sope
November 12th, 2003, 08:22
Hello Everybody,
I have a target for which i don't have the dongle. It's Hardlock enveloped.
The main files is packed & the depending .dll's & .ocx's are also packed. Tracing slowly & noting the values down i was able to reach a point were i found the below structure & its values written below.After searching the board & some more site came to know the we need to dump some 8K bytes from the original dongle to decrypt the packed exe files.
My Question : Even if i would have the 8k of dongle data how does one emulate it ? which portion of code to rip out & then put the dongle data etc... any-body familiar with such type of things please show some light or hint.
Learn't so far for our community:
Earlier i did not knew how does one find in the .protect section when will the hl_login function is called. Now how i find it is like this.
Once we get an error messagebox i dump the target & search for the below bytes in hex editor 3D 07 00 i.e. cmp ax, 0007 <--- finding the error code & note down the address & set a break point on all which were found. one of them will trigger for you.
If u know better please don't hesitate to post it here.
Regards, Sope.
I have a target for which i don't have the dongle. It's Hardlock enveloped.
The main files is packed & the depending .dll's & .ocx's are also packed. Tracing slowly & noting the values down i was able to reach a point were i found the below structure & its values written below.
Code:
API_Version : 0351
API_Flags : 0000 0000
MOdID : 0000
HARDWARE : xxxx 0000 0000 0000 0000
Data Pointer : 0000 0000
Bcnt : 0000
Function : 0000 <-- HL_Login
Status : 0700 <--- No Dongle
Remote : 0100
Port : 7803 <-- Lpt1
Speed : 0200
NetUsers : 0000
ID_Ref : xxxxxxxxxxxxxxxx
ID_Verfiy : xxxxxxxxxxxxxxxx
Task_ID : 08FFB9A9
MaxUsers : 0000
TimeOut : 0000 0000
ShortLife : 0000
Application : 0000
Protocol : 0000
PM_Host : 0000
My Question : Even if i would have the 8k of dongle data how does one emulate it ? which portion of code to rip out & then put the dongle data etc... any-body familiar with such type of things please show some light or hint.
Learn't so far for our community:
Earlier i did not knew how does one find in the .protect section when will the hl_login function is called. Now how i find it is like this.
Once we get an error messagebox i dump the target & search for the below bytes in hex editor 3D 07 00 i.e. cmp ax, 0007 <--- finding the error code & note down the address & set a break point on all which were found. one of them will trigger for you.
If u know better please don't hesitate to post it here.
Regards, Sope.