Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-29-2003, 21:30
koncool
 
Posts: n/a
Dongles

How do I make a dump of a dongle's eeprom? It is a DESkey-type
one.
Reply With Quote
  #2  
Old 07-29-2003, 22:09
VirtualDark
 
Posts: n/a
I don't know how you can Dump the EPROM of a Dongle.
It's better to ask an Electronic Engineer about that.
But if you will remove the DESKey Protection Code
try the attachmend , it is the DESKey Protection Remover from EXELord , it is old but maybe helps.
Attached Files
File Type: zip exelord deskey dumper.zip (142.0 KB, 110 views)
Reply With Quote
  #3  
Old 07-29-2003, 22:25
dynio
 
Posts: n/a
Dongle dumping

I've tried that in "physical way" last year... When i opened the box i found the chip protected with an sort of glue. So i went back and did it by software way...
Reply With Quote
  #4  
Old 07-29-2003, 22:32
dynio
 
Posts: n/a
Sorry, You may understand thah I've read this by software way. NO, I meant I've cracked it.
Reply With Quote
  #5  
Old 07-30-2003, 07:37
Sab
 
Posts: n/a
it can be dumped physically.. quite easilly too.. The epoxy glue is usually on motorolla not the mem..... have fun.
Reply With Quote
  #6  
Old 07-30-2003, 19:04
koncool
 
Posts: n/a
No, I need to dump it software-wise, like HASPGRAB does to HASPs. Isn't there a generic solution?
Reply With Quote
  #7  
Old 08-01-2003, 05:26
Sab
 
Posts: n/a
hm.. thats interesting.. okay well given your not going for a full universal emulator or something if you just want a normal eeprom dump the DK2 has 224 bytes of memory in public/private. 16bytes= public (write read etc) the rest of the bytes are private. You can write to private memory at anytime but you need a 48bit pw. The private memory can be read at anytime with no problem, however, you wil need the seed it is encrypted with. There are 0xFF seeds. There are also 223 addresses but regardless how it is used the address a max of 223 memory is still the cap. There is a very good chance you will need the app to read the memory so you can rip a proper read memory call, like the one below from the app.

UCHAR Memory[209];
DK2ReadMemory( DataReg, DK2Id, 0xff(seed), 0x010(address), Memory, 208(lengthofdata) );

You could also write a quick real time logic analyzer dumper. Because the deskey will return garbage on a inproper seed and address based on the memory you will get a semi to good random looking values. i.e. it would be rare to get certain data sequenced together like 00 00 32 00. because of algo design. So what you do is make a dumper that looks for sequences in data if there are no sequences then ignore that buffer and overwrite with next address/seed. Until you have covered all address/seed. This is only needed if you dont have the app! Keep in mind that this cannot be 100% given the author of the dongle actually uses random data as his eeprom input. .....enjoy. hope that made sense..
Reply With Quote
  #8  
Old 08-05-2003, 18:36
koncool
 
Posts: n/a
Sab, thanks for the details. Can you please post some info about the algorithm string and the random numbers and the Through Encryption functions? I have the DK2 API guide, I am writing a quick'n'dirty emulator in CPP and I am stuck there. How do I capture the "random number area" and calculate the words from the seeds?
Reply With Quote
  #9  
Old 08-06-2003, 07:13
Sab
 
Posts: n/a
huh?

not sure what you said above, can you be more specific? what kind of details do u want other then the ones provided in the api guide?
Reply With Quote
  #10  
Old 08-06-2003, 19:01
koncool
 
Posts: n/a
The dongle contains specific numbers, ok? These numbers are
retrieved by the ReadRandomNumbers function and changed
appropriately with the seeds. How do I read the rnd number
area and calculate the values from the seeds?

Or -- how do I read out and write down on a file all the rnd #?
Reply With Quote
  #11  
Old 08-07-2003, 19:46
Sab
 
Posts: n/a
huh2?

Although I must admit I am still confused Ill try to answer. Dk2ReadRandom numbers is just a rng generator. It produces output by 2 arguments, the length of data and the seed of data.
From what I seen it should allow 0-FF seeds and the asic itself can produce "unlimited" data but it does slow down so theres a point where its to slow to consider a security device worth having. Dk2ReadRandomNumbers is the api your looking for, just use that api with dk2id, seed value (this is 0-FF) and u wont need any special developer codes to access this api.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hid dongles emulation infern0 General Discussion 7 04-02-2013 23:52
USB Vs. LPT dongles frescies General Discussion 8 12-12-2005 03:51


All times are GMT +8. The time now is 23:23.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )