:43:07.125	

  6A 41 C3 DC | D2 2C F5 40 | 17 C2 BD 89 | C4 82 78 97 	[jA...,.@......x.]

  D2 40 99 BB | 8D E9 03 35 | 6F 75 32 79 | 55 A1 29 4D 	[.@.....5ou2yU.)M]

  1D 61 36 95 | E2 FA AC 11 | CC 37 91 13 | 46 6C F2 47 	[.a6......7..Fl.G]



2008/08/25  17:43:07.187	 ==> HaspHL_decrypt: Output Data = 

2008/08/25  17:43:07.187	

  38 50 79 F3 | 2A 0A 19 09 | 8B 55 FC C7 | 82 00 02 00 	[8Py.*....U......]

  D2 40 99 BB | 8D E9 03 35 | 6F 75 32 79 | 55 A1 29 4D 	[.@.....5ou2yU.)M]

  1D 61 36 95 | E2 FA AC 11 | CC 37 91 13 | 46 6C F2 47 	[.a6......7..Fl.G]

Next, I would like to know if the 5 tables with 256 key for each is an true information, if so, my software can request 1280 keys wich are 16 bytes long ?
And it can request a lot more if mixing them to make 32 or 48 bytes long keys, right ?

Next, I would like to know why Toro monitor (version 3.2) didn't work at all with this dongle, could it be detected by the software and by any way be desactivated ?

Last question, I use Hasploger to log QA pairs but I think it can't help to generate QA pairs table, so is there any way to make it with an other software or do I have to build it manually ?
If it's the case, I think I'll try to write a little app' which will parse an output log file and make the QA Table automatically.
Sataron said he will implement such a fonction in his hasploger, but I think it doesn't exist yet.
For information, I use Hasploger 1.71, I think it's the last version available.

Thank you for your help and please, excuse me for my poor english, I did my best to be understandable, thanks again.

[Git]

1) Q/R pairs can be 16, 32 or 48 bytes long between the driver and the dongle/emulator.

2) Yes, there often is repetition of 16 or 32 byte block in next 32 or 48 byte block. Record exactly what the monitor logs into the reg file. Do NOT try to reorder the data.

3) Not sure where your 5*256=1280 comes from. The Q data is input to the AES encryption algorithm and the R data is the Q data encrypted. It works on 16 byte blocks. So there are an almost infinite number of possible Q/R pairs. Well, OK, 2^128 -1 , not quite infinite but more than the number of Hydrogen atoms in the known Universe.

Git

[y8y8y8y]

2Sinaptik

The Hasp HL Envelop can contain up to 5 tables of Q/R. For envelop protection, you can extract the 16b Q/A tables for emulator.

Any developer that respect himself will implemented more Soft <-> Dongle communications and in this case like Git wrote the number can be ... well.