dcbo
April 1st, 2010, 07:05
I have an old dos program that is protected with a hasp4.
I know the passwords and I can emulate the dongle with the Glasha emulator.
I managed to bypass the hasp checks in the program. My problem is that the
program uses the 3D function to decrypt some of it's data files.
I have the edstruct registry key for the dongle, and I can calculate the
seed with the ed2seed.exe program.
If I check the portlogging, than I can see that the hasp decription routine
is outputting 40 5 bit numbers. After a number is sent to the hasp, 1 bit is returned
from it. The output bit is a boolean function of the 5 input bit's. Sometimes, it is
the inverted function. There seems to be a feedback on byte 8 and byte 11.
The output of a byte sent to the hasp also changes the return value of byte + 8
and the return value of byte + 11 (also byte + 16, byte + 19, byte + 22 ...)
I would like to emulate the hasp behavour, but can't find any information of how to start.
As I have 40 * 5 = 200 bit input, it's a bit too much for a brute force attack.
I don't think there exist an emulator that can be used with dos program's.
The 40 5 bit numbers are different every time and probably calculated from the encrypted file.
Because of that, a "keylogger and replay emulator" isn't helpfull either.
Any help in this will be much appreciated.
I know the passwords and I can emulate the dongle with the Glasha emulator.
I managed to bypass the hasp checks in the program. My problem is that the
program uses the 3D function to decrypt some of it's data files.
I have the edstruct registry key for the dongle, and I can calculate the
seed with the ed2seed.exe program.
If I check the portlogging, than I can see that the hasp decription routine
is outputting 40 5 bit numbers. After a number is sent to the hasp, 1 bit is returned
from it. The output bit is a boolean function of the 5 input bit's. Sometimes, it is
the inverted function. There seems to be a feedback on byte 8 and byte 11.
The output of a byte sent to the hasp also changes the return value of byte + 8
and the return value of byte + 11 (also byte + 16, byte + 19, byte + 22 ...)
I would like to emulate the hasp behavour, but can't find any information of how to start.
As I have 40 * 5 = 200 bit input, it's a bit too much for a brute force attack.
I don't think there exist an emulator that can be used with dos program's.
The 40 5 bit numbers are different every time and probably calculated from the encrypted file.
Because of that, a "keylogger and replay emulator" isn't helpfull either.
Any help in this will be much appreciated.