Log in

View Full Version : memohasp 1


jswift
March 17th, 2002, 14:18
First, I've never cracked a dongle before. I did some research on how the HASP works, but I still havent figured nothing but basic things. I wont tell on what app Im workin, due to respect of the author. I also dont have the dongle. This is what, so far, I have figured out:

It exports these functions:

?HCleanLogin@@YGHXZ
?HTestAppRights@@YGHPAD@Z
?HTestCodes@@YGHHPAH000@Z
?HTestDate@@YGPADXZ
?HTestProtection@@YGHPAH000@Z
?HTestUserNum@@YGPADXZ

I guess its obvious what these do.

I've been able to find main hasp code, from what i understand, by simple searching for cmp bh, 32 .

:00402C5A 035D10 add ebx, dword ptr [ebp+10]
:00402C5D 8B450C mov eax, dword ptr [ebp+0C]
:00402C60 8B4D14 mov ecx, dword ptr [ebp+14]
:00402C63 8B5518 mov edx, dword ptr [ebp+18]
:00402C66 80FF32 cmp bh, 32
:00402C69 7205 jb 00402C70
:00402C6B 8B7528 mov esi, dword ptr [ebp+28]
:00402C6E 8B06 mov eax, dword ptr [esi]

There are 59 references to this piece of code above.

Haspman v3 would be great help. Couldnt find nothing but v4 manual.
What is the next step? I just need you to point me a direction. Any help is appreciated.

Thanks

goatass
March 18th, 2002, 05:15
What I would do here is set a BPX FreeEnvironmentStringsA and when it breaks you do one F12 and you should see:
push ebp
call [esi]
pop ebp <-- you will be here
press F12 one more time and BPX on the call you just came from, that is the hasp() call that will be used in every access to the dongle. Now re-run the program and write down the services and all of their parameters and make your emulator.

EAX= seed
BH = service number
ECX=password 1
EDX=password 2

These are the basic parameters so by knowing which service is called you can look up the rest of the parameters.

Check out CrackZ archive (the link is at the buttom of this page).

goatass