Now every one knows howz that 3c and 3d functions are emulated by the glashas dongle emulator. And everyone have the registred copy of hasp professional emulator with keygen by infern0.
Can anybody prepare the .dmp to .reg converter. Specially that
EDStruct: Data?
Regards
tex

What ?

It is crystal clear for any competent brain reverser/mind reader. Delta?

Is it just my imagination, or are we getting a group of these all of a sudden that do not seem to make a great deal of sense?

Regards,

here http://yo.mama.com you will find the software with crack.But infern0 no more supports for the .dmp to .reg
Regards
dongleguru.

PS.
Take a look at this great webpage (http://www.woodmann.net/fravia/rce-faq.htm) too, I haven't had time to look at it myself yet though.

Seems to me that he wants someone to write a hasp cracking utility for him. Hmm, cracking tool manufacturing requests, even worse than crack requests?

The next good question is why he has chosen the name "DongleGuru". Seems like "DonogleWantabe" would have been more descriptive.

Regards,

Hiya,

My 2c and then some;

Before we all rush to tell him to read the FAQ or use a search engine etc, etc, what he seeks is actually a legitamate 'request', however it isn't the best english I've ever seen ;-).

Background.

Glasha's HASP 4 emulator protection was broken (about 2 months ago ifirc), this essentially made public the internal HASP 4 algorithms (encrypt/decrypt are the ones of particular interest), however to make the emulator work you require the presence of a registry key (obtained by dumping the dongle).

Works kind of like this :

h4dmp.exe -> PWD1PWD2.dmp -> DMP->Reg Converter -> Registry Key (enables encrypt / decrypt services to work correctly).

As for the answer to the question, well it isn't hard to find ;P.

Regards

CrackZ.

CrackZ.......


You the man

Woodmann

Yep to both. CrackZ IS the man and "well it isn't hard to find." But we know that it is not that likely that any "searching" has been going on.

Regards,

"The first step in finding an answer is asking the right question"

Aristotle

Actually, he never said anything like that, He did not speak English either, but none the less this aphorism is a cardinal fact in research. . . of any kind.

Naides

Well he may have ask "the right question," which was "Can anybody prepare the .dmp to .reg converter" to which the answer is: "yes, someone has." This, however, does not appear to be the question he wanted to ask, was "where" he might find it.

That question, however, is one that is NOT supposed to be asked here. And, in any case, the answer would be: "Seek, and yee shall find."

Regards,

Greetings CrackZ,


Just wanted to clarify does it mean that 3C / 3D services good data can be recovered without original dongle ? OR we still require the original dongle at some end.

Regards, Sope.

Ohhhh i tried to do this job a month before but i was not able to do anything.
Here the attched file have my little research.
Here i did two job.
1. I grab dongle with original haspdrivers and that file is Original.Lock44830FE3.dmp
2. I capture the dongle with glasha programm and with glasha hasp emulator driver i again grab the dongle that file is Emu.44830FE3.dmp

One can compare both the files the only difference is between bytes 0000005c and 000000d3. That much bytes are used to create the EDStruct section in the registry. Here is the sample EDStruct with .reg file.

REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Emulator\HASP\Dump\44830FE3]
"Name"="Jack"
"Copyright"="Son"
"Created"="29.05.03 14:46"
"SN"=dword:325BA014
"Type"=dword:00000005
"Memory"=dword:00000000
"SecTable"=hex:71,73,31,33,E9,EB,A9,AB
"NetMemory"=hex:FF,FF,FF,FF,FF,FF,00,00,FF,FF,FD,FF
"Option"=hex:01,01,00,4A,1F,01,1E,0C,83,01,09,12,25
"Data"=hex:FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
41,50,53,4F,C3,C0,0D,00,11,03,04,00,11,03,04,00,\
15,FF,00,00,03,17,04,04,05,17,04,04,06,17,04,04,\
08,17,04,04,0A,17,04,04,0B,17,04,04,0D,17,04,04,\
0E,17,04,04,12,17,04,04,13,17,04,04,17,17,04,04,\
19,17,04,04,1A,17,04,04,1B,17,04,04,1C,17,04,04,\
1D,17,04,04,21,17,04,04,22,17,04,04,27,17,04,04,\
29,17,04,04,2B,17,04,04,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"EDStruct"=hex:00,A4,00,00,8A,00,01,34,00,D4,00,00,46,00,01,0A,\
00,04,00,00,46,00,01,4D,00,74,02,00,46,00,01,73,\
00,B2,04,00,46,00,01,74,00,A4,01,00,46,00,01,6D,\
00,94,01,00,46,00,01,6D,00,14,00,00,46,00,01,0A,\
00,64,02,00,46,00,01,72,00,92,04,00,46,00,01,2E,\
00,44,02,00,46,00,01,65,00,24,00,00,46,00,01,3A,\
00,E4,01,00,46,00,01,61,00,D4,01,00,46,00,01,6D,\
00,14,02,00,46,00,01,32,00,A2,04,00,46,00,01,44,\
00,64,03,00,46,00,01,65,00,14,04,00,46,00,01,74,\
00,94,03,00,46,00,01,6D,00,24,02,00,46,00,01,01,\
00,84,02,00,46,00,01,00,00,54,03,00,46,00,01,00,\
00,A4,03,00,46,00,01,00,00,54,01,00,46,00,01,01,\
00,34,00,00,EA,00,01,00,00,04,00,00,EA,00,01,00,\
00,A4,05,00,EA,00,01,20,00,C4,00,00,EA,00,01,72,\
00,F4,00,00,EA,00,01,6B,00,C4,01,00,EA,00,01,6C,\
00,14,02,00,82,00,01,6E,00,C8,1D,00,82,00,01,31

