Log in

View Full Version : HASP4 TIMEHASP confusion


st123
August 30th, 2007, 11:33
Hi,

I got 3 HASP4 TimeHasp dongles.

1) works fine in server 1 and server 2
2) works fine in server 1 and server 2
3) doesnt work in either, and is 'unactivated'

- all three have the same password and i can open them in haspedit.
- For all three dongles the timehasp and FAS fields are empty, and only the memo section has data.
- On 1) and 2) the memo section has a bunch of 16 byte 'keys' exactly 40 bytes apart. The keys are not indetical between both dongles, yet either dongle can work in either server.
- dongle 3) has only 2 keys and the rest is blank.

So, i can clone the memo section from dongle 1) or 2) into dongle 3) and the server recognises the dongle and accepts it. However when i run queries through the application they fail after about 12 seconds when using dongle 3).

I noticed that the two keys that were present in dongle 3) change after a run through the application ONLY on dongle 3, not on dongle 1 and 2.

Has anyone got any idea whats going on here?! I would have thought that if the dongle were recognised that would be it.

HELP!

CrackZ
August 30th, 2007, 17:08
Hiya,

This sounds strange.

I can think of a few *possibilities*; but the most likely is something along the lines of:

Dongles 1 & 2 have individual serial numbers and also 16 byte keys, since the keys differ I'm guessing they might be derived or dependant on the individual dongles serial number, this is the part you can't clone via HaspEdit.

Thus, when you clone the memory the serial number doesn't resolve to that in Dongle 3 and you get reset.

This would actually be trivial to verify, save Dongle 2's contents, and clone its memory as Dongle 1 and see if it works.

I can think of some other less probable explanations, but for now the above seems to me to be the most likely.

Regards

CrackZ.

st123
August 31st, 2007, 04:30
Hmm thats what i was thinking.

Personally i suspect these are clone dongles (because i don't trust the source they were bought from). Obviously if they were not genuine it would be impossible to buy a blank HASP from aladin and rewrite the passwords, so i suspect these are emulated.

Its possible that something else in the emulated dongle needs to be activated for it to work. Like you say this would be easy to verify by copying dongle 2 onto dongle 1. I'll try that and see, but i dont physically have those with me, so it may take a few days.

If there's anything else you can think of in the mean time please let me know.

st123
August 31st, 2007, 13:49
After some thought i decided not to risk breaking the working dongles. But i think i know whats going on now. At least some of the keys must be hashed with the HASP id of the dongle. This is probably why a straight copy of the memo section isn't working.

Now i just need to find a linux hasp emulator to confirm the theory.

JMI
August 31st, 2007, 15:16
And "OF COURSE" you are AWARE you MAY NOT ask for such a "Tool of the Trade" here.

That's WHY the Diety invented the internet and internet search engines. So YOU could "seek" and "find" what YOU want.

Regards,

st123
August 31st, 2007, 15:23
ok, sorry

I did search and couldnt find anything tho. Just lots of stuff for windows. anyway if thats the rules, then thats the rules! i'll search some more.

sorry again

JMI
August 31st, 2007, 15:54
It does state clearly in the description to the Tools of the Trade Forum:

Do not ask where to get the Tools of our Trade. Do not even think about asking for them.

The 3rd item in the FAQ states: Do not ask where to find the "tools".

I don't know how it could be more clear those ARE THE RULES!

Regards,

st123
August 31st, 2007, 16:01
I asked for a name of a tool, i clearly said i'll look myself.

Anyway its a bit rich when you have emu's posted in the same section a few posts down:

http://www.woodmann.cjb.net/forum/showthread.php?t=10331

anyway back to the topic. Its clear now that the hasp id is definatly hashing the memohasp area. I think if i can find a deprotected aksusbd i could probably write something to emulate it myself. alternatively i may try reading the eeprom on the dongle itself to rewrite the id

JMI
August 31st, 2007, 16:50
I'd be happy to explain the "difference" to you.

