I read this article and emulate some hasp hl success,so I post it,I wish it can help others to emulate hasp hl by himslef......If someone need tools,I can upload,and if have questions,you can ask,but what I'm know is limited,I can only guide in door.....


D-u-mping Hasp HL keys

How can be emulated hasp HL max http://www.aladdin.com/hasp/max.aspx . It works of course for Pro and Time.

What we need:
a key
d-u-mper – i used h5dmp.exe
TORO hasp monitor
Sataron’s UniDMP2reg convertor
emul-ator – i used Chingachguk vusb emu-lator

1. So at first, install dongle drivers, connect a dongle, run Toro monitor.
2. start your protected application and used it.
3. in TORO monitor you will see password for your key and memory of your du-mp. So use your protected software as usual, try to open all menus and dialogs, use every function …
4. Save log file, and save log file.
5. use du-mper and du-mp the key. Result will be – two files hasp.dmp (about 790 B in my case) and hhl_mem.dmp (about 4 KB).
6. then use Sataron’s Unidu-mp2reg and make a reg file (use vUSB Hasp HL option). You can edit this regfile and change licensing of your program (if it uses – hl max can be used for 112 programs)
7. And now the most important thing. Hasp HL uses enveloping technology with 128-bit AES symmetric encryption engine on key.

In TORO log we will find pairs. They can be found in the pairs window too.

Instructions can look like this one:


Code:
HaspHL In:> Hasphl_decrypt, Length=32
Data:
4284 ... ... ... 84ADA4 – It is a question for hash key
HaspHL Out:> Hasphl_decrypt Status=0 (0x0)
Response:
8222 ... ... ... 84ADA4 – And the key respond – it is his answer(I remove part of code)
So what we will do with it? We will do Q/A table. This is Questions and Answers table in reg file. I added it on the end of file.

Data or question of IN – write in Qtable
Response or answer or OUT – write in Atable
Data shoul be write in pairs like these: 4284 ... ... ... 84ADA4 should be write: 42,84, ... ... ... 84,AD,A4

The end of regfile shoul look:


Code:
... regfile

"QTable"=hex:\
42,84,... 84,AD,A4,\


"ATable"=hex:\
82,22,C2 ... 84,AD,A4,\Your program can use only one Q/A or too many. You must add them all. Then you can save your regfile.


8. Add reg file into registry
9. unplug your dongle
10. Install Chingachguk & Denger emu-lator, vusbbus.sys must be 0.15 or above. If all went fine, new device Hasp HL was found.
11. Your program should run


I hope, this text will help.

Vusb 0.15.1.4 can handle encrypt function too.

For a large Q/A pairs from Toro Emu-lator, you can use splitter.

I faint that some words become ******......

I edit the article and post,I wish it will not make the administrator in trouble....

Great post.
Very simple step by step walkthrough.

Thanks man.

I read this article and emulate some hasp hl success,so I post it,I wish it can help others to emulate hasp hl by himslef......If someone need tools,I can upload,and if have questions,you can ask,but what I'm know is limited,I can only guide in door.....


D-u-mping Hasp HL keys

How can be emulated hasp HL max http://www.aladdin.com/hasp/max.aspx . It works of course for Pro and Time.

What we need:
a key
d-u-mper – i used h5dmp.exe
TORO hasp monitor
Sataron’s UniDMP2reg convertor
emul-ator – i used Chingachguk vusb emu-lator

1. So at first, install dongle drivers, connect a dongle, run Toro monitor.
2. start your protected application and used it.
3. in TORO monitor you will see password for your key and memory of your du-mp. So use your protected software as usual, try to open all menus and dialogs, use every function …
4. Save log file, and save log file.
5. use du-mper and du-mp the key. Result will be – two files hasp.dmp (about 790 B in my case) and hhl_mem.dmp (about 4 KB).
6. then use Sataron’s Unidu-mp2reg and make a reg file (use vUSB Hasp HL option). You can edit this regfile and change licensing of your program (if it uses – hl max can be used for 112 programs)
7. And now the most important thing. Hasp HL uses enveloping technology with 128-bit AES symmetric encryption engine on key.

In TORO log we will find pairs. They can be found in the pairs window too.

Instructions can look like this one:


Code:
HaspHL In:> Hasphl_decrypt, Length=32
Data:
4284 ... ... ... 84ADA4 – It is a question for hash key
HaspHL Out:> Hasphl_decrypt Status=0 (0x0)
Response:
8222 ... ... ... 84ADA4 – And the key respond – it is his answer(I remove part of code)
So what we will do with it? We will do Q/A table. This is Questions and Answers table in reg file. I added it on the end of file.

Data or question of IN – write in Qtable
Response or answer or OUT – write in Atable
Data shoul be write in pairs like these: 4284 ... ... ... 84ADA4 should be write: 42,84, ... ... ... 84,AD,A4

The end of regfile shoul look:


Code:
... regfile

"QTable"=hex:\
42,84,... 84,AD,A4,\


"ATable"=hex:\
82,22,C2 ... 84,AD,A4,\Your program can use only one Q/A or too many. You must add them all. Then you can save your regfile.


8. Add reg file into registry
9. unplug your dongle
10. Install Chingachguk & Denger emu-lator, vusbbus.sys must be 0.15 or above. If all went fine, new device Hasp HL was found.
11. Your program should run


I hope, this text will help.

Vusb 0.15.1.4 can handle encrypt function too.

For a large Q/A pairs from Toro Emu-lator, you can use splitter.

look simple but not as simple as this...
how about when program enveloped?
how about random query/pair each time program execute?
how about extracting master query/pair from protected program?

thank you
step by step

look simple but not as simple as this...
how about when program enveloped?
how about random query/pair each time program execute?
how about extracting master query/pair from protected program?

I said it is only a indoor guide,If the program use random Q/A,I am afraid that
you can not emu-late the program unless you debug and crxck the program....

I said it is only a indoor guide,If the program use random Q/A,I am afraid that
you can not emu-late the program unless you debug and crxck the program....

thks for your answer :)

Tools to help you converting Blocks of Master key Table (when you emulating enveloped HaspHL program)

credit goes to Git! (the author)
no password required

PS:
He he he funny thing happen!, i upload the this attachment and i can't view it self :D
how pity i am
in case another member cannot download here external link http://rapidshare.com/files/326911228/Bin2DTable139.zip


Bin2DTable V1.39 16 October 2009

Bin2DTable converts files containing 4096 byte blocks of Hasp HL Q/A pairs into text file containing registry info suitable for inclusion in MultiKey V16 and V18 formats and other ********s. The two formats are produced in 2 separate files.

Usage :

Bin2DTable filelist

'filelist' is one or more filenames, each containing 4096 bytes HaspHL Q/A block. Use of wildcards is permitted.

Examples :

Bin2DTable file1.bin ; coverts file1.bin
Bin2DTable file1.bin file2.bin ; converts file1.bin and file2.bin
Bin2DTable *.bin ; converts all files in the current directory with suffix bin
Bin2DTable *.nib file1.bin file2.bin *.hex file3.bin ; just showing off now

Format of the 4096 byte HaspHL block file. This is a binary file containing 128 consequetive 16 byte Answers followed by the corresponding 128 consequetive 16 byte Queries. The block is usually extracted from an enveloped file by known methods.

Output files. Two output files are produced for each input file. Given an input file named file1.bin, the two output files will be file1_QATable.txt and file1_DTable.txt. file1_QATable.txt has and array of 128 lines of 16 bytes, each under the Value name QTable, followed by the corresponding array under the Value name ATable. This format is suitable for inclusion in registry files for V16 of the MultiKey ******** and other VUSB ********s. file1_DTable.txt has the 1 line per Q/A pair format used by MultiKey V18 registry files. Concatenation of the output files into a working registry file is up to the reader.

nothings as simple as it seems...