EXETOOLS FORUM

EXETOOLS FORUM (http://forum.exetools.com/index.php)
-   General Discussion (http://forum.exetools.com/forumdisplay.php?f=2)
-   -   how 2 update a hasp???? (http://forum.exetools.com/showthread.php?t=7486)

The Day Walker! 05-04-2005 02:12

how 2 update a hasp????
 
hey pals....

needed some help.....

i got a software, that uses a hasp.

i dumped the hasp successfully,,,,

but just needed 2 know, how 2 update a hasp. i mean edit inside the hasp.

if i have a hasp dump, and i want 2 update that dump, 2 another hasp....

is there any way 2 do so???

thanx

TDW {RES}

baatazu 05-04-2005 06:06

I think there is a small confusion here. There are 2 things inside the hasp. Simplemindedly, the factory programmed things (encoding algorithms/commands etc) and the custom data (those that developer programmed inside the embedded memory).

What you have dumped? The factory programmed stuff or the memory data? If you have dumped the factory programmed stuff as far as i know you cant rewrite them in another hasp and have an exact copy of the original hasp. That dump information can only be used to create an emulator, a software that will stay in the memory and behave like the original hasp, like reply to commands, encode/decode data etc.

On the other hand, if you need to write the memory data, you need the access codes that supplied from the hasp manufacturer to the developer (2 or 4 passwords).

Anyway, duplicating hasp is not an easy story and there are only some crackers that are able to easily create hasp copies (using an emulator of course).

sope2001 05-04-2005 23:11

Hello The Day Walker
Quote:

but just needed 2 know, how 2 update a hasp. i mean edit inside the hasp.
To edit inside hasp memory use haspedit u need to know pass of that hasp4
Quote:

if i have a hasp dump, and i want 2 update that dump, 2 another hasp
Let me ask you a question why do u need to do that ?

Regards, Sope.

The Day Walker! 05-05-2005 03:08

@ sope2001

pal....

i have purchased a soft for rs, 10000, it came with a hasp.

i dumped the hasp using hasp emulator pro. and also got the password of the

hasp.

now i want 2 create a duplicate of the hasp. 2 run it on another pc.

if i can make a duplicate hasp, then i dont need any emulator or anything

so needed 2 know...

wot all is required 2 duplicate a present working hasp...

and where 2 get it..

thanx

TDW {RES}

baatazu 05-05-2005 03:41

You *CANT* duplicate a hasp in hardware mode. Besides the memory that is inside the hasp (that can be easily written using the haspedit.exe and the 2 passwords) there is a chip that provides the encrypt/decrypt services, and this one uses a unique per hasp algorithm. Nothing can write to the hasp chip (EPROM) except for an EPROM programmer. But this is a hardware, not a software you can download. At last, I know only one man that can make hardware hasp duplicates. He's Martin Mckeen.

If that software worths that much, you can spend some money (about $100) providing the dumped data to a dongle cracking service and have a custom hasp software emulator for you.

s0cpy 05-05-2005 14:35

Look at this......
The HASP4 M4/M1 programmer :
hxxp://_www.gsmunlock.com/equipment/HaspEdit102.gif

Features :

- HASP4 M4/M1 PSW1/2 programming
- HASP ID programming
- Encryption Key programming
- Save/Load Profile
- Logging of programmed HASP4

baatazu 05-06-2005 02:58

s0cpy, very nice screenshot but I cant see any overview of this product. Do we know if requires a hardware for the writting? Why the gsmunlock.com doesnt include this software in the main equipment page?

The Day Walker! 05-06-2005 04:08

i can purchase,,, new hasps from company that sells new hasps,,then i can

update the dump by using hasp edit...

can i do this????

thanx

TDW {RES}

kingday 05-07-2005 14:48

the hasp password and ID is easily got . and the memory data in hasp dongle is easily got by the password and haspedit.exe too. after update the password(in the memory data file --*.hed), we may write the data to a new hasp dongle. but cuz software is bound with the old hasp password, it can't be run with new hasp dongle. so, we must update the hasp password to be new in the software. it seems to be difficult:(

neogen 05-10-2005 00:00

Quote:

Originally Posted by s0cpy
Look at this......
The HASP4 M4/M1 programmer :
hxxp://_www.gsmunlock.com/equipment/HaspEdit102.gif

Features :

- HASP4 M4/M1 PSW1/2 programming
- HASP ID programming
- Encryption Key programming
- Save/Load Profile
- Logging of programmed HASP4

Where can we get this tool?

Cheers, neogen

JMI 05-10-2005 00:52

Did it, by any chance, occur to you that YOU could actually try SEARCHING for a Hasp Editor?

For example using various combinations of "HASP4 M4/M1 programmer;" such as HASP4 M4/M1" and/or "HASP4 programmer" (without the quotes, of course). Have you tried something desparate, like maybe looking at all the things you can download from the aladdin site itself??? Well Duh!

They not only have a whole lot of tools for working with Hasps, which is not surprising since they make them, they offer FREE a whole lot of useful things, including a tool called, gasp, HaspEdit. Now it may or may not be the one shown in the picture, by Grafas, but it might be useful.

I say AGAIN, searching is one of THE MOST IMPORTANT SKILLS a wannabe reverser can attempt to master. Even if you can't find this specific tool, you CAN find tools to edit Hasps, and from the makers themselves. ;)

Regards,

iamritu 05-10-2005 01:29

try this
 
http://bilosan.free.fr/Nouveau%20dossier/haspedit/

JMI 05-10-2005 02:14

Why not let him do his own searching. That link is easily locatable with the search criteria I already gave him.

