|
|
#16
05-17-2005, 04:09
|
|||
|
|||
|
checked out for haspedit studio v1.02 everywhere....
but couldnt find it..... hey s0cpy,, may b u can share it with us... here... thanx TDW {RES} 
|
|
#18
05-18-2005, 06:11
|
|||
|
|||
|
No, the hasp passwords are already embedded when the software company gets the hasp. They dont need to change. Every hasp family has 4 unique IDs:
1. Family Code : 5digit alpha - like "MATER" 2. Developer ID: 6digits - like 204-42c 3. Password A - like 28124 4. Password B - like 80121 While you have you a family of 100 hasps with the same details (ID) there is also a unique ID for each hasp: 1. Hasp Unique ID - like 8f0af981 The developer uses those 2 passwords to open the hasp memory using the HaspEdit tool and he can put additional information inside such as the customer serial number. The protected software, requires those 2 passwords to open and validate the key and therefore read the information. But they can also use the unique ID to ban a hasp from running the software. If HaspID == 8f0af981 then UnLicensed(); There are tools that are allow you to find those 2 passwords but the best you can do is to read and write the memory of the hasp, the data that software developer entered. If you get another hasp from aladdin, you will have a different family ID and Developer ID - and of course 2 new passwords. You cant change those 2 passwords to match the old hasp (the one that you want to duplicate). I also imagine the encrypt/decrypt routines working like that: (inside hasp) Encrypt(Family_ID + Developer_ID + Password1 + Password2 + Embedded_Hidden_Key, "hello world"); So what we have here? The communication between software and hasp is encrypted with keys that are based to the original hasp. Even if you manage to know the 2 password there are more things counted here. So you cant enforce the hasp to change those sensitive details (family id, developer id, passwords). That means is not exactly a single copy/paste. The tool sc0py mentioned is not available on public, at least i was unable to find it. I think duplicating the hardcoded memory of a hasp is not as simple as running a tool in your pc. I know the company that sells the Hasp4 in my country and they have a special hardware (a big one) for that job that programs the hasps based on passwords etc. The software that works with that hardware is connected to the internet and takes data directly from ealladin (mam company). Means even the employee/local distributor cant write hasps for his personal purposes. Think it twice, I cant imagine a security colossus like eAladdin having a security tool that can be easily duplicated using a single software/tool. My advice is to think for a hasp emulator that will make your job because all data software needed are readed from memory - and as you already know memory is writeable while hasp isnt 
Last edited by baatazu; 05-18-2005 at 06:16.
|
|
#19
05-19-2005, 12:10
|
|||
|
|||
|
i found that the company from where i m getting my hasps, for the soft 2 run,
all the hasps have the same passwords,,,,, but on alladin site its written, that all the hasps have different passswords, and no 2 hasps have same password.... so there might b a way 2 update that password ( i think) thanx TDW {RES}
|
|
#20
05-19-2005, 14:52
|
|||
|
|||
|
Quote:
|
|
#21
05-19-2005, 15:53
|
|||
|
|||
|
It doesnt work like that. Imagine the following scenario. Im Software Company and I have Product1, Product2, Product3. The right approach is to have different Hasp family for every product. That means different Developer ID for each family. Unfortunatelly thats a little bit risky for developers because they need to have stock for every ID, example 20 hasps for Product1, 20 hasps for Product2 and 10 hashs for Product3. What will happen if they ran out of hasps for Product2? They need to order new hasps because the other 2 families are incompatible. And the ordering takes about 2 weeks - to 1 month. Maybe more. Thats why some developers they get one developer ID/family hasp and they alter the memory data to allow differents products to be executed. If you open the HaspEdit software (the one from alladin) you can see it has a "FAS" button. That button allows you to control what module/applications can run with that hasp. So what developer is doing, he's puting number "1" for Product1, number "2" product2 and number "3" for product3. So his application is checking for that number that is inside the hasp. Of course if you own the passwords you can use the Hasp memory easily and change that option and run all programs from the same company. If you want HaspEdit utility, i can upload here.
|
|
#22
05-20-2005, 06:28
|
|||
|
|||
|
Many years back Aladdin used to sell to selected developers 'crypto programmer cards' for direct hardware programming of Hardlocks and HASP's.
As many posters here have noted, there is only a minute chance that Aladdin would now supply even a legitamate user of their dongles such an ability or a public software interface capable of editing these hidden parameters. Evidently the screenshot depicts an interface capable of writing these hidden parameters to a HASP 4, implying they are editable (I just can't imagine what the Aladdin guys were thinking to be honest), so one needs to examine and document the HASP hardware access protocol if one is to have any hope of duplicating a HASP sucessfully. Any capable volunteers step forward ;-). Regards CrackZ. Last edited by CrackZ; 05-20-2005 at 06:33.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
