Thread: Cracking HASP HL / SafeNet SHK
View Single Post
  #6  
Old 05-02-2009, 03:11
CyberGhost
 
Posts: n/a
Jackula,
your question is somehow obsolete since both keys (HASP & SHK) are owned by the same company - Safenet. Soon there will be a single key with common drivers & SDK. Your research is meaningless unless you are working for safenet and now you are deciding which solution should be phased out I would throw away both solutions Or I would have looked for a firmware modification of the keys that makes them execute a hidden user defined code (I mean the part of the user software itself) in the dongles themselves.

On my opinion HASP SRM is better (HL is firmware updated to SRM as you probably know so it would be wiser to compare HASP SRM to SHK) because:

1. HASP is more mature key and has been available (to hackers also) for almost 6 years. It's motorola/freescale MCU is more mature compared to that of the SHK. This MCU has no separate code protection fuses and its code protection flags are incorporated as an ordinary bits in the user flash memory, so erasing them optically would eventually ease the whole flash memory of the chip. HASP's AES encryption is a true 128-bit version of the standard.

2. SHK was released 2 years ago or so. Despite custom ordered PCB from microchip with MCU and eeprom packaged directly on the PCB there are some evidence that reverse engineers have found a comfortable pads on the pcb which are connected to the programming pins of the SHK's MCU PIC 18F2455 (RB6,RB7,-MCLR, VDD,VSS). It's fuses are separated aside from the main flash memory and are clearly visible on the die and also can be reset separately regardless the fact they are covered by a protective layer. The firmware should have been extracted just 1 year after releasing the key and generally you could ask IC specialists that it is suicidal to use microchip PICs for a security device. There are rumors that AES implementation of SHK does not conform to the standards and uses weak shorter keys and algorithms that in theory are extractable...During the years of sentinel's existence the approach of rainbow/safenet companies was and is more "security through obscurity" than that of aladdin. For instance AFAIK there is no demo kit for SHK unlike for HASP SRM/HL...

To be exact all available software emulators(for HL(SRM) and SHK) are partial and use look-up tables to provide responses corresponding to the encryption algorithms. These emulators can easily be defeated in the consecutive versions of the protected software. Presently there are no third-party "dumpers" for both HASP HL/SRM & SHK that could retrieve the encryption keys from the dongles. All dumpers sniff communication between the dongles and the application to fill their tables with challenge-response pairs...
Last edited by CyberGhost; 05-02-2009 at 03:16.
Reply With Quote
The Following User Gave Reputation+1 to For This Useful Post:
arnix (05-02-2009)