Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #431  
Old 05-18-2011, 05:25 PM
narciszu narciszu is offline
Senior Member
 
Join Date: Apr 2008
Location: r0m4n14
Posts: 77
Default

RAPIDSHARE
Reply With Quote
  #432  
Old 05-18-2011, 05:46 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Grazie tanto!

Git
Reply With Quote
  #433  
Old 05-18-2011, 07:42 PM
hp3 hp3 is offline
Senior Member
 
Join Date: Jun 2010
Posts: 96
Send a message via ICQ to hp3 Send a message via MSN to hp3 Send a message via Yahoo to hp3 Send a message via Skype™ to hp3
Default direct link

http://hp3hp3.dl.rapidbaz.com/-RNZ/E...ractor_0.1.rar
Reply With Quote
  #434  
Old 05-19-2011, 02:01 AM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

has someone tested this tool?
is this really possible to extract Table from SRM Envelope?

SRM Envelope uses enc./dec. pair to decrypt the encrypted sections, and the response from the the queries are not considered in .protectx section or else.
If you supply the wrong response for Enc./Dec. Pairs it would decrypt the sections in different ways and bring about a bad codes IMHO ....
@lostdongle : which SRM Envelope version this tool is created for ? not working on my targets (extract table only in one target protected with domoma dongle, but I wonder if it should be the right table for SRM) !

This tool extract tables useful for Hasp-HL envelope only. the extracted table is 4096 byte just after the required gap after GetTickCount phrase as should be in Hasp-HL.

@lostdongle : Thanks anyway for this great tool, saveing much time when dealing with Hasp-HL

Last edited by robin1044 : 05-19-2011 at 02:15 AM.
Reply With Quote
  #435  
Old 05-19-2011, 08:25 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Yes, you can extract *additional* tables from the envelope but I have not had success with this tool yet. It would be useful if it could browse processes or have some means of not needing to fire up another tool to find PID and then enter it in this tool.

Anyway, SRM *is* HL

Git
Reply With Quote
  #436  
Old 05-19-2011, 10:33 AM
Tyrus Tyrus is offline
Senior Member
 
Join Date: Dec 2007
Posts: 60
Default

robin1044
This utility does not collect Q/A tables that are needed to decrypt sections. These requests can only be obtained only from the log.
This util is just looking for a tables in a process of the protected file with HASP Envelope (Win32 format) using the label "GetTickCount".

Envelopes HL and SRM are almost identical and the search for Q/A tables is the same.
Reply With Quote
  #437  
Old 05-19-2011, 11:28 AM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 320
Default

Count of Q/A tables depends from envelope settings (1-5).
The next table will be in plaintext only after previous one will be checked.
Finally, for get all N tables need use the tool N times.
__________________
nodongle.biz
Reply With Quote
  #438  
Old 05-20-2011, 02:21 AM
lostdongle lostdongle is offline
Member
 
Join Date: Apr 2011
Posts: 16
Send a message via MSN to lostdongle Send a message via Skype™ to lostdongle
Default

robin1044
Quote:
not working on my targets (extract table only in one target protected with domoma dongle, but I wonder if it should be the right table for SRM)
maybe incorrect memory range for tables search
look at OllyDbg - where your module is loaded
__________________
www.lostdongle.com
Reply With Quote
  #439  
Old 05-20-2011, 03:11 AM
008348 008348 is offline
Senior Member
 
Join Date: Jun 2010
Posts: 50
Default

I have a application protcted with hasp srm, I've unpacked the hasp srm envelop. Then I want to patch the hasp srm APIs, and let it run without dongle.
I've ready patched two IPAs:
hasp_login: let the eax return 0;
hasp_read(): emulate it just as emulating superpro read function, and put dongle cells into it;

But the application can't run.
My question is: Are there other APIs need to be patched? Which? How?
Thank you for your answer!
Reply With Quote
  #440  
Old 05-20-2011, 03:16 AM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 320
Default

@008348

Run the protected software under original dongle and see in logs what functions was called.
__________________
nodongle.biz
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.