Code:
*** General ***
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ xxxxxxxx]
xxxxxxxx - password key
To use the keys with the same password you want to add any character
after the password key:
... MultiKey \ Dumps \ xxxxxxxxa]
... MultiKey \ Dumps \ xxxxxxxx1]
"Name" = "xxx"
"Copyright" = "xxx"
"Created" = "xxx"
"DongleType" = dword: 0000000x - type key
1 - HASP
2 - HARDLOCK
3 - SENTINEL
4 - GUARDANT
*** HASP ***
"SN" = dword: xxxxxxxx - serial number
"Type" = dword: 000000xx - model
12 - Time HASP 3
0A - HASP4 M1 (deafult)
1A - HASP4 Time
EA - HASP HL
DA - HASP HL Time
"Memory" = dword: 00000001 - the size of memory
"SecTable" = hex: 00,00,00,00,00,00,00,00 - private table
"NetMemory" = hex: 03,00,0 F, D0, 02,00,00,00, FF, FF, FE, FF - cells' power 'memory
"Option" = hex: - not used
"Data" = hex: - memory cells
"ColumnMask" = dword: 000000FF
"CryptInitVect" = dword: 0000003F
Table-emulated functions hasp_decrypt + hasp_encrypt
The tables are arranged in podvetkah core of the dump:
Decrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ 12345604 \ DTable];
Encrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ 12345604 \ ETable].
The format of entries in the table (all values hexadecimal):
"10:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00
"20:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00
"30:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00
where
- "10:00112233445566778899 AABBCCDDEEFF" - a request to the key
10 (20,30) - query length in bytes
"00112233445566778899AABBCCDDEEFF" - the first 16 bytes of the query
- Hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00 - the answer key, are only
the first 16 bytes of real answer.
For example:
================================================== ================
2008/10/10 07:13:25.109 <== HaspHL_decrypt: Length = 0x10
2008/10/10 07:13:25.109 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:25.109
2A E1 F0 A2 | E1 B2 F1 F9 | 9F C8 72 F6 | CA 4B 01 49
2008/10/10 07:13:25.171 ==> HaspHL_decrypt: Output Data =
2008/10/10 07:13:25.171
53 9D 4D 03 | 00 00 00 00 | CB D2 6B 04 | 00 00 00 00
2008/10/10 07:13:25.171 ==> HaspHL_decrypt: Status = 0x00
================================================== ================
2008/10/10 07:13:23.484 <== HaspHL_decrypt: Length = 0x20
2008/10/10 07:13:23.484 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:23.484
7B 6E 8C DF | D6 51 A3 0C | 47 E1 FA 60 | 51 6C 79 71
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
2008/10/10 07:13:23.546 ==> HaspHL_decrypt: Output Data =
2008/10/10 07:13:23.546
02 B0 3C 6E | DA 88 46 BA | 4C 7E 5A 12 | 8E D6 DE 76
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
2008/10/10 07:13:23.546 ==> HaspHL_decrypt: Status = 0x00
================================================== ================
2008/10/10 07:13:23.609 <== HaspHL_decrypt: Length = 0x30
2008/10/10 07:13:23.609 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:23.609
7B 6E 8C DF | D6 51 A3 0C | 47 E1 FA 60 | 51 6C 79 71
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
9C F3 2A BD | A4 DA 3B 78 | 97 CC 44 ED | 42 47 42 E6
2008/10/10 07:13:23.671 ==> HaspHL_decrypt: Output Data =
2008/10/10 07:13:23.671
77 64 61 62 | 63 5F 60 61 | A2 B9 AC 60 | 61 62 63 5F
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
9C F3 2A BD | A4 DA 3B 78 | 97 CC 44 ED | 42 47 42 E6
2008/10/10 07:13:23.671 ==> HaspHL_decrypt: Status = 0x00
================================================== ===============
The resultant table:
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ 12345604 \ DTable];
"10:2 AE1F0A2E1B2F1F99FC872F6CA4B0149" = hex: 53,9 D, 4D, 03,00,00,00,00, CB, D2, 6B, 04,00,00,00,00
"20:7 B6E8CDFD651A30C47E1FA60516C7971" = hex: 02, B0, 3C, 6E, DA, 88,46, BA, 4C, 7E, 5A, 12,8 E, D6, DE, 76
"30:7 B6E8CDFD651A30C47E1FA60516C7971" = hex: 77,64,61,62,63,5 F, 60,61, A2, B9, AC, 60,61,62,63,5 F
If the protocol meets a single query length of 32 (20h) bytes, which is immediately
No request for a length of 48 (30h) bytes, then the query should be stored in the table as
two requests to 16 (10h) bytes
*** HARDLOCK ***
"ID" = dword: xxxxxxxx - serial number
"withMemory" = dword: 0000000x - the key to memory, or without it
"Seed1" = dword: 0000xxxx
"Seed2" = dword: 0000xxxx
"Seed3" = dword: 0000xxxx
"HlkMemory" = hex: - memory cells
*** SENTINEL ***
"Type" = dword: 00000000 - Model
"sntMemory" = hex: - memory cells
"CellType" = hex: - types of cells
*** GUARDANT ***
... MultiKey \ Dumps \ xxxxxxxx] - xxxxxxxx - pwRead - password key for reading;
"DongleType" = dword: 00000004
"pWrite" = dword: 23232323>>> password for entry, optional if the program does not use record
"Data" = hex: \
... (256 bytes - a full dump of descriptors)
As you can see from the manual, it support to 4 types of dongle.
Bookmarks