Exetools - Hasp4 API hooking or dll replacement

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - Hasp4 API hooking or dll replacement (https://forum.exetools.com/showthread.php?t=10971)

Hasp4 API hooking or dll replacement

This is my first post, so be gentle :o

I am interested in Hasp4 emulation, but it looks to me that for some reason every one tries to use the complex approach.

Trying to emulate a dongle by creating a device driver.

I have noticed the HASPMS32.DLL which has only one exported function:
void PASCAL hasp(int iMsg, int a, int b, int c, int d, int * e, int * f, int * g, int *h)

Why not just replace this dll or do some fancy API hooking, to let the applications call our void hasp (...) method.

Using a newly created dll, and adding one method:

Code:

#define   IS_HASP            1

#define   GET_HASP_CODE      2

#define   READ_MEMO          3

#define   WRITE_MEMO         4

#define   GET_HASP_STATUS    5 

#define   GET_HASP_ID        6 

#define   READ_MEMO_BLOCK   50

#define   WRITE_MEMO_BLOCK  51



void PASCAL hasp(int iMsg, int a, int b, int c, int d, int * e, int * f, int * g, int *h)

{

        AFX_MANAGE_STATE(AfxGetStaticModuleState());

        CString str;



        switch ( iMsg )

        {

        case IS_HASP:

                //str.Format( _T("IS_HASP\r\n"));

                if ( e ) 

                        *e = 1;

                if ( g ) 

                        *g = 0;

                break;

        case GET_HASP_CODE:

                str.Format( _T("GET_HASP_CODE Seed:%d LPT:%d Pass1:%d Pass2:%d\r\n"),a,b,c,d);

                break;

        case READ_MEMO:

                str.Format( _T("READ_MEMO\r\n"));

                break;

        case WRITE_MEMO:

                str.Format( _T("WRITE_MEMO\r\n"));

                break;

        case GET_HASP_STATUS:

                str.Format( _T("GET_HASP_STATUS LPT:%d Pass1:%d Pass2:%d\r\n"),b,c,d);

                break;

        case GET_HASP_ID:

                str.Format( _T("GET_HASP_ID LPT:%d Pass1:%d Pass2:%d\r\n"),b,c,d);

                if ( g ) 

                        *g = 0;

                break;

        case READ_MEMO_BLOCK:

                str.Format( _T("READ_MEMO_BLOCK\r\n"));

                break;

        case WRITE_MEMO_BLOCK:

                str.Format( _T("WRITE_MEMO_BLOCK\r\n"));

                break;

        }

        if ( str .IsEmpty() == FALSE )

                AfxMessageBox( str );



}

It will popup a message box showing the call, and the passwords :cool:
Some tools just check the IsHasp and that's it.

When a real dongle is near, just modify code too call actual hasp method and remember return values. Almost every app has fixed seeds values, to check known return value with.

Using this simple approach I was able to run envelopped HASP4 applications.

Well... what do you think of this ?

If I was interested in distributing cracks for HASP 4 protected applications on an individual application / version basis, this is exactly the approach I would use.....Erm, and it is the approach that has been widely used by the scene for many years ;-) (some vendors, I'm thinking iButtons here, make this very easy indeed).

An alternative method is to patch in an emulation routine just beneath the API layer, right where you start seeing the HASP obfuscator in action.

Both methods are effective given the caveat above.

Commercial dongle emulator vendors use the driver for a mixture of reasons, one is certainly the ease of supporting a lot of applications very quickly for customers (registry key configuration), the other is perhaps some future compatibility and also their own protection (a lot of the commercial emulators I've seen are very well protected), for those reasons alone writing a driver of your own isn't that significant an investment of work if you are going to sell a commercial solution.

Regards

CrackZ.

greets to the Shania Twain lover,i dont know about the music but what a nice girl!

Quote:

greets to the Shania Twain lover,i dont know about the music but what a nice girl!

All i can say is "WTF !?!"

If you've ever actually read through CrackZ' site, you would understand the reference! :D

Regards,