Hi folks,

I have here a Hasp HL protected software which gives me that famous error:

"Error 1031: Envelope unknown error"

Its because the file is enveloped and I need to extract the Q/A Tables from it.
There is a How to available from Git, but for me its not easy to follow.



1) Run program.
2)When Envelope Error occurs, Dump program with debugger or PE tool, then quit program.
3) Search dump with hex editor for GetTickCount. Make sure you have instance which is not next to all other import names. If in doubt, take successful Answer from Logger and search for that in dump. Then search back until you find GetTickCount.
4) Save 4096 bytes from start of block to file block1.bin. Block starts N bytes after GetTickCount (N=14 ??)
5) Convert block1.bin to Registry format with Bin2DTable.
6) Incorporate new Q/A pairs from (5) into your Reg file, enter Reg file into Registry and restart the emulator.
7) Run program. If Envelope Error occurs, GOTO (2). Repeat for theoretical maximum total of 5 times.
8) If you still have Envelope Error you made a mistake so GOTO (1) and repeat whole procedure.
9) Now you have fixed the Envelope. If you are lucky and the programmer was lazy then your program will run. If the programmer was smart you will have many more Q/A pairs to retrieve. Just keep running the program with a Logger running and explorer all of the programs features. Add the Q/A pairs from the Log to the registry and repeatedly GOTO (9) until emulator works 100%



My problem starts at Position number 4. How many bytes after the GetTickCount I have to start N=14 or 8 ??.
Then how to mark and save exactly 4096 bytes inside a Hex Editor? Need some pictures or a small tut video.

Maybe someone could help me with this.

TIA


Lomex

I have a software with the same problem, but here you do have ( I guess) a dongle right? from which you willl extract the Q/A

If by any means you reached something , let me know :D
because I dont have the dongle in mine, also the software is running but requiring to enter a serial number, but the exe itself i kinda encrypted and is hasp HL protected

@Lomex

¿What is your software?

Removing the Hasp envelope is rather easy if you have a running configuration. Trouble comes when you have only the installer of a partial solution.

Removing the envelope is possible however takes a lot of work. If you have enough time, it's an option. Otherwise, look out for a normal valid instalation to get rid of the envelope.


@lomex
There's an nice video how to whcih describes your problem.I think I'll have it still somewhere and will post it then.
To bypass your problem you could use another emulator ;-)

@ Lomex,

I have this tutorial as well, maybe can help you

But just wait for DCA's tutorial, pretty sure it can solve all your problems ;)

Lomex, this error means that the Q/A pair responses
that you include inside the reg file was not enough.
Log it again with TORO monitor.
Some say these Q/A pair responses is between 1,000 to 100,000.
But some say it was infinity, if the developer really want to protect it S/W to the fullest.
From my experience, first time I logged about 500 Q/A from the software and the this envelope error occurred.
Then I logged 1,000 Q/A pairs, still this error appeared.
Third time I logged it and collected about 2,000 Q/A pairs, the error gone and the S/W runs smoothly without dongle. :)
This Q/A pairs depends on how the developers implement it inside their S/W.
Note that here, I saved the logged Q/A pairs to .bin format.
I convert it to reg file using Git tool, Bin2Dtable.
The last step you just merge this Q/A pairs into your dongle dump reg file. :)

Hi,

thanks a lot guys for trying to help. Thanks bassem_16 for this tutorial Video. But this Video is for experienced users of OllyDB. I think I need weeks to understand what the guy is doing in this video.

I hoped that someone could tell me the easy way with a Hex Editor, to extract 4096 Bytes to a bin File. Thats something I could do, without the need to learn OllyDB from scratch.

Yupp, I have a log file for it. But after reading the post from Shiela, it seems that its incomplete. The problem is that I dont have the dongle here to make another Log File. I have working solution of an older Version of it. Lets say, Version 2007 is working, but not Version 2007 SP2.

I thought is possible (if you are lucky) to extract missing Q/A Tables with the tutorial described by Git. But it seems not.

cu

Lomex

GIT method is complete, I have emulated 2 different software using the same method,

you just need to find appropriate place where the Answers begin in dumped file. ( please note that answers come before queries in dumped file).