Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 04-14-2010, 09:57 AM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 18
Question MultiKey Hasp4 Request

Dear all,

I'm newbie to your (our if I'm accepted to be one of you) respectful forum and I've been reading for a week or two now and I've succeeded to dump and emulate a HARDLOCK dongle using Multikey.

Now, I want to emulate another key but this one is HASP4 M1 and the problem lies in the monitoring stage, when I try to monitor it using Toro Aladdin Dongles Monitor the program give error that the connected dongle is not a proper one and toro monitor shows nothing.
And using haSploGer can not see the dongle at all also but the program works OK.

I've read in the forum that this because the program may have anti-debug protection or something similar.

Anyway, Now I have dumped the dongle using h5dmp.exe but I can not get the EStruct DStruct for multikey.

I have the reg file that I'm using with vusbbus which is working fine 100% and need to convert this part to be compatible with multikey (ESTRUCT DSTRUCT).

Any help is appreciated

Code:
"EDStruct"=hex:\
31,00,32,00,2e,00,50,00,4e,00,46,00,69,00,6e,00,\
70,26,00,00,00,00,05,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,a1,10,45,a3,19,c0,c5,01,\
00,42,8d,76,bf,43,c4,01,6d,40,96,ad,d8,c1,c5,01,\
35,5f,53,a3,19,c0,c5,01,00,90,00,00,00,00,00,00,\
1a,82,00,00,00,00,00,00,20,00,00,00,00,00,00,00,\
08,03,6f,00,65,00,6d,00,32,00,2e,00,69,00,6e,00,\
66,00,2e,00,69,00,6e,00,74,26,00,00,00,00,05,00,\
68,00,52,00,00,00,00,00,2d,00,00,00,00,00,01,00,\
a3,c1,55,a3,19,c0,c5,01,db,e6,f7,a3,19,c0,c5,01,\
53,06,9b,ad,d8,c1,c5,01,db,e6,f7,a3,19,c0,c5,01,\
00,b0,00,00,00,00,00,00,c2,a6,00,00,00,00,00,00,\
20,00,00,00,00,00,00,00,08,03,6f,00,65,00,6d,00,\
32,00,2e,00,50,00,4e,00,46,00,2e,00,69,00,6e,00,\
c5,26,00,00,00,00,01,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,63,83,17,d8,19,c0,c5,01
and the advantage of using multikey is the x64.
Reply With Quote
  #2  
Old 04-14-2010, 10:44 AM
gnerogeem gnerogeem is offline
Senior Member
 
Join Date: Aug 2009
Location: Kalimdor
Posts: 553
Default

@mhafez

Dump with h5dmp
Post your dump here.
__________________
Pink is the new black.
Reply With Quote
  #3  
Old 04-14-2010, 11:34 AM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 18
Default

gnerogeem thanks for quick reply

here's the link to the dump with h5dmp

http://rapidshare.com/files/375820913/hasp4.rar.html
Reply With Quote
  #4  
Old 04-14-2010, 05:22 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

mhafez - if you are a new user and post a URL or attachment your post does not get shown immediately, but passed to moderators/admin for approval. Just please be patient. What you did, ie posting the same message 5 times, is not likely to make moderators say "oh look, this is a smart new member we have here, lets approve his posts really quickly". When having to needlessly delete 5 messages I am much more prone to accidentally slip and delete the 6th one too. Capiche?

Git
Reply With Quote
  #5  
Old 04-15-2010, 01:50 AM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 18
Default

@Git
Sorry, I didn't know that rule and i thought somthing has gone wrong, and I'd appritiate any help from you if you have time.

@gnerogeem
I've allready done the reg file as shown in the example file coming with multikey with no luck, thanx for your advice.
Reply With Quote
  #6  
Old 04-15-2010, 05:03 AM
gnerogeem gnerogeem is offline
Senior Member
 
Join Date: Aug 2009
Location: Kalimdor
Posts: 553
Default

Paste your dump here, using CODE.
Maybe someone will help you.
Good luck.
__________________
Pink is the new black.
Reply With Quote
  #7  
Old 04-15-2010, 05:09 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

haven't it created hhl_mem.dmp file?
Reply With Quote
  #8  
Old 04-15-2010, 09:32 AM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 18
Default

@gnerogeem
Can not paste the dump from h5api as it is not plan text. and can not dump or monitor it using toro monitor or hasploger as mentioned in my first post.

@yogi_saw
No it didn't create that file. and your toro simulator is x86 only which i already have but with vusbbus.
and here is the reg file that i'm using with vusbbus

Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\NEWHASP\Services\Emulator\HASP\Dump\4D896524]
"Name"="Vectorgrafix"
"Copyright"="Copyright (C) 2008"
"Created"="23/05/2008 18:25:25"
"SN"=dword:56e33a83
"Type"=dword:00000001
"Memory"=dword:00000001
"SecTable"=hex:94,85,b4,a5,d8,c9,f8,e9
"NetMemory"=hex:ff,ff,ff,ff,ff,ff,00,00,ff,ff,ff,ff
"Option"=hex:01,01,00,4a,1f,00,09,03,6f,00,65,00,6d
"Data"=hex:\
0f,56,65,63,74,6f,72,67,72,61,66,69,78,20,20,20,\
0f,53,58,54,2c,47,50,57,2c,50,52,46,2c,20,20,20,\
0f,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"EDStruct"=hex:\
31,00,32,00,2e,00,50,00,4e,00,46,00,69,00,6e,00,\
70,26,00,00,00,00,05,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,a1,10,45,a3,19,c0,c5,01,\
00,42,8d,76,bf,43,c4,01,6d,40,96,ad,d8,c1,c5,01,\
35,5f,53,a3,19,c0,c5,01,00,90,00,00,00,00,00,00,\
1a,82,00,00,00,00,00,00,20,00,00,00,00,00,00,00,\
08,03,6f,00,65,00,6d,00,32,00,2e,00,69,00,6e,00,\
66,00,2e,00,69,00,6e,00,74,26,00,00,00,00,05,00,\
68,00,52,00,00,00,00,00,2d,00,00,00,00,00,01,00,\
a3,c1,55,a3,19,c0,c5,01,db,e6,f7,a3,19,c0,c5,01,\
53,06,9b,ad,d8,c1,c5,01,db,e6,f7,a3,19,c0,c5,01,\
00,b0,00,00,00,00,00,00,c2,a6,00,00,00,00,00,00,\
20,00,00,00,00,00,00,00,08,03,6f,00,65,00,6d,00,\
32,00,2e,00,50,00,4e,00,46,00,2e,00,69,00,6e,00,\
c5,26,00,00,00,00,01,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,63,83,17,d8,19,c0,c5,01
"ColumnMask"=dword:000000BB
"CryptInitVect"=dword:00000033

Last edited by mhafez : 04-15-2010 at 09:47 AM.
Reply With Quote
  #9  
Old 04-15-2010, 09:41 AM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 18
Default

this is the reg file that is used with vusbbus and needed to be converted to work with multikey
Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\NEWHASP\Services\Emulator\HASP\Dump\4D896524]
"Name"="Vectorgrafix"
"Copyright"="Copyright (C) 2008"
"Created"="25/05/2008 16:50:58"
"SN"=dword:56e33a83
"Type"=dword:00000001
"Memory"=dword:00000001
"SecTable"=hex:94,85,b4,a5,d8,c9,f8,e9
"NetMemory"=hex:ff,ff,ff,ff,ff,ff,00,00,ff,ff,ff,ff
"Option"=hex:01,01,00,4a,1f,00,09,03,6f,00,65,00,6d
"Data"=hex:\
0f,56,65,63,74,6f,72,67,72,61,66,69,78,20,20,20,\
0f,53,58,54,2c,47,50,57,2c,50,52,46,2c,20,20,20,\
0f,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"EDStruct"=hex:\
31,00,32,00,2e,00,50,00,4e,00,46,00,69,00,6e,00,\
70,26,00,00,00,00,05,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,a1,10,45,a3,19,c0,c5,01,\
00,42,8d,76,bf,43,c4,01,6d,40,96,ad,d8,c1,c5,01,\
35,5f,53,a3,19,c0,c5,01,00,90,00,00,00,00,00,00,\
1a,82,00,00,00,00,00,00,20,00,00,00,00,00,00,00,\
08,03,6f,00,65,00,6d,00,32,00,2e,00,69,00,6e,00,\
66,00,2e,00,69,00,6e,00,74,26,00,00,00,00,05,00,\
68,00,52,00,00,00,00,00,2d,00,00,00,00,00,01,00,\
a3,c1,55,a3,19,c0,c5,01,db,e6,f7,a3,19,c0,c5,01,\
53,06,9b,ad,d8,c1,c5,01,db,e6,f7,a3,19,c0,c5,01,\
00,b0,00,00,00,00,00,00,c2,a6,00,00,00,00,00,00,\
20,00,00,00,00,00,00,00,08,03,6f,00,65,00,6d,00,\
32,00,2e,00,50,00,4e,00,46,00,2e,00,69,00,6e,00,\
c5,26,00,00,00,00,01,00,68,00,52,00,00,00,00,00,\
2d,00,00,00,00,00,01,00,63,83,17,d8,19,c0,c5,01
"ColumnMask"=dword:000000BB
"CryptInitVect"=dword:00000033
Reply With Quote
  #10  
Old 04-15-2010, 09:47 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,265
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\NEWHAS P\Services\Emulator\HASP\Dump\4D896524]
"Name"=""
"Copyright"="Copyright (C) 2010 BfoX"
"Created"="15/04/2010 19:45:43"
"SN"=dword:56E33A83
"Type"=dword:0000000A
"Memory"=dword:00000001
"SecTable"=hex:94,85,B4,A5,D8,C9,F8,E9
"NetMemory"=hex:FF,FF,FF,FF,FF,FF,00,00,FF,FF,FF,F F
"Option"=hex:00,01,02,4A,1F,01,0F,03,0A,01,0D,2D,3 9,00
"Data"=hex:\
0F,56,65,63,74,6F,72,67,72,61,66,69,78,20,20,20,\
0F,53,58,54,2C,47,50,57,2C,50,52,46,2C,20,20,20,\
0F,20,20,20,20,20,20,20,20,20,20,20,20,20,20,20,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF
"EDStruct"=hex:\
20,02,BF,69,72,96,01,4E,5E,6C,7C,06,16,24,34,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ColumnMask"=dword:000000BB
"CryptInitVect"=dword:00000033
__________________
... Either you work well or you work much ....
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.