Log in

View Full Version : hasp 4 decode function in dos program


dcbo
April 1st, 2010, 07:05
I have an old dos program that is protected with a hasp4.
I know the passwords and I can emulate the dongle with the Glasha emulator.
I managed to bypass the hasp checks in the program. My problem is that the
program uses the 3D function to decrypt some of it's data files.
I have the edstruct registry key for the dongle, and I can calculate the
seed with the ed2seed.exe program.
If I check the portlogging, than I can see that the hasp decription routine
is outputting 40 5 bit numbers. After a number is sent to the hasp, 1 bit is returned
from it. The output bit is a boolean function of the 5 input bit's. Sometimes, it is
the inverted function. There seems to be a feedback on byte 8 and byte 11.
The output of a byte sent to the hasp also changes the return value of byte + 8
and the return value of byte + 11 (also byte + 16, byte + 19, byte + 22 ...)
I would like to emulate the hasp behavour, but can't find any information of how to start.
As I have 40 * 5 = 200 bit input, it's a bit too much for a brute force attack.
I don't think there exist an emulator that can be used with dos program's.
The 40 5 bit numbers are different every time and probably calculated from the encrypted file.
Because of that, a "keylogger and replay emulator" isn't helpfull either.

Any help in this will be much appreciated.

gmgsci
November 27th, 2010, 21:35
i have successfully emulated a hasp dongle with Glasha's WinXP emulator, among others. i wish to run the program in real DOS boot without WinXP, with an emulator. i have hunted far and wide for a DOS HASP Dongle emulator. KPME421 is as close as i've come. I am sorry to ask this question as a lameless newbie. Can someone give me a clue as to where and how i should be looking in this community as well as others?
thanks much.
gmg

Guybrush
February 21st, 2011, 07:18
Hello everybody,

I am french, sorry for my writing expression.
After many reading on the net of DOSdongle reverse ingeneering , I tried to hacked my software.
The software characteristics are : built 1998 with an dos exe file and it is an HASP dongle because by searching with WinHex I find the famous string 'HASPDOSDRV'.
I also trace this soft with softice, i breaked the outputs and error messages in memory and 'Nopped' The comparison instruction below. All the no résults.How see if the file is encrypted.
What path follow, for unprotection the dongle protection ?
Thanks for your Help