hi, i have a target built using visual foxpro, and it's protected using NetHASP with a red dongle (no access to the dongle).

i use refox to get the source code and the protection is very simple, but i'm unable to debug the foxpro 'virtual' code as it's VB like with all the DLLs.

i've tried HASP emulator and succeed on login to NetHASP but failed when calling ReadBlock, saying 'incorrect security key'.

i've tried many times changing here and there thru' the registry setting by the HASP Emu but to no avail.

debug using SoftICE didn't give much help as it's Foxpro not VB (lots of essay on VB for my reference, but not Foxpro).

can anyone help me?? comments.... reference sites.....?????

thx in advance.

Hiya,

As far as I can remember the old HASP SDK's (and I'm pretty certain this is an old HASP because I suspect your using one of the many UCL HASP Emulator replacements) all shipped a very convenient dll for use by the developer, (haspfp32.dll), there probably isn't a need for you to be debugging the intracies of VFP (although I might be wrong about this).

Playing with the parameters in the registry isn't going to help you much, since readblock() (doh) reads blocks of memory from the dongle, and with NetHASP your looking at possibly 496 bytes worth so unless your kinda lucky or they filled it all with 0xFFFF or 0x0 you can forget it ;-).

I propose 3 options / solutions:

1. Find the API level interface (I'm almost certain it'll be a dll) and code your emulator at that level (also debug at that level). Should be easy with conventional breakpoints, if the HASP drivers work, go for bpx deviceiocontrol.

2. Pop some breakpoints in the pertinent parts of the HASP emulators your using, haspdl95.vxd for 9x, haspdos.sys for NT and trace the API parameters back from there, this may help you since you can place bpm/bpr on readblock() returns.

3. Drop me an e-mail with the target info, anything else you feel might be pertinent, I can almost certainly help you some more.

Regards

CrackZ.

yes u're right, it is haspfp32.dll


from the source the checking is very simple, it goes something like this:
- chk if hasp is installed (func. 1), if fail shutdown proggie (i pass this)
- login to nethasp (func. 2) (i think), if fail shutdown proggie (i pass this too)
- readblock (pass this one too)
- check if return string starting from position x for length y is = '556712 JMC7621' and etc etc...
if it's the same, go on, else print "incorrect security key"


i'm not good at assembler. i'm actually trying to patch the process that does the checking above, but it's foxpro and i have no idea on the opcodes generated by the compiler.


i'll do that, thx


will certainly do.
btw, the target is a proprietary proggie so no way to download from the web. ZIPped size is abt 20 or 30MB.

thx a lot CrackZ.

regards,
WoZX

As an addendum.

Since we've established it uses haspfp32.dll I can pretty much guarantee (regardless of your ASM competence) thats going to be the best place to put some emulation code. I just disassembled several copies of the DLL I have on the various HASP CD's and they are all pretty much the same, standard call _haspreg()'s.

I didn't check my e-mail before posting this, but hopefully I can still help you some more here, actually I'm just interested in the target (let the fires of hell burn my soul for that ;-) ).

Regards

CrackZ.

ok, my progress so far.

1. i patched haspfp32.dll on 'hasp' call and let it return 00h on return value [ebp+1C] (the 6th parameter, just after the pass1 and pass2), which is the return status for HASP is installed and if login to netHASP is OK.

2. bpx on haspreadblock(@storage, 30) will return result to memory location @storage for 30 bytes. Patched the memory location to values/string of what the program is expecting, and it run flawlessly (^_^)

you are right CrackZ, i need emulation code or a new DLL (with the same file name and only need 2 imports 'hasp' and 'haspreadblock') that did just the above, but i'm a rookie in assembly, can you please help me with this CrackZ?

thank you very much for your guidance.

regards,
blurred