HARDLOCK emulator
hi all
i decide to write a hardlock emulator. previously i was write a sentinel filter driver that work properly (see rce messageboard, i posted my progress with name nikan). after some study on data transfer between hardlock protected program and driver i found that all of data transfer is performed via deviceiocontrol. there are 2 level of encryption on hl_api packet. i gess first level enc is function specefic. second level is done. have anyone any idea about first level encryption algo? toro. |
Quote:
Good luck. |
hi nikita@work
i tested many programs that protected with hardlock. i can devide those programs in 2 category. in category 1 there is no encryption on hl_api packet (possiblly drivers before 2.85) and in category 2 (drivers after 2.85) i have found one kind of encryption but in 2 level. the level 2 of encryption is very easy to emulate. it use a seed that stored in offset (hl_api+0xBC). but in level 1 the packet is partially encrypted. are you see this thing too? however are you have any info on hl_api structure, i was studied it but not completly. toro. |
Quote:
Quote:
Quote:
|
hi nikita@work
can you explain p-code? i see all encryption routin in native. i saw that level 2 is performed on some portion of begining of hl_api. (first 64 byte) is it true? however i need some info about sequence of data transfer between driver and program when program call hl_code function. i see that when program call this function some call to deviceiocontrol with different buffersize is happen. and another question: some call to deviceiocontrol with buffersize=4 and 6 is happen why? toro. |
Quote:
Quote:
Try to see how packet forms while HL_INIT/HL_READ/HL_CODE. It's enough. |
hi nikita@work
during last day i was working on level 1 of encryption. till now i have written 25 function to decode 25 field of hl_struct, some of fields are remained. however i work with hl_api version 383, is it old? i download it from aladdin ftp. are you have any info about structure of hl_struct? i found usage of some of field in hl_struct, such as major and minor api version, refkey and verkey, memory address and memory content , program processid , status code and modad . but i don't found usage of other fields. can you help me? the seed is a word that start at hl_struct+0xbc. toro. |
Quote:
0 - no crypt 1 - first version 2 - second version Quote:
|
hi nikita@work
very tanks for hl_packet structure. the version stored in 0xba is 1 so after work on this version i must work on next version. this project is very harder than superpro!!!. i will try to download new hl_api from aladdin ftp. tanks toro. |
Nikita, can you send hl_struct structure to me too?
Thanks in advance! |
hi nikita@work
very tanks for your helpfull info. i have seen your id in brain studio emulator so you must be an expert in hardlock and hasp (posibly sentinel, tanks for your first reply to me about sentinel). i see ealaddin site. there is a hl_api installation file that can be download. its time is 11/2002 . i download it last mount. there is no new version. after installing it, i foun a hl_demo project. so i compiled it with msvc and worked with it. in hl_struct+0xba i see 1. also i test some program that envelpoed with hardlock and see version 1. in which program you see version 2 and p-code? tanks toro |
Quote:
(from hinstall.exe v4.95) |
hi nikita@work
my level 1 & level 2 enc/dec routin compeleted. in level 1 there are 37 fields that encoded and decoded but your hl_struct has 26 member. this means that other members is not used? you say the hardlock.sys that installed with hinstall version 4.95 has a different enc\dec algo in p-code, are you see any hardlock protected program that making use of this hardlock.sys? toro. |
Quote:
But it seems some of them used in HL RUS API. Quote:
|
hi nikita
as i say before currently i found 2 version of hardlock.sys. one version has no enc\dec algo and one version has. can you tell me about version 0, is it the same as uncrypted version? however my problem is to distinguish between crypted an uncrypted packets in runtime. my approach is to test the seed, if it is 0 then packet is not crypted and if is not 0 then packet crypted in 2 level is it true? toro |
All times are GMT +8. The time now is 08:14. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX