safekey hardlock emulator infos
 

safekey hardlock emulator details explained...

safekey have developed dumper for parallel as well as usb dongles,
fastread.com is for parallel type and usbsaferead.exe is for usb.

>> fastread.com (ie. parallel port dumper )

it dumps hardlock dongle data into <modid>.log file,
the log file format...

typedef struct {
BYTE algodump[ 0x2000 ];
BYTE datadump[ 0x80 ];
BYTE a,b,c; // n/a
WORD algo2; // highword of base address maybe
BYTE d,e,f,g,h; // n/a
} log_t;

>> usbfastread.exe (ie. usb hardlock dumper )

this is revised solution from safekey to dump/process usb hardlocks
on examination i found that it contain vxd/sys files into resource section which is dynamically loaded,
and they perform main dumping and etc... but usbfastread.exe is just frontend which process other things
surprise is it produce .fst file which is infect extension used for solved files !!!
the fst file format...

typedef struct {
WORD dunno1; // ModID
BYTE algodump[ 0x2000 ];
WORD dunno3; // n/a
WORD dunno4; // ModID
BYTE datadump[ 0x80 ];
BYTE dunno6[ 0x8 ]; // ?
} fst_t;

>> safekey *.fst file ( ie. files used by emulator )

typedef struct {
DWORD BaseAddress;
WORD ModID;
BYTE datadump[ 0x80 ];
BYTE InitVectorNibble0;
BYTE InitVectorNibble1;
BYTE InitVectorNibble2;
BYTE InitVectorNibble3;
} fst_t_solved;

observations
============
- there exist some more dumpers which have same content as far as algodump is concerned

Hi ketan,

How about SafeKey HASP Emulator?

Hello ketan,

Curious to ask you few questions

Can you unpack hardlock without original dongle ?
Do you know the algo which is still private?
From the mentioned dumper can we unpack it? if yes how ?

I only know one thing if we have original dongle its very easy :D

Sope!

Sope, as I known, it is hard to unpack some protections when it is enveloped as HardLock, Sentinel, HASP when you do not have original dongle. With dumper we may make emulator for that one then we unpack it manually. Another problem is we hard to catch Sentinel Emulators supports both Standard and Enhance algo, HardLock Emulator supports E-Y-E

Whats about this Emulator can anybody haelp me?

There's a .bin and a .ssp file for the safekey emulator (sentinel version)

Is there also know how this is done for the sentinel version?
thx

As I know, with SafeKey Sentinel Emulator, it requires file(s) with extension is .ssp to ident Sentinel Dongle(s) data to be emulated, I am also looking for how to convert from dumped code to .ssp to be emulated coz it works quicker than other SSP emulators.

@Asus

If you look at the size of the .ssp files it looks like some tables are pre-calculated. Could explain the speed.....

@DCA: Do we have tool to make .ssp? Some Sentinel dongles have enhanced algo inside and with SakeKey it works perfectly and so fast.
@papi: Would you like to share Hasp Emulator from SafeKey too?

@ Asus
No, at least I don't have it.

as i siad. we can make our forum the best for us
 

as i siad. we can make our forum the best for us..just share info and all what we have...

@miniwahib1
This is for specific programs only not a universal one.
That's the 'beauty' of the safekey emulator.
If you have a .ssp file you can emulate your dongle for that program.

Let me get this right : with just a .ssp file made from a dongle dump, and with the safekey sentinel emulator, you can completely emulate enhanced algorithm sproQuery()'s ?. How do they do that?

Can somebody send me the safekey sentinel emulator and possibly an example ssp file please, I would love to look at this?.

Git

@Gift
Here you go... :)

Excellent, many thanks.

Very interesting...

Git

nice info. not need more..
but need how to dump well ..with some tool..the WP not found
thanks all

@minawahib1
According to the fastread.exe you need one extra file
And if you boot from a win9x disk and run the fastread from
here,you should be able to get the safekey hardlock emul
up and running...... (well, if you may believe the readme file)

@DCA
i don't understand you..
after dumping the dongle by safekey dumper(fastread or fastreadusb) we have the the dump files ( like a Modad or Log file) so..we need the tool which convet that to a real emulator.... or convert this log and dat file to *.FST file and work with the emulator


Note ( the safekey emulatoer not working with HARDLOCK EYE- tested by me
if you have hardlock EYE you should use one of them
1-s0pter dump
2- the HL MOnitor By brain studio ..i have it .If any one need it
3- the hardlock filter ...can only know the MOdad (pass or addrwess) but can't log all intercpet


TIP for sentinel.. if u unplug the dongle ..when the dumper working..ur dongle will be damage

thanks alot all
we need more info about dongles

In respect to the Sentinel Dongle Emulator to convert a proper dump modify the sample.ssp as follows. No algos/querys worked out but it should get the dongle working with the standard 3f cells.

The red cells are the protection bits for the 3f cells (if you want to unlock cells change 01 to 03 to allow changes via the dongle editing tools.
The blue cells contain the word for each cell

I replaced the two section with a hexeditor to contain the dumped dongle contents.

Then open DOS prompt and enter the following command
Net STOP Sentinel

Rename the sentinel.sys located in c:\windows\system32\drivers\ to something else
then copy the SSP file and the Sentinel.sys from the zip file located above.
Then type Net Start Sentinel.

You can now edit the contents of the dongle memory to suit.
Refer to other post containing the Sentinel Dongle tools.

These changes are not saved when you shutdown the machine therefore update the SSP file as required.
If testing changes to SSP repeat the Net Stop/Net Start to reset as required.

00000000 54 4B 47 46 24 24 03 01 01 01 03 03 03 03 03 03
00000010 00 00 01 01 02 01 01 01 00 00 00 00 00 01 00 00
00000020 00 01 00 00 00 00 00 00 02 03 01 02 03 03 03 03
00000030 02 03 01 02 03 03 03 03 02 03 01 02 03 03 03 03
00000040 02 00 01 00 00 00 03 03 CC 02 27 CE 00 00 00 00
00000050 23 F7 00 00 EA 69 00 00 00 00 00 00 00 0C 21 34
00000060 80 25 0A 00 0A 00 0A 00 00 00 01 00 00 00 00 00
00000070 00 00 00 00 00 00 00 00 00 00 75 0F 00 00 00 00
00000080 00 00 00 00 00 00 00 00 11 26 61 C0 21 06 01 00
00000090 B2 18 21 F4 00 00 00 00 7F 25 61 C0 21 06 01 00
000000A0 92 75 56 FC 00 00 00 00 90 25 61 C0 21 06 01 00
000000B0 09 32 06 F7 00 00 00 00 80 25 00 00 21 06 00 00
000000C0 00 00 00 00 10 1B 61 C0 38 00 00 00 00 00 00 00
000000D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Peterg70

Hi all:)I have question about it..
I dumped hardlock eye (alladin) by hl-dump and I have reg and dat files but I don't know how can I emulate...I don't have good program for this files.I tryed emulating by Toro's Hardlock Mon- program see Hardlock Eye but don't start - orginal licence decode error.(this licences and orginal dongle working!)

That means emulator has not been loaded correctly or data to be emulated is not correct.

These changes are not saved when you shutdown the machine therefore update the SSP file as required.
If testing changes to SSP repeat the Net Stop/Net Start to reset as required.

CC 02 27 CE 00 00 00 00 23 F7 00 00 EA 69 00 00

Very strange, why at SSP stored all critical values, such as C6 and WP.

These items are still required to perform the correct functions.

If program attempts to write to a field with fake passwords and you return "All ok" to each password then the program can determine that you have modified the dongle or added an emulator.
It is always needed to create the Writepassword etc and needs to check it to make sure its correct.

how to calc this value ? EA 69
everybody can tell me the algorithm.

Very old stuff, simpliest table emulator.