Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 01-15-2008, 05:53 AM
mum_96 mum_96 is offline
Member
 
Join Date: Dec 2007
Posts: 20
Default

Quote:
Originally Posted by foffa View Post
I Have Seen Full solutions

HERE IS TABLE BASED EMULATOR WITH THE SAMPLE REG FILE
suitable with what fejkus said
Toro, foffa attached the one vusbbus emulator for hasphl, and tyrus says this things (HASP HL have 2 AES funcz - AES Encode & AES Decode [0x013F/0x0140] but its emulator supports only one function), what comments about it?
Reply With Quote
  #12  
Old 01-15-2008, 02:54 PM
fejkus fejkus is offline
Member
 
Join Date: Dec 2007
Posts: 46
Default

Quote:
Originally Posted by TORO View Post
you must extract pair tables from .protect section of envelope, envelope use these tables to make randome query check.
there are 5 tables at max, each contain 256 pair, then add those pairs with pairs from log file and then construct hasp hl emulator, it will work
can you tell us, what method can we use to extract pair tables from .protect section?

and any example?

Thank you TORO.
Reply With Quote
  #13  
Old 01-15-2008, 03:13 PM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

Quote:
Originally Posted by mum_96 View Post
Toro, foffa attached the one vusbbus emulator for hasphl, and tyrus says this things (HASP HL have 2 AES funcz - AES Encode & AES Decode [0x013F/0x0140] but its emulator supports only one function), what comments about it?
there is tiny small trick in the emulator which enables the mixing of reg files
Reply With Quote
  #14  
Old 01-15-2008, 06:34 PM
justine justine is offline
Senior Member
 
Join Date: Dec 2007
Location: Serbia,Belgrade
Posts: 82
Send a message via ICQ to justine Send a message via MSN to justine Send a message via Yahoo to justine Send a message via Skype™ to justine
Default

@foffa

so does this mean that we can use the pairs from toro's monitor directly in QTable/ATable
for example
first pair from toro's monitor = aaaaaaaaaa,bbbbbbbbbb
second = ccccccccc,ddddddddd

QTable:\
bb,bb,bb,bb,bb,bb,bb,\
dd,dd,dd,dd,dd,dd,dd,

ATable:\
aa,aa,aa,aa,aa,aa,aa,\
cc,cc,cc,cc,cc,cc,cc,

i mean is this enought
or we need to extract from protect section also

regards
Reply With Quote
  #15  
Old 01-15-2008, 06:46 PM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

Quote:
Originally Posted by TORO View Post
you must extract pair tables from .protect section of envelope, envelope use these tables to make randome query check.
toro was clear in that
you need that when envelope use random check

right toro ??
Reply With Quote
  #16  
Old 01-16-2008, 03:49 AM
souze_villy souze_villy is offline
Senior Member
 
Join Date: Oct 2007
Posts: 220
Send a message via MSN to souze_villy Send a message via Yahoo to souze_villy
Default HaspHL

I think tyrus mean this is missing on reg files?
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\NEWHAS P\Services\Emulator\HASP\Dump\57FD245C]
"Name"=""
"Copyright"=""
"Created"=""
"Type"=dword:00000000
"Memory"=dword:00000000
"SN"=dword:00000000
"Data"=hex:AA,BB,CC....
"Option"=hex:AA,BB,CC....
"SecTable"=hex:AA,BB,CC....
"QTable"=hex:AA,BB,CC....
"ATable"=hex:AA,BB,CC....
"NetMemory"=hex:AA,BB,CC....
"ColumnMask"=dword:00000000
"CryptInitVect"=dword:00000000
"TimeShift"=hex:00,00,00,00,00,00,00,00
"HaspTimeMemory"=hex:00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 ,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF
Reply With Quote
  #17  
Old 01-16-2008, 04:04 AM
ngoksun ngoksun is offline
Senior Member
 
Join Date: Jan 2007
Posts: 90
Send a message via MSN to ngoksun Send a message via Yahoo to ngoksun
Default

Quote:
Originally Posted by souze_villy View Post
I think tyrus mean this is missing on reg files?
Tyrus was real HASPHL expert, don't doubt whether he clear know what's the simply usage. He just mean the publiced emulator only support one of AES Encode/Decode [0x013F/0x0140] function so it's only work with part of HASPHL protected software.

Last edited by ngoksun : 01-16-2008 at 04:08 AM.
Reply With Quote
  #18  
Old 01-16-2008, 05:01 AM
souze_villy souze_villy is offline
Senior Member
 
Join Date: Oct 2007
Posts: 220
Send a message via MSN to souze_villy Send a message via Yahoo to souze_villy
Default

Quote:
Originally Posted by ngoksun View Post
Tyrus was real HASPHL expert, don't doubt whether he clear know what's the simply usage. He just mean the publiced emulator only support one of AES Encode/Decode [0x013F/0x0140] function so it's only work with part of HASPHL protected software.
humm!
its mean our discussion about the hasphl for (Chingachkug) emulator is tottally wronge, Its mean chingachkug emulator is tottaly fake.
Reply With Quote
  #19  
Old 01-16-2008, 06:17 AM
ngoksun ngoksun is offline
Senior Member
 
Join Date: Jan 2007
Posts: 90
Send a message via MSN to ngoksun Send a message via Yahoo to ngoksun
Default

Quote:
Originally Posted by souze_villy View Post
humm!
its mean our discussion about the hasphl for (Chingachkug) emulator is tottally wronge, Its mean chingachkug emulator is tottaly fake.
No. Chingachkug HASP open source emulator is totally perfect solution for almost all dongles. But the publiced HASPHL emulator just can solve less than 50% of your requirement. It's not mean it's wrong, just mean it's not full.
Reply With Quote
  #20  
Old 01-16-2008, 06:23 AM
souze_villy souze_villy is offline
Senior Member
 
Join Date: Oct 2007
Posts: 220
Send a message via MSN to souze_villy Send a message via Yahoo to souze_villy
Default HaspHL How to Make Perfect?

Quote:
Originally Posted by ngoksun View Post
No. Chingachkug HASP open source emulator is totally perfect solution for almost all dongles. But the publiced HASPHL emulator just can solve less than 50% of your requirement. It's not mean it's wrong, just mean it's not full.
Ok, Tyrus can you tell us details about the hasphl dongle (AES) Functions?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.