HI !

Some day ago i downloaded some program that seems to be protected with HASP.

Can somebody teach me how can i remove this protection/tell me more about it (the program popups a message like 'HASP ERROR - key not available ') ?

Well i hope i'm not asking too much ...

best regards,
hacker2k

Yes Indeed you're asking for too much.

1. Did you read the FAQ?
2. What analysis did you do?
3. Do you know that there is a "search" button on this site that does magical things ?
4. Do you know of a great guy called "CrackZ" who literally "ownz" dongles?

Do the above in the same order and if you're still confused....

Signed,
-- FoxThree

Hiya,

1. Ah foxthree you are far too kind ;-), or I've spent far too long tracing HASP's (heh, I think its that actually), but thank you for your gracious words.

2. hacker2k, heed what foxthree has advised you, if you can provide me with more details I can probably help you more, but I'm afraid 'popping up an error : NO HASP key found' tells me only that it failed to run without a HASP (erm, not surprising eh).

3. As a rule of thumb, I know I've written in the past about specifying targets, but its generally advisable that you paste some code from your target, for example, paste which part you think is _haspreg(), tell us what you've uncovered whilst tracing, in fact as I'll write soon for a document on Tsehp's site there are now some devastatingly effective breakpoints for HASP's.

Regards

CrackZ.

CrackZ,
I hear your HASP/Sentinel Kill v0.01 have finished long time ago. Could your please share it.
Regards!

Well hacker2k i take a chance to make a reply to help u about this program...
i don't know if u have tried to crack this app but i tell u with single step how u can find the hasp() btw take on hand the hasp manual will help's u alot trust me well now u need softice/icedump, hiew and the hasp manual on hand...
i told u how i work usually first i open the file to see if exist .protect section, protect section is the hasp envelope,about hasp envelope u will find infos on hasp manual
now i set a bpx FreeEnvironmentStringA and run the prog
softice pop up F12 until u see this code snippet ush ebp
call [esi]
pop ebp <-- you will be here
another F12 and will land at hasp()
at
EAX=seed
BH =service number
ECX = pass1
EDX = pass2

This is the basics steps now u must read all CrackZ tutorials about emulator and other technics.... and finally if u can't do nothing drop me a PM with the url for your program and i will try to write a short essay to help u

Regards HypnoticZ

Since I think some of the above comments aren't really useful I'd like to give some tips on how one should continue on Hasp and comercial protections in general.

One thing I don't understand is why people go search after endless amounts of tutorials instead of reading manuals.
After people read alot of tutorials they end up a little smarter but still won't know how the dongle works.

Basicly you should ask yourself: "Do I understand hasp good enough to be able to protect my own program?" If the answer is yes then tutorials might be of some help since they can usually give hints on how to get to the central place of the hasp protection: the api. If the answer is no then thats the real problem and you should read the manual. The manual is availble and it's just a shame and lazyness that people doesn't start by reading this.

I read in another thread where someone complained about a hasp memory dumper didn't work as it should. Again this is the same problem over again. I state that any experienced programmer should be able to code a dumper within 1 day (even without knowing in advance how hasp works). It's really not that hard but again if you don't know how hasp works you won't get far. 1 day is probably more then enough as a experienced guy should be able to make a dumper in a few hours. You don't believe me? Feel free to prove me wrong. (Atleast your attempt to make one will make you learn something about that dongle).

As for hasp envelopes it was made clear above how to identify them. They are ofcourse more work and takes time to figure out like any other pe encryption (eg. Asprotect) but I am sure you won't be able to handle those as long as you don't got the basic knowledge about the dongles in your head.

// CyberHeg

Stop the presses, there is another way. Yes the old newbie way of brute forcing it! Find the hasp signatures for IDA. Run IDA on your program (may take an overnight run). Then look for the hasp signature subroutines and where they are called, in pseudo code it will look like this

Is dongle attached
No > bugger off, crash, exit
Yes > continue
Is dongle the correct version
No > bugger off
Yes > continue
etc.

Now the program may call the hasp only a couple of times, at start, before writing a file or printing, or doing some intensive calculation. This is easy to defeat.

If it calls the routines a lot you will need to reg the hasp routines to return the correct value no matter what.

MTB

Look at h**p://w*w.brstudio.com/HardKeys.htm.
The guy there is claiming that he can emulate HASP4.
(U can download the emulator).
Try it, and post here the results.


Greets.

Hiya,

It go's something like this ;-).

1. Identify HASP protection strategy, envelope (.protect section?), HASP API (HASPDOSDRV string), HASPPVCS (HASPPVCS signature).

2. Breakpoint pertinent HASP API level, envelope and API bpx FreeEnvironmentStringsA, PVCS use low level breakpoints I mentioned in other posts (inside drivers), service code can be found in HASP structure +16h (I'll write an essay on this SOON I promise).

3. Understand HASP service codes, return correct or recoverable responses.

4. Recover dongle memory contents if you can work it out.

5. Patch stupid application. Write replacement drivers. Figure that Aladdin are just a bunch of stupid morons and that your time is better spent tracing or coding something else ;-).

Regards

CrackZ.

Maybe the HASP-Programmers Guide will help you all.
Find it here for download:

hxxp://212.14.34.87/~fkiepski/down/helpy/haspman.zip

The link was followed from:

hxxp://crackpltools.prv.pl/

...a nice site at all!

Mefeus

This site has not been maintained for a long time.

Try it hxxp://212.14.34.87/~devon/down/helpy/haspman.zip

FoxB