Try not to encourage basic lack of effort.

Regards,

baatazu 05-10-2005 06:02

The utility to Edit the hasp (HaspEdit.exe) is freely distributed by Aladdin. That utility allows ONLY to change the memory content of the hasp. Not the password. Not the hardcoded security functions and algorithms. So you are unable to duplicate a hasp with that utility. s0cpy mentioned a utility that is able to program the hasp (like the factory) but as I can see when we asked him for more information he kept a great silence.

The Day Walker! 05-15-2005 20:46

@kingday

it means everytime a new hasp is provided by a software company, it has 2 modify the soft with the new hasp password......

is that the case????

The Day Walker! 05-17-2005 04:09

checked out for haspedit studio v1.02 everywhere....

but couldnt find it.....

hey s0cpy,, may b u can share it with us... here...

thanx

TDW {RES}

s0cpy 05-17-2005 13:57

If I had this program, the link to its uploading would be here...
But for me, as well as for all of you is only intriguing a screenshot.

baatazu 05-18-2005 06:11

No, the hasp passwords are already embedded when the software company gets the hasp. They dont need to change. Every hasp family has 4 unique IDs:

1. Family Code : 5digit alpha - like "MATER"
2. Developer ID: 6digits - like 204-42c
3. Password A - like 28124
4. Password B - like 80121

While you have you a family of 100 hasps with the same details (ID) there is also a unique ID for each hasp:

1. Hasp Unique ID - like 8f0af981

The developer uses those 2 passwords to open the hasp memory using the HaspEdit tool and he can put additional information inside such as the customer serial number.

The protected software, requires those 2 passwords to open and validate the key and therefore read the information. But they can also use the unique ID to ban a hasp from running the software. If HaspID == 8f0af981 then UnLicensed();

There are tools that are allow you to find those 2 passwords but the best you can do is to read and write the memory of the hasp, the data that software developer entered.

If you get another hasp from aladdin, you will have a different family ID and Developer ID - and of course 2 new passwords. You cant change those 2 passwords to match the old hasp (the one that you want to duplicate). I also imagine the encrypt/decrypt routines working like that:

(inside hasp)
Encrypt(Family_ID + Developer_ID + Password1 + Password2 + Embedded_Hidden_Key, "hello world");

So what we have here? The communication between software and hasp is encrypted with keys that are based to the original hasp. Even if you manage to know the 2 password there are more things counted here.

So you cant enforce the hasp to change those sensitive details (family id, developer id, passwords). That means is not exactly a single copy/paste. The tool sc0py mentioned is not available on public, at least i was unable to find it. I think duplicating the hardcoded memory of a hasp is not as simple as running a tool in your pc. I know the company that sells the Hasp4 in my country and they have a special hardware (a big one) for that job that programs the hasps based on passwords etc. The software that works with that hardware is connected to the internet and takes data directly from ealladin (mam company). Means even the employee/local distributor cant write hasps for his personal purposes.

Think it twice, I cant imagine a security colossus like eAladdin having a security tool that can be easily duplicated using a single software/tool. My advice is to think for a hasp emulator that will make your job because all data software needed are readed from memory - and as you already know memory is writeable while hasp isnt ;)

The Day Walker! 05-19-2005 12:10

i found that the company from where i m getting my hasps, for the soft 2 run,

all the hasps have the same passwords,,,,, but on alladin site its written, that

all the hasps have different passswords, and no 2 hasps have same password....

so there might b a way 2 update that password ( i think)

thanx

TDW {RES}

Dmit 05-19-2005 14:52

Quote:

Originally Posted by The Day Walker!
all the hasps have the same passwords,,,,, but on alladin site its written, that

all the hasps have different passswords, and no 2 hasps have same password....

No 2 keys from different developers should have identical passwords. But in most cases _all_ keys from single developer uses identical passwords.

baatazu 05-19-2005 15:53

It doesnt work like that. Imagine the following scenario. Im Software Company and I have Product1, Product2, Product3. The right approach is to have different Hasp family for every product. That means different Developer ID for each family. Unfortunatelly thats a little bit risky for developers because they need to have stock for every ID, example 20 hasps for Product1, 20 hasps for Product2 and 10 hashs for Product3. What will happen if they ran out of hasps for Product2? They need to order new hasps because the other 2 families are incompatible. And the ordering takes about 2 weeks - to 1 month. Maybe more. Thats why some developers they get one developer ID/family hasp and they alter the memory data to allow differents products to be executed. If you open the HaspEdit software (the one from alladin) you can see it has a "FAS" button. That button allows you to control what module/applications can run with that hasp. So what developer is doing, he's puting number "1" for Product1, number "2" product2 and number "3" for product3. So his application is checking for that number that is inside the hasp. Of course if you own the passwords you can use the Hasp memory easily and change that option and run all programs from the same company. If you want HaspEdit utility, i can upload here.

CrackZ 05-20-2005 06:28

Many years back Aladdin used to sell to selected developers 'crypto programmer cards' for direct hardware programming of Hardlocks and HASP's.

As many posters here have noted, there is only a minute chance that Aladdin would now supply even a legitamate user of their dongles such an ability or a public software interface capable of editing these hidden parameters.

Evidently the screenshot depicts an interface capable of writing these hidden parameters to a HASP 4, implying they are editable (I just can't imagine what the Aladdin guys were thinking to be honest), so one needs to examine and document the HASP hardware access protocol if one is to have any hope of duplicating a HASP sucessfully. Any capable volunteers step forward ;-).

Regards

CrackZ.


All times are GMT +8. The time now is 09:31.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX