Hey @all,
my first post, cool board with very cool threads :D

so i have a problem with cracking an old DOS application with an dongle. Its an CAD/CAM application.
Its an really old app that only run in DOS... so i installed Win95 in VirtualPC and the dongle protected app works fine in Win95. Then i used WKPE 1.2 to capture all at the LPT port where the Dongle is installed. and it also works when i emulate the captured file BUT it i have to adjust the windows time exactly to this point when the dongle was captured. So it seems to be that the dongle generates the code with the windows time...

Then i tried to dump the Dongle with FASTREAD... works but i can't find any emulation software for the log file...

Any ideas? Please help me...
Thanks, and sorry for my english...

Greets from austria

So it is dongle from Aladdin? Hardlock? or any other

if fast read works so it is hardlock
try to dump using sparow dumper
and use safe key

so thank you for you fast answers!
on the dongle there is a logo like "///FAST"
and fastread works so i am sure its an hardlock or?

@foffa: What is safe key? Do you mean the commercial site safe-key? They want 350$ for their software...

Or do you have this emu tool from safe key?

THANK YOU SO MUCH!!!!

as foffa say's:
"try to dump using sparow dumper" with ModAd 6A5F
"and use safe key" use youre brain and board search function.
or take a look on RCE forum on your identical post...

hello,
sry i don't understand what you mean.
I cant find a emu software like safe key!?!?!? I only know the company safe key, there you can buy an emu for 350$

dont be so angry, i know i'm a noob :(

@wulf99

If this Software runs ok under DOS, and you have the Dongle
then you can only install the USERPORT.SYS under WINXP and all will be ok.
The Problem under XP is this you don't have real Ports only virtuals

Read information and download it from here:

http://www.eprop.de/epfaq/nt2kxp.htm
http://www.skilltronics.de/versuch/elektronik_pc/comtest.html

or use Google for more Information

you need safe key 25k hardlock.sys emu.
All you need are on this board.
Try to use your eye and use SEARCH!

@triton: Thanks for your answer! But to run the software with the original dongle is no the problem! I want the software at the same time at 2 Computers. And there is no chance to get an second dongle because the company doesn't exists anymore!

@klopschik: Thanks for your help!!! Now i have the safe key hardlock.sys but the problem is that i need the hardlock.vxd for Windows95... and i can't find this file! On the alladin site, there is this file but its down :( So any ideas?
ThANK YOU!!!

HLDRV32 EXE Win32 (Windows XP, 2000, NT4, ME, 98, 95) GUI install
HLDINST EXE Win32 (Windows XP, XP 64 2000, NT4, ME, 98, 95) command line install

HLDRV16 EXE Win16 (Win3.1x) GUI install
INSTVXD EXE Win16 (Win3.1x) command line install


ftp://ftp.ealaddin.com/pub/aladdin.de/hardlock/drvinst.zip

Wrong! You doesn't need hardlock.vxd. Your old DOS app does directly access the lock on the LPT not over hardlock.vxd.

You need a Weye6a5f.386! Load this driver over an device entry in system.ini

thank you klopschik,
but there is no Weye6a5f.386 out there... not here in the board and nothing with search engines... :(

But what should i do with the hardlock.sys? This is not made for Win95 (thats what i read).

Thank you for your patience!!!!

@Klopschik

(imagine) win 95 and DOS application

and you say

you need safe key 25k hardlock.sys emu.

is what you say make sense :eek:

Wrong! You doesn't need hardlock.vxd. Your old DOS app does directly access the lock on the LPT not over hardlock.vxd.


You need a Weye6a5f.386! Load this driver over an device entry in system.ini :eek:

:mad: is your brain accepting what your hand write :mad:

@Klopschik

(imagine) win 95 and DOS application

and you say



is what you say make sense :eek:




:eek:

:mad: is your brain accepting what your hand write :mad:

dont flame against Klopschik, he is clever accommodating guy!

@foffa:
so do you know what i can do?
i tried the HLDump2008 software from the Edge team, but it doesn't run on my win95 system! and hl-dump v2 doesn't work too :(

so i have my dumb from the fastread.com and now? is there no way to emulate this dumb?

Thank you so much for your help @all!

@foffa
Sorry! I read the first post from wulf99 without my thinking hat. Hardlock.sys only for NT/2000/XP/Vista. Btw. Imagi.. and safe key have nothing for hardlock old style for w95.

@wulf99
With fastread you will never get a valid dump. For your app you have an old FAST Hardlock with ModAd 6A5F.

This should be what you are looking for. But i never test it! Maybe it doesnt work ;)
http://rapidshare.com/files/104581544/em.rar.html
enjoy!

Best regards 2all (especially 2Klopschik)

Here you can download emulator for Win3.1 and Win9x
http://depositfiles.com/files/4516387
This emulator works only for appz that communicate directly with lock device over the LPT port and not over the hardlock.vxd driver!
This emulator works for ALL Fast hardlock's!

Dump your lock with hldmp from NoDongle (hldmp /dmp 0x6A5F)
Calculate your seeds
Insert ModAd and Seeds in driver you have download
Make entrys in system.ini as described in readme.txt

@klopschik: Thank you very much for your help.

Now i have dumped my dongle with hl-dump
and tried to calculate my seeds with "HL_Solver"

But what should i do at next? The "HL_Sover" shows a lot of Seeds, what should i do with all them?
What do you mean with insert ModAd and Seeds in Driver?

I already downloaded your driver an copied it into the win/system directory and did the system.ini entrys.

thank you for all!!!

make .fst file, place it to %systemroot%\system32\drivers\ folder with emul, reboot and enjoy...

@Bfox: Thank you for your answer!

But the problem is that i can't calculate my seeds :(
And without seeds i can't make a .fst right?
And i can only use win95!

when i want to calculate my seeds with hl_solve it only shows a lot of seed3, like a bruteforce! But on seed1&2 there is everytime 0x00

Whats the problem here? I dumped with hldmp from NoDongle (hldmp /dmp 0x6A5F) like klopschik told me...


Thank you all very much!!!

@Bfox: Thank you for your answer!

But the problem is that i can't calculate my seeds :(
And without seeds i can't make a .fst right?
And i can only use win95!

when i want to calculate my seeds with hl_solve it only shows a lot of seed3, like a bruteforce! But on seed1&2 there is everytime 0x00

Whats the problem here? I dumped with hldmp from NoDongle (hldmp /dmp 0x6A5F) like klopschik told me...


Thank you all very much!!!
HL_Solver is not good some time system is restarted and too much slow solution, if u want to get only seed then look image I attached and give the details of hardlock emulator requirements.

@wulf99: if you need solve it - PM me.

@souze_villy: Thank you for your description!
I tried to find out my seeds from my dump with an hex editor but my dump looks a little strange isnt it? I attached it...

I already tried to make a valid .fst from these seed datas but it doesnt work with the HLOCK95.VXD and WeyeXXXX.VXD Emu :(

Can anybody take a look at my dumb? (Rename .txt in .dat) Its made with HL_Dump... Thank you all so much!

Hello to all.

I've some (very) old dos programs that use dongle and I found this thread very intersting.


@Klopschik


Here you can download emulator for Win3.1 and Win9x
http://depositfiles.com/files/4516387


The link is down, could you reupload that file or write the name if it's around in the net, please.

Thanks.


@wulf99

Recently I've found a nice and unknow, for me, emulator:

hxxp://www-user.tu-chemnitz.de/~heha/hs_freeware/dknack_.exe

It's similar to kpe (trapping lpt i/o).
The exe files are in german and english, but the good doc/help are only in german.

The dump file are not wkpe compatible but very similar (see doc).

Tested, I ran the programs in dos console (w98) and dbox emulator (w2K,xp) :

Works fine in W98/nt/2Kpro.

In WXPpro it works the first time only after every reboot (?!?) and not saves the dump (system crash and reboot), so don't try this function in XP !

@wulf99: may be you try dump emul with enabled anti-dumping function?

Here you can download emulator for Win3.1 and Win9x
http://depositfiles.com/files/4516387
This emulator works only for appz that communicate directly with lock device over the LPT port and not over the hardlock.vxd driver!
This emulator works for ALL Fast hardlock's!

Dump your lock with hldmp from NoDongle (hldmp /dmp 0x6A5F)
Calculate your seeds
Insert ModAd and Seeds in driver you have download
Make entrys in system.ini as described in readme.txt

why do you belive my ModAd is 6A5F? Because the dumper from Sparow (sparow.ru) doesn't find anything on this modad... so i startet a bruteforce now. but i think that will take a long time!
But why do you think its 6A5F? Do you know that dongle protected program? Or does all old FAST Dongles have the same modad???

Special thanks to you!

why do you belive my ModAd is 6A5F? Because the dumper from Sparow (sparow.ru) doesn't find anything on this modad... so i startet a bruteforce now. but i think that will take a long time!
But why do you think its 6A5F? Do you know that dongle protected program? Or does all old FAST Dongles have the same modad???

Special thanks to you!
Ur modad is I think Flora, try to dmp again modad with Modad = ***F.

thank you for your answer!
ok so i have the FLORA, but i have to bruteforce right?
But is it possible to only bruteforce ***F???
I am now bruteforcing all and that will take about 30 hours :( But it would be no problem if there is no other way...

THX :)

thank you for your answer!
ok so i have the FLORA, but i have to bruteforce right?
But is it possible to only bruteforce ***F???
I am now bruteforcing all and that will take about 30 hours :( But it would be no problem if there is no other way...

THX :)
yes exactly, Flora Asic Emulator Modad in last Digit if (F) then must use the ***F so he will be perfect dumped. Send dmp to me I want look, and last u add he is not dmp properly.

Im logged in and can't open your attached dumpfile to have a look on it. Get allways message that I have no rights to open. Does anyone know what the problem is?

@wulf99
Yes I know the Bosch Trumagraph. This program uses the first lock made from Fast. Lock are beige and inside the lock are a PEEL18CV8P. Newer Fast EYE with ASIC can programmed in compatible mode to this old lock device.

The ModAd from Trumagraph are 6A5F. Other programs uses other ModAds.

You have more than one .fsx file and the first bytes are xx xx CB 32 5F 6A or xx xx 3D C4 5F 6A. Right?

With hlock95 you will never get it to work. Hlock95 from safek... works only for newer Fast and does corresponds to the hardlock.vxd. Your DOS Trumagraph communicate directly with LPT port not with hlock95.vxd and not with hardlock.vxd. Hardlock.vxd are only used from newer Win-32 programs.

---------------------
My english are not Oxford but I think you understand wat I wrote.

hey

@klopschik: yes you are right with the lock :) But whats an .fsx file?
So all dumpers i tried doesn't find the dongle :( I bruteforced with Sparows dumper and from noDongle but without any results! And with the modad 6A5F the dumpers doesn't find anything too :(
in my windows95 system in virtualPC i always get the message "Hardlock module not found" but the Software Trumagraph finds the dongle because it starts normal!
What could be the problem?

@klopschik: I read that sporaw's dumper use the hardlock driver! But you said that TRUMAGRAPH use directly the LPT Port without the driver right? So this can't work isn't it?

Thank you!!!

I think the problem are that all dumpers only can dump Fast with ASIC not the old one with PEEL.

I send you an dumper with PM. You have to start this dumper with following parameters: TestFst7 /H A:1A12 (Enter)

If Dongle not found you must boot with MS-DOS and repeat the test.

After Test you will get a file H-1A12.dat with 34 KB. Send me this file with PM.

Grüße nach Österreich!

Last dump you have sent are perfect. Zeros at the end from dump are reserved for memory from lock. Your lock does have no memory.

I will sent you a Weye driver for this lock next days.

ok super!!! that was a very good idea with DOS!!!

Thank you so, that would be great if you can send me this things. i sent you my mail address with PM, so you don't have to upload things...

!!!!!!!!!THANK YOU!!!!!!!!!

Sent you driver with mail. I have load the driver in VM and read back with dumper. Dump files are identical. So I think driver should work without problems.

@klopschik: thank you, but in your mail there is only a link to a russian website (po**ta.ru) and nothing was attached! Could you please sent it again?

Thank you klopschik!

I think the problem are that all dumpers only can dump Fast with ASIC not the old one with PEEL.


Hello, this is a very intersting thread.

... and for the hardlock that was found right with the dumper but don't use a windows's vxd or a sys ?

Any chances for a direct emulation in dos without a trapping/player such as wkpe or dk?

I've searched info about this for years but the only way that works with my original dos dongles are the emulators.

When I forgot at home the dongle, is not a great sacrifice starting the emu, load the file, etc., but I'll like to find a way to run my old software without jumping from XP and W98.

Usually I used dosbox emulator with a special lpt patch, because the VPC haven't a great vesa graphics support and I don't like work with the disk image.

Could you tell a bit more about the "Weye driver", please.

Thanks.

_rack_

... and for the hardlock that was found right with the dumper but don't use a windows's vxd or a sys ?
Uses a windows 386 driver.

Any chances for a direct emulation in dos without a trapping/player such as wkpe or dk?
Direct emulation in DOS you can do with a TSR.

Usually I used dosbox emulator with a special lpt patch, because the VPC haven't a great vesa graphics support and I don't like work with the disk image.
A good choice are MS Virtual PC 2007 you can download for free.

Could you tell a bit more about the "Weye driver", please.
Weye... does only work on Win-3.x/3.11 all Win-9x and I have tested it successfully on MS Virtual PC 2007 with Win-9x.

@klopschik: Thank you very much!!! The weyeXXXX driver works perfect!!! Without you it wouldn't be possible to get this work... All these tools for those old dongle are very hard to get or not public....

And BIG THX to all others here!!! Its an really interessting board and i learned a lot! my new project are two SENTINEL SUPER PRO Dongles...

SO THX!!!!! :)

@Klopschik

Thank you for the answers.


Direct emulation in DOS you can do with a TSR.


I've identified (hope) the structure of kpe data file:

00 NN -> "NN" output (base address)
01 NN -> "NN" input (base address+1)
02 NN -> "NN" output (base address+2)

not all the dongles useing this last register and for the only one I had (actikey) the captured "02" datas are at the top and at the end, so I think it's a kind of power supply ON/OFF.

The dk uses a similar one as explained in its help...

but, how and where put all those "answers" ?

I shoud read the ouput as :

push dx
mov dx,0x378
in al,dx ; is it accepted from the compiler???

read the answer from a table and send the right value "NN" to the input:

mov al,0xNN
mov dx,0x379
out dx,al

Is this the right way ???

Please, do you have a link or a .com source to study ???

hello all

i have a dos software to make a pattern design with dongle protected and now i want to emulate the dongle so in the next time iam not depend on this dongle anymore. but i don't have any experience with dos command or emulate dongle. please can someone help me to solve this.

for info, there is a batch file to run a software and the script like this:
\tasc\hc_exe\run386 -hwivec 90h -vm \tasc\hc_exe\vmmdrv \tasc\hc_exe\tasc ( in one line )

best rgds

ronny

@Klopschik

WOuld you be so kind to provide me with a copy of the driver/emulator you sent Wulf99 PLEASE?!! Thanks

@ Klopschik I'd be much obliged if the "emulator for Win3.1 and Win9x" would stop again at DepositFiles or RapidShare.
1000 thanks in advance.
Best regards r.r.k