Hows this EDStruct is prepared that what of interest.

one more interesting thin in the .dmp file here that

In that region of the file from bytes 0000005c and 000000d3.

The exact Middle portion 80 98 44 81 F2 19 BF C4 is of main interest too.
Because before that and after that all the bytes are equals. May be this the main 8 bytes used to decrypt or encrypt the functions. And this 8 bytes only is the EDStruct in registry. Might be that brain people didnt put this bytes directly but for misguiding it changed the data in registry and programmed the emulator.
Regards
jeet

The hasp4 3c/3d functions were cracked and released in summer of 2003, before brain studio had their emulator for the hasp4 3c/3d.

There are other emulators available which are much easier to reverse than brain studio.

This thread seems to me, to be, alot to do about nothing.

tgodd

friend, do u have any stuff or any emulator? working with this fuctions.
I would like to have. If you can help me
it will great help to me.
jeetz

jeetz4u:

You are NOT supposed to ask for the "Tools of the Trade" here. You should have noticed the statement in the Tools of the Trade Forum which clearly states:

Do not ask where to get the Tools of our Trade. Do not even think about asking for them.

This is why search engines were invented. So that you could do your own searching for information available on the net. Even if you can NOT find what you seek, do NOT ask for it here.

Regards,

Very nice this info, any better on "EDStruct" part?

EDStruct size must be 2016 bit

EDStruct in Glasha Hasp Emulator :

D7 37 81 54 7F 0E C3 C6 05 F6 8C 19 E5 63 CF 3F
17 C2 EE 36 C7 54 B6 7A 81 5F BB 06 75 0C A9 B3
8C EE 61 AE FC 44 D9 1D DE 17 F3 43 16 9B 3E C7
AA AB 8B 9B F3 A2 99 B7 F0 D3 41 A0 AF D2 28 B5
FE CC C5 5E AD 48 8D 58 92 89 52 1D 86 FF 9D 70
07 EC 07 90 C6 6B 56 37 9D 19 5C 7E B0 4C A2 3C
F0 C6 BA 0D 5B 20 D7 36 6D 3F 65 55 5E A5 1A 72
A3 78 1C C3 89 F4 BA F0 33 E2 DF 58 E8 D8 24 27
63 A5 3F C6 CC AA 22 18 03 7D 8C B3 5F EC 19 96
FE 18 89 0E 51 21 D9 E5 98 4A 83 E4 4A 8D C5 D4
4B 5C 68 B0 3B 13 8A D1 AC FA 9D AD C8 7F BC C7
8B 92 F5 FA C7 06 47 6C C4 89 43 F0 4A DE 90 27
A9 27 AA 0F 95 40 83 50 00 E0 C6 4B D8 B4 1B C6
28 9C 6D 53 74 2D BF F9 F5 86 C9 EC 60 86 8C 20
06 65 1E 7C C5 9A AD 68 AD FB 63 9C 88 AE 4A 41
E1 69 62 BC 23 DD 0F 72 D4 92 38 60 62 AB 70 F4

This structure is meshed in emulator by func in addr 10B24

This unmeshed EDStruct:

A1 8A 85 5D 46 8A 17 1D 36 0E D4 6D AE 1D 57 5F
FA 55 6A B3 E6 19 59 F1 1C BE 43 16 E9 A9 01 89
2B CE 9B 64 24 8C 58 FE 8B DE 21 61 C9 84 4E CF
9A 65 25 8D 06 BA FF AA 55 15 BD 82 D9 A8 FD 02
42 EA E3 EE 77 22 DD 9D 35 B1 48 65 30 CF 8F 27
35 9E D3 86 79 39 91 C1 CA BF EA 15 55 FD 04 1E
1F 4A B5 F5 5D E9 EF D2 87 78 38 90 D7 5A C3 96
69 29 81 63 B9 80 D5 2A 6A C2 43 4E AF FA 05 45
ED FF A8 CD 98 67 27 8F 9D 7F 4A 1F E0 A0 08 0D
69 80 D5 2A 6A C2 34 3D D0 85 7A 3A 92 EF 8D C0
95 6A 2A 82 F6 79 68 3D C2 82 2A 3E 19 7C 29 D6
96 3E B0 2C 01 54 AB EB 43 5D 88 75 20 DF 9F 37
25 5C 1D 48 B7 F7 5F A6 0A 47 12 ED AD 05 C5 DD
D0 85 7A 3A 92 10 2E 03 56 A9 E9 41 CA 9B A6 F3
0C 4C E4 48 7B 42 17 E8 A8 00 48 8C AD F8 07 47
EF FB 36 1E C6 7D FE 94 16 56 FB 55 00 00 00 00

and.... this internal structure of EDStruct:

1010000110001010100001010101110101000110100010100001011100011101

00110110000011101101010001101101101011 array1a
1000
01110101010111010111111111101001010101 array2a

const -> round - from 0 to 38 params.
0 11010 101011001111100110000110010101100111110001 00011100 ^
1 01111 100100001100010110111010011010100100000001 10001001 |
0 01010 111100111010011011011001000010010010001100 01011000 |
1 11111 101000101111011110001000010110000111001001 10000100 b
0 10011 101100111110011010011001010010010110001101 00000110 y
1 01110 101111111110101010010101010001010110111101 10000010 t
1 10110 011010100011111101000000100100001011101010 11100011 e
1 11011 100111011100100010110111011001110100110101 10110001 s
0 10010 000110010100110000110011111000111100100111 00110101
1 00111 101101001110000110011110010011100110010001 11000001 f
1 10010 101011111111101010000101010101010111111101 00000100 r
0 00111 100001111101001010101101011111010101011101 11101001 o
1 11011 111101001010000111011110000011100010010000 11010111 m
0 10110 101100001110010110011010010010100110000001 01100011
1 01110 011000000011010101001010100110101011000010 01000011 3
0 10011 101010111111111010000001010100010111101101 11111111 1
1 01010 001100110110011000011001110010011110001111 10011101
0 11111 110100101000011111111000001010000000001000 00001101 t
0 11010 011000000011010101001010100110101011000010 00110100 0
0 01111 011101000010000101011110100011101010010010 11101111
1 00011 011100000010010101011010100010101010000010 11110110 0
0 11110 010110100000111101110000101000001000101010 00111110
0 00110 010111110000101001110101101001011000111110 10110000
0 01011 000000000101010100101010111110101101000011 01011101
1 00010 000111010100100000110111111001111100110111 00100101
0 10111 000001110101001000101101111111011101011111 10100110
0 00010 100100011100010010111011011010110100000101 11000101
1 10111 011101000010000101011110100011101010010010 00010000
0 01011 100000001101010110101010011110100101000001 11001010
1 00110 111010011011110011000011000100110011100100 01001000
0 11110 110100001000010111111010001010100000000000 01001000
1 00011 001010110111111000000001110100011111101111 11111011

00110110000111101100011001111101111111 array1b
1010
01010000010110010101101111101101010101 array2b

i need help for research algorithm, which made EDStruct
from ??SecretTable?? or ??hsp passwords?? or other ??data??

There's also some info on

hxxp://wasm.ru/article.php?article=protect_by_hasp03
written by Chingachguk

I'm not good at assembly but maybe some of you are
All things may help I suppose....

Friend,
EDStruct in the glasha emulator is created by the .dmp file the h4dmp.exe is creating. you can find the h4dmp.exe file from the glasha website.

I am sending files.
1. 44830fe3.dmp generated with the h4dumper in presense of emulated timehasp

2. Registry file to emulate the 4483 0fe3 dongle that is jackson.reg

regards
jeet.

Unfortunately, this article not containt's info about creating EDS.

I run h4dmp.exe after emulate HASP with jacksons.reg.
dump file 44830FE3.dmp not equal your dump file 44830FE3.dmp.

so, your EDStruct is bad.

ok friend,
but i generated the that file with my hasp emulator.
dont know how its diff. from your.
Tell me did u found something else ?

How you make EDS Table in reg file?

P.S. if EDS Table maked by Glasha Hasp Emulator - then is bad, because it contains copy of random address of memory.

jeet, what do you mean? your attachment is the same with Jackson, nothing changed

@tgodd

Could you be more specific which emulators you mean
which wore with 3c/3d and are worth investigating?

tnx

Hi all!
I know the exact structure of DMP file from glasha's emulator. and i can build the necessary reg file for it if i have 3c\3d algorhytm... Can anyone give me such information? e-mail me if so...
The Glasha's dump consists of three main section:
Questions & answers for building the secret table.
Questions & answers for building the 3c algorhytm.
Questions & answers for building the 3d algorhytm.
other parameters are public and no so important.

Regards,

C0ND0R.
katran@xaker.ru