Someone posting a tool, at least a non-commercial one, is a matter of their desire to "share" a "tool of the trade."

This is to be distinguished from "asking" for a "Tool of the Trade" when, usually, with a little thoughtful and creative searching, either for the "name" of a tool, or for the "existence" of one, or it's location, you can find what you seek.

One of the reasons for the Rule is to try to reduce the number of "totally lame" first time posters who have, and still do post asking where to find tools they "want" to "crack stuff."

Finally, it in not important whether you "agree" with the Rules, only that you "follow them." The penalities for non-observance are usually swift and most always "final."

Regards,

st123
August 31st, 2007, 17:15
ok i understand what your saying..

but i think the thing you don't realise here is that the 'tool' i was requesting almost certainly doesnt exist - and i was simply asking if anyone knew of one that may exist. It is by no means a 'tool of the trade' since that suggests its a publicly known piece of software thats easily available or commonly used - what i requested most certainly is not.

I understand your trying to stop newbies asking for tools they could probably find on the forum itself, but i think its a little harsh to jump the gun and assume that the tool i was asking for information about is such a tool.

I suspect that if i were allowed to pose the question there may have been a slim chance someone out there may have done some work towards making such a tool, or at least be able to provide me with some unscrambled driver source code so i could make such a tool. Instead its going to be down to me to make the tool myself and posibly duplicate work someone else may already have done.

JMI
August 31st, 2007, 17:39
And the way to "handle" such a subject might be to suggest that you have searched for such a "tool" and not located any and that if anyone has "done some work towards making such a tool" and might be willing to consult with you on "the making of such a tool," that they contact you by PM.

Then you are not openly "soliciting a tool," but inquiring for anyone willing to assist you in your project to contact you "off the Forum."

And, "obviously," you HAVE posed the question "here," because you Post remains!

Regards,

st123
August 31st, 2007, 18:09
ok back on topic...

so there appears to be at least one version of aksusbd that emulates a dongle, but i can't get hold of the file. But anyway thats less the point, but more that there must be source code for aksusbd routines or at least a deprotected aksusbd. Its begining to look a bit hopeless, i think its going to be easier to write it from scratch.

On a seperate subject, it looks like these dongles have an 'ASIC' or more likely just some microcontroller and a 93c eeprom. Has anyone tried cloning the eeprom between dongles?

JMI
August 31st, 2007, 18:20
And WHY is it that you haven't already attempted to "google":

aksusbd routines

and/or:

source code aksusbd



Regards,

st123
August 31st, 2007, 18:26
I have.. but google 'aksusbd routines' won't show you much, and what it does show is just the routines you put into your program to communicate with the driver. Unfortunatly 'google' isnt the answer to everything!

There's going to be two steps needed here, one to recreate aksusbd so that the driver -> program part can be confirmed working, and then the second part which is writing the emulator and querying that instead of the real dongle.

I get the feeling your just trying to prove some point now rather than be helpful.

JMI
August 31st, 2007, 18:40
Your "feelings" are neither relevant nor of any important to me. I neither crave nor need your approval. You stated you were looking for "source code for aksusbd routines" without stating you had done any searching for that information.

I gave you two search criterial which revealed some rpm sources for including "aksusbd routines" into two different flavors of linux.

I will neither spring hoops nor lose sleep over whether or not you understand my motivation for doing so.

Regards,

st123
August 31st, 2007, 19:03
geeez some chip on your shoulder there.

"rpm sources for including "aksusbd routines" into two different flavors of linux"

i'm not talking about the source for an rpm to install the driver, thats trivial, i could use rpmfind for that. I'm talking about the source code for the driver itself.

JMI
August 31st, 2007, 19:11
Poor st123:

You simply fail to understand that if I had a "chip" you would simply be a "goner."

But, as I've stated before, I love to argue, so "make my day."

Regards,