Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-17-2009, 02:38 PM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default My experience with HASP HL Time

I share my experience with you and it is the follow:

1. Software with protection:

http://rapidshare.com/files/294303955/navigator.rar

2. Tools for emulation:

-Dumpers:
a) H5dmp
b) HASP HL Dump by tyrus.

-Loger:
haSploGer 1.7 by Xyrurg + sataron

-Emulator:
Chingachguk & Denger2k + version 0.15.1.4
Multikey last version.

-Converters:
UniDumpToReg by sataron for convertion of dmp to reg
Bin2DTable by Git for covertion of bin pairs tables to emulator format.

3. Files generated:

http://rapidshare.com/files/294310991/DUMP_-_LOG_-_REGKEY-TABLES.rar


Reg key for Multikey V18.0.3 emulator: multikey REG KEY.zip

Steps that i follow:

1. Dump dongle key with h5dmp. Two files generated:
hasp.dmp and hhl_mem.dmp.(I dumped with HASP HL Dump by tyrus too)

2.To convert to reg file with UniDumpToReg tool, select vusbus HL option. I used hasp.dmp and hhl_mem.dmp files.

3.I introduce in registry the reg file and run Chingachguk & Denger2k + version 0.15.1.4 emulator.

4.Run program with protection.

5.I see a message 1003 Envelope hasp hl error

6.Then, I got 2 pairs tables of executable, table1.bin and table2.bin.I use ollydump plugin of ollydbg and hexworkshop.

7.I use tool Bin2DTable for to convert .bin to format Qtable and Atable for Chingachguk & Denger2k + version 0.15.1.4 emulator and Dtable for Multikey V18.0.3 emulator.

8.I copy pairs tables Qtable and Atable to reg file for emulation.

9.I introduce in registry the reg file again with tables.

10. Remove emulator

11. Intall again emulator

12. Run the program


Note: I have tested with multikey emulator v18.03 but when i run the emulator no dongle usb key detect in S.O. win xp. and after i canīt run it again and canīt remove too. It is normal if it not working file key.

Any suggestion. You can test my files. I for now i not find the problem.

If anyone want i can upload the tools in a file.

Thank you.

Last edited by besoeso : 11-26-2009 at 01:49 PM.
Reply With Quote
  #2  
Old 10-17-2009, 03:34 PM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

i have seen that LOGS and passwords befor
is this a duplicate user or both users have same software
????!!!
did 流星1978 have explain ????
Reply With Quote
  #3  
Old 10-17-2009, 05:11 PM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@foffa

Yes, it is the same software. I know this user. It is my friend.

Last edited by besoeso : 10-17-2009 at 05:14 PM.
Reply With Quote
  #4  
Old 10-17-2009, 06:19 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

besoeso - you say you use QTable and ATable, but V18.0.3 of MultiKey does not use that format, it uses the single line per pair DTable format :

Code:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\MultiKey\Dumps\12345678\DTable]
"10:9D355C8DAD356FE15F82CD3AC3073410"=hex:77,12,DB,1E,29,9B,64,BC,34,41,D7,6C,F1,7F,63,DE
Git
Reply With Quote
  #5  
Old 10-17-2009, 08:48 PM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

@besoeso
your tabels from .exe are correct
i think more tables should be extracted from .dll files
also extracting master pairs from Pioneer.exe could help
it is not in your files !!!!!! yur other friend post logs from that exe

who have explanation for this ???
experts !!!!!!

Last edited by foffa : 10-17-2009 at 09:32 PM.
Reply With Quote
  #6  
Old 10-18-2009, 06:44 AM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@Git
Hi Git,

You can download my reg key for Multikey V18.0.3 in this link:

http://www.reteam.org/board/attachme...9&d=1255864586

When run it. Multikey installed it but S.O. not hasp key detect. Then not work it. I have uploaded the reg key, if you want can check it.

Thanks for your response.

@foffa

Hi foffa,

Pionner is a software different because i will must to introduce this tables. Are diffente key dongles

Thanks for your response.

Last edited by besoeso : 10-18-2009 at 10:55 AM.
Reply With Quote
  #7  
Old 10-18-2009, 06:46 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

foffa - they are correct table but they are not correct for later multikey which uses the new format. Note that he says it works OK with C&D 0.15.1.4 which does use that format. Or maybe I have just jumped on a typo.

Git
Reply With Quote
  #8  
Old 10-18-2009, 06:59 AM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@ Git

I think that will could to be of Hasp Time limit. The software will can want write in dongle. Emulator not support it.

Corret me if it is strong.

But i not known because multikey v18.0.3 no start fine.

Last edited by besoeso : 10-18-2009 at 07:12 AM.
Reply With Quote
  #9  
Old 10-18-2009, 07:17 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

besoeso - appologies, your Q/A format is correct for multikey. Opening your reg file was like opening a picture and seeing it is an old friend

"Type"=dword:000000DA
this is correct for Hasp HL Time
"NetMemory"=hex:00,00,00,00,00,00,00,00,00,00,FD,F F
this is correct for all Time variants

It looks OK to me, but it is easy to miss a small typo. All it takes is one missing comma.

Ah, think I've got it :
"DongleType" = dword: 00000001
No spaces allowed. Should be :
"DongleType"=dword:00000001

Try that.

Git
Reply With Quote
  #10  
Old 10-18-2009, 10:52 AM
besoeso besoeso is offline
Senior Member
 
Join Date: Dec 2008
Posts: 118
Default

@Git

Ok Git, i now did run multikey emulator 18.0.3 fine but i have the same results that the emulator Chingachguk & Denger2k + version 0.15.1.4.

The results are:

When i start the software with protection nothing happen. No error messages popup and windows program not appear.

I have checked dll for hasp hl protection but there arenīt more.

It is a mysterius.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.