Log in

View Full Version : IS this the correct way to write hasp emulator

saber
August 11th, 2005, 00:03
Hi guys,
I am trying to write a hasp 3 emulator. The software works absolutely fine with glasha's hasp emulator still i would love to learn to write my own emulator.

The services called are

service 1 (two times)
Service 5 ( Once)
Service 32 (twice with diffrent para)
Service 6
Service 33 ( once)
Service 6 (again)

This is my first attempt to write emulator. please help
//Service 1 is called

CMP BH,01
JNZ @service 5
MOV EAX,00000001
RET



//service 5:
cmp BH, 05h
jnz @service 32
mov ax, 0001
mov bx, 0001
mov cx, 0066
mov dx, 1F4A

//service 32 (Read):


cmp BH, 32h
jnz @service ?
mov ax, 000D
mov bx, 0007
mov cx, 0000
mov dx, 6000

//Service 32 called again with seprate para (Why i have no idea)

cmp BH, 32h
jnz @service ?
mov ax, 0000
mov bx, 0014
mov cx, 0000
mov dx, 6000

//Then service 6 is called

cmp BH, 6h
jnz @service 33
mov ax, 0DFC
mov bx, 393C
mov cx, 0000
mov dx, 012C

//Then service 33 is called

cmp BH, 33
jnz @service ??
mov ax, 0000
mov bx, 0033
mov cx, 0000
mov dx, 6000



//Then service 6 is called again

cmp BH, 6h
jnz @service 33
mov ax, 0DFC
mov bx, 393C
mov cx, 0000
mov dx, 012C
naides
August 11th, 2005, 16:28
Quote:
[Originally Posted by rituraj]Hi guys,
I am trying to write a hasp 3 emulator. The software works absolutely fine with glasha's hasp emulator still i would love to learn to write my own emulator.

The services called are

service 1 (two times)
Service 5 ( Once)
Service 32 (twice with diffrent para)
Service 6
Service 33 ( once)
Service 6 (again)

This is my first attempt to write emulator. please help
//Service 1 is called

CMP BH,01
JNZ @service 5
MOV EAX,00000001
RET



//service 5:
cmp BH, 05h
jnz @service 32
mov ax, 0001
mov bx, 0001
mov cx, 0066
mov dx, 1F4A
RET
//service 32 (Read):

cmp BH, 32h
jnz @service 6h
// here do another comp that distinguishes one call to service 32 from the //other perhaps the paramenters passed
cmp ax, 0032 / I just made it up
//OR cmp ebp, the return address of this call
jnz @ service 32B
mov ax, 000D
mov bx, 0007
mov cx, 0000
mov dx, 6000
RET
//Service 32B called again with seprate para (Why i have no idea)

cmp BH, 32h // do the same comp, what the heck
jnz @service 6

//If there are only two calls, this will get it by default, so no more tests are needed
mov ax, 0000
mov bx, 0014
mov cx, 0000
mov dx, 6000
RET
//Then service 6 is called

cmp BH, 6h
jnz @service 33
// similar discriminator, place a cmp that helps you determined which service 6 //call you are dealing with
cmp ax, 0001 //(another paramater out of my ass)
jnz @ service 6B
mov ax, 0DFC
mov bx, 393C
mov cx, 0000
mov dx, 012C
RET
//Then service 33 is called

cmp BH, 33
//jnz @service ?? no need to jump nowhere, unless there are other calls to //emulate
mov ax, 0000
mov bx, 0033
mov cx, 0000
mov dx, 6000
RET


//Then service 6 is called again
// Service 6B
cmp BH, 6h
//jnz @service 33
mov ax, 0DFC
mov bx, 393C
mov cx, 0000
mov dx, 012C
RET


You get the idea, I hope
CrackZ
August 11th, 2005, 18:14
Hiya,

It would be wise to reconstruct your emulation for services 32 and 33 (ReadBlock & WriteBlock) respectively. From your returns from Service 5 I'm assuming your emulating a MemoHASP-1.

I'm recalling this from memory only so it might well be slightly wrong. As I remember it.

At hasp() with service 32/33.

EAX = pointer to buffer where memory will be returned
ECX = number of words to read
EDI = offset into dongle memory to start reading from

Returns.

EAX = EDI
EBX = number of words read
ECX = status of operation (should be 0)
EDX = EAX (i.e. pointer to returned data)

Working with this information it ought to be pretty simple to setup a delta offset to some fake memory and then return the simulated 'memory' as required by the API.

Regards

CrackZ.