New Safenet dongles couldn't be cracked, I even consulted few proffessional on net like "Donglelabs" and "nodongle", but unfortunately everybody refused for a emulater for safenet dongles. Any comment or idea to whom to consult for a safenet Dongle emulater

Yes, it is right, but correct is Safenet SHK, other safenet products (older) can be emulated without problem.

HASP SRM and SafeNet Sentinel Hardware Key (SHK) are hard to be emulated at this time. I got a few people did it, but I have not ever seen their emulator. If you need, you can visit the below page (I do not make adv for it, just found it when I search something about dongle emulator on Google!)

http://www.unpacking.net/

I also speak abou SHK with some experts and they told me that exist only very limited and software specific way of emulation. Maybe if there is poor implementation :D
About HASP SRM i dont know :) Btw what is the improvement of HASP SRM against HASP HL? I tried dump it and there is no problem :)

unfortunately both of these are my targets. From what i gather, SRM has 2 areas to pull key from.

I can get a dump also.. but its useless so far

somebody smarter than me get on this!

also..

http://www.unpacking.net
this site feels like trash to me

As i know There Some SRM dongle In HL mode (like HL in Hasp4 mide).
If your dog run in HL mode you can try with Tabular Emu.
Just need Pair table and dongle dump (pair table from .Protect).

any urls for tabular? i have not tried this

did u talk to toro toro ??

hes like very advanced , i think he can crack them

talke to him , and tell him i recomended him to u

he knows me as ajfahmi

hes really good

how to know new or old safenet lock

safenet SHK table based emulation is possible.

Yesterday I came across an another software application which again uses the "Safenet SHK". I tried almost all the dumper as advised in this forum but all in vain, nothing happened.

Any progress in emulating such Safenet SHK Dongles.

Yesterday I came across an another software application which again uses the "Safenet SHK". I tried almost all the dumper as advised in this forum but all in vain, nothing happened.

Any progress in emulating such Safenet SHK Dongles.

still no available any public tools for Sentinel SHK!

safenet SHK table based emulation is possible.

I heard that Sentinel SHK emulation is possible By TORO, any idea or clue for us

I heard that Sentinel SHK emulation is possible By TORO, any idea or clue for us

yes, but TORO want pay for his solution :D

yes, but TORO want pay for his solution :D

hmm, i can't remember you asked me for shk , so i can't remember to ask payment for it.
btw everyday many software resellers from this forum and other places ask me for some crack/emulators solutions, they all want to resell, most of them don't know about crack knowledge, some of them even can't install an emulator by themselves and some of them are using ready made emulators but always have problem with custom softwares. i have to say "No" or "i am busy" to them, but from long time ago my experience in internet lead me to say "No" in other way :D for many of such guys say a price (no need to be so high) it can be a good "No" or even a good "Bye" for them and can truncate along chat:) so i choosed this way to keep my time and do not waste it on such long chats w/o any results.
and about SHK, why i wrote that post? because i saw some other guys said SHK emulation is not possible or need some kind of patch and so on, so i decided to say its possible because i did it (of course it was so harder than superpro / ultrapro hashl...), now i think i removed 50% of the problem, which is the mental problem of impossibility. other part is up to you :D and i can help on it but to guys who did at least some work by their hands on it.

Hi TORO!

You remember well. I didnt want from you any shk emulator. But i know someone who want from you wibu emu ;) So i know you want money for your solution.
I want you should know that i respect pay you for solution. You are real dongle guru, and have huge knowledeges about emulation, hat off ;) Not as some guys which only resell solution from someone other.
About SHK: i have only information from my local reseler of SHK keys, which tell me that SHK is still not cracked :) Also i saw some powerpoint presentation from SAFENET (from some security seminar) which describe "IMPOSSIBILITY" emulation of this key :D

May i know if your solution is only "table" or full algo solved ?

And last question. You wrote that you have SHK key monitor. Do you plan release it for us as you did with previous monitor for SuperPro/UltraPro keys?

Best regards!

> May i know if your solution is only "table" or full algo solved ?

Just like Hasp HL, sentinel ultrapro, and many others, full algo is public knowledge, it is AES encryption. You can download the source code. Also like the others, the problem is finding the encryption key which is different for every dongle app.

The "IMPOSSIBILITY" probably refers to finding the encryption key by brute force exhaustive key seach methods, and in that context they are correct, it is as close to impossible as it gets.

Anytime you have a finite number of query/response pairs then table emulation will always be possible. Proper use of the dongle ensures that the number of possible queries your app uses is as close to infinite as the query length allows.

Git

tanx to Git for clarification, but seems i have to explain more about SHK.

actually SHK has a new feature which i havnt seen on other dongles (except wibu codemeter with some variations) . they used a public/private key schema for packet encryption. each SHK dongle has a public key and a private key, and protected program has its public key which stored in softwarekey and a runtime generate private key. based on ECKAS-DH1 standard, SHK uses these key pairs to generate a shared secret and then an AES key for packet encryption. so as their point of view, this is not possible to log or emulate dongle because the logger/emulator is not aware of dongle and API private keys.
also SHK uses ECC and AES as encryption algos for query functions and sign/verify functions.
so there are 2 impossibilities:
1: query and sign/verify emulation which need to find keys for AES and ECC functions. and this can be bypassed with table emulation.
2: packet logging and emulation which need to be aware dongle and api private keys.

the first impossibility was there for other dongles such as sentinel ultrapro and hasp hl/srm. but second impossibility is new and is harder to bypass and this is what i bypassed :D.

so i can say again that it is possible to emulate an SHK protected program even an enveloped one.
and about share of logger, currently i do not want to do this;)

you can see a sample of my logger for a shk enveloped file:

TORO (nikan_nikan2001@yahoo.com) SHK Logger v1.1.0
In> ReadDirectMemory: Size=8 , Offset=0
Out> ReadDirectMemory: Status=0
C0 80 19 40 03 EA 01 0A

DirectMemorySize=28, LicenseID=0xEA01

In> ReadDirectMemory: Size=8 , Offset=28
Out> ReadDirectMemory: Status=0
00 00 00 00 00 00 00 00


In> ReadDirectMemory: Size=8 , Offset=0
Out> ReadDirectMemory: Status=0
C0 80 19 40 03 EA 01 0A

DirectMemorySize=28, LicenseID=0xEA01

In> ReadDirectMemory: Size=28 , Offset=0
Out> ReadDirectMemory: Status=0
C0 80 19 40 03 EA 01 0A
46 03 00 1D 00 46 03 03
1E 00 46 03 05 1F 00 46
03 08 20 00

DirectMemorySize=28, LicenseID=0xEA01

46 03 00 1D 00
46 03 03 1E 00
46 03 05 1F 00
46 03 08 20 00

In> Send Dongle Public Key:
06 22 C2 E8 59 A6 76 95
8D 30 1B 0F FA 73 4D 51
51 FC 17 39 12 01 07 8E
2F 66 BD 7C 77 85 07 F4
89 80 60 35 7D B3 8B 18
20 76

In> GetFeatureInfo: FeatureNumber=5
Out> GetFeatureInfo: Status=0
78 00 00 41 00 00 00 00

In> GetFeatureInfo: FeatureNumber=6
Out> GetFeatureInfo: Status=0
68 00 00 00 12 D8 BF 7D

In> ReadFeatureMemory: FeatureNumber=7
Out> ReadFeatureMemory: Status=0
00 00 00 02 00 00 00 62

In> QueryFeature: FeatureNumber=5
Flag=SP_CHECK_DEMO
136A873EB96855E743CEAB470201F5F945
Out> QueryFeature: Status=0


In> QueryFeature: FeatureNumber=5
Flag=SP_CHECK_DEMO
136A873EB96855E743CEAB470201F5F945
Out> QueryFeature: Status=0
C74950EDC3BC760691EA0CDF370E35EF

In> QueryFeature: FeatureNumber=5
Flag=SP_SIMPLE_QUERY
136A873EB96855E743CEAB470201F5F945
Out> QueryFeature: Status=0
F89454085BAF1ACB1D72FBC0B7D1076A

@@TORO-actually SHK has a new feature which i havnt seen on other dongles:
It's not very new feature, it's exist long time at SafeNet's other product series. If you research the SafeNet GrandDog, you should found almost 80% feature was same. The different was they use different algos. SHK use AES/ECC/SHA1 but GrandDog use AES/RC6/MD5 etc. To made the logger, it's fully possible even the private key was random but you can found the rule if you dig the SDK and solve flowers/maze/algos.:)

toro - how is the shared secret used?

ngoksun - is GrandDog a far eastern only product, like microdog?. I have never heard of it.

Git

@@TORO-actually SHK has a new feature which i havnt seen on other dongles:
It's not very new feature, it's exist long time at SafeNet's other product series. If you research the SafeNet GrandDog, you should found almost 80% feature was same. The different was they use different algos. SHK use AES/ECC/SHA1 but GrandDog use AES/RC6/MD5 etc. To made the logger, it's fully possible even the private key was random but you can found the rule if you dig the SDK and solve flowers/maze/algos.:)

hmm, i havnt seen such dongles, but from what you wrote i can say its new because of ECKAS-DH1 ( ecc + aes+...). as i know AES,RC6 and MD5 are not public/private key based. and private key of api is random in SHK. i know the rule and i made logger so i know what is there, but i do not think its possible in the way you mentioned ;) can you tell me how we can find ECC private keys based on a known public key? they used 163 bit (=21 bytes) keys. protection in this way is new because its so costly for dongle chips and i read they used a 16 bit strong chip to have the possibility of implementation of these packet protection schema.
btw i agree that it may be same in other products of safenet.

toro - how is the shared secret used?
Git

shared secret is private key of dongle multiple with public key of api which is equal to private key of api multiple with public key of dongle , then aes key calculated based on it.

http://rapidshare.com/files/126728987/MicroDog_Shell_emulator.rar.html



hmm, i havnt seen such dongles, but from what you wrote i can say its new because of ECKAS-DH1 ( ecc + aes+...). as i know AES,RC6 and MD5 are not public/private key based. and private key of api is random in SHK. i know the rule and i made logger so i know what is there, but i do not think its possible in the way you mentioned ;) can you tell me how we can find ECC private keys based on a known public key? they used 163 bit (=21 bytes) keys. protection in this way is new because its so costly for dongle chips and i read they used a 16 bit strong chip to have the possibility of implementation of these packet protection schema.
btw i agree that it may be same in other products of safenet.



shared secret is private key of dongle multiple with public key of api which is equal to private key of api multiple with public key of dongle , then aes key calculated based on it.

******** VIRUS ********

Git

I think no Virus
Read this Thread about MicroDog 3.4-4.X Emulator
http://www.reteam.org/board/showthread.php?t=942

******** VIRUS ********

Git

NO virus,*.sys vmp