Hi all,
I'd like to get some information about HASP HL; I visited aladdin sites, but what I really want to know are the advences, the real situation breaking that pretection system.
Thx in advance

Hi,

You can begin here
http://www.woodmann.com/crackz/Dongles.htm

i tell you that is a good start

Melvill

I think they pretty much tell you the technology.

128-bit AES encryption, wanna bet where those keys are going to be stored or coming from ? ;-).

Likely scenario is either a single AES key assigned per developer or a single set of AES keys assigned and then selected for encryption/decryption using certain API parameters.

Only real question is whether they've dispensed with an ASIC of sorts in between or whether its a straight AES In/Out unit, ASIC dev costs are high so they might not have developed anything new, however it'd be just as secure to ditch the ASIC altogether.

Its the same old problem really, someone with a legitamate device will be able to study data sent and data returned. Only possibility is how the crackers are going to read out the contents, I doubt they'll use friendly Cypress chips again ;p.

Regards

CrackZ.

NB - Just thinking about it, the best place to look is probably the API guides and SDK, I expect they are available.

Cypress products have the characteristics that it is one time programmed chips, while HL (especially previous HL) put the "ID" (password, "algorithms", etc.) in the processor (ROM part), so even if we know the "ID" (refer to some program from Glasha), we can not duplicate 100% the HL, unless we know the whole contents of the ROM of the processor. As far as the encryption is concerned, it is probably still using AES, as a "standard" Cypress.

To CrackZ,

If you are interested we can have a look SuperPro USB, since the ID is put in the memory. I have a sample of the content of the memory, but it is crypted, and I am not sure if it is MD5 as somebody mentioned. For instance, the WP becomes Dword (high or low order dword of the MD5 ?) instead of a byte.

scorpie,

Shall we continue this conversation via e-mail? ;-).

CrackZ,

Thank you very much for the positive response.

Good idea to continue via e-mail, and I am not sure if I can attach anything to your e-mail as mentioned on your web. I will try to-night to send e-mail through your "Yahoo".


Bye,
Scorpie