Question: Using dongle emulator for new version of a programme with cert files

[Turkuaz]

Hi all,
I have a programme (ver 6) and hasp hl emulator for it.
I want to use my emulator for ver 7 too, but it says "No V7 Cert".
There are 2 binary files with pcert and scert extensions inside Certs directory.
User manual says dongle for old version can be used with suitable cert files. When I stop dongle emulator service it gives no dongle error, this means dongle emulator is accepted. But cert files must be updated.


I have some degree of reverse engineering knowledge and experience but very little with programmes which use certificates.

The programme is packed but I unpacked it manually, it runs properly now.

I guess the cert files contain some data encrypted with a private key. And these information is decrypted with a public key and checked by the programme . So I think i must extract these datas and modify accordingly for new version. Then produce my public/private key pairs in order to encrypt modified data, and replace the original public key with mine.

My question is how to find public key and decrypted data? Any advice or hints which can help me?

Thanks in advance

[Syoma]

If you unpacked the program find the cryptographic subroutines and follow by xrefs to keys initialization.

[Turkuaz]

Quote:

Originally Posted by Syoma

If you unpacked the program find the and follow by xrefs to keys initialization.

Thanks, do you have any hints or advice to find cryptographic subroutines? Sorry for asking but i am novice when it comes to cryptography? But i ll learn certainly.

[TechLord]

Quote:

Originally Posted by Turkuaz

Thanks, do you have any hints or advice to find cryptographic subroutines? Sorry for asking but i am novice when it comes to cryptography? But i ll learn certainly.

To find cryptographic subroutines per se, the CC tool found in this thread is excellent.

You can find a MEGA download link in the last post there.

The above tool will help if you want to quickly scan for any cryptographic routines in the code.

However if the crypto is a part of the dongle protection code itself, then, while this tool can discover the crypto, it's not that easy to solve it without having a good knowledge of that dongle's protection itself (from the SDK, among other things, for example)

[Turkuaz]

Quote:

Originally Posted by TechLord

To find cryptographic subroutines per se, the CC tool found in this thread is excellent.

You can find a MEGA download link in the last post there.

The above tool will help if you want to quickly scan for any cryptographic routines in the code.

However if the crypto is a part of the dongle protection code itself, then, while this tool can discover the crypto, it's not that easy to solve it without having a good knowledge of that dongle's protection itself (from the SDK, among other things, for example)

Thanks for cc. I am using it now.

I analysed the loaded modules. I think these are crypto related ones.
cryptsp.dll, rsaenh.dll, EvCrypt.dll and enhkey.dll

EvCrypt.dll is from www.cryptsoft.com and enhkey.dll is for hasp dongle.
I am trying to understand role of EvCrypt.dll. Any hints?

[TechLord]

Quote:

Originally Posted by Turkuaz

Thanks for cc. I am using it now.

I analysed the loaded modules. I think these are crypto related ones.
cryptsp.dll, rsaenh.dll, EvCrypt.dll and enhkey.dll

EvCrypt.dll is from www.cryptsoft.com and enhkey.dll is for hasp dongle.
I am trying to understand role of EvCrypt.dll. Any hints?

Cryptosoft ?

Well theres's a wealth of info on their page

You may want to go through the various datasheets to get a preliminary idea as to what features could have been used in your target.

Don't forget the "Additional Resources" section at the end. Contains a lot of useful info reg what's available in their software.

By the way, this sort of a thread should be opened in the "Dongle" sub-section and not in the "General Discussion" section of the forum which is visible to everyone on the internet.

Maybe the mods could move this thread over ?