|
Is it technically possible?
I'm working on a software that expects (Serial, CompanyName, Key) combination to be fully functional + a dongle.
Is it technically possible to crack this without having access to any registered dongle to know what keys/queries are expected to be exchanged? |
Yes, by understanding the program flow and guessing what it is expecting as a answer from the dongle then patching the dongle API to return the right answers.
see as examples Crackz tuts or shub nigurrath tut on sentinel. Only one case where a dongle is needed when the program is encrypted using a strong Crypto algorithm and the decryption key is in the dongle. |
This depends on the dongle and the way it was implemented.
Modern smartcard dongles can't be cracked/cloned/emulated, even if you have access to an unlimited number of registered dongles. Your only chance is that some weak code is used to check if the correct dongle is attached, like: Code:
flag = IsDonglePresent();If the program's author knows what he is doing he might as well store important program parts in the dongle and run them inside the dongle. You will never have access to these parts, even with a registered dongle. Or he might use simple symetric cryptography to decrypt program parts (like many software-only protectors do today). If you don't have access to a valid dongle it's also impossible to crack. |
Thanks for all the answers :)
This software has a folder in C:\Program Files\Common Files\Aladdin so I assumed it's Aladdin, but inside that folder there's a hasplm.exe and looking inside some code I read 'Sentinel Hasp', can it be both? Or is there something I'm missing? This hasplm.exe is running as client with something else running as local server. A unique fingerprint host ID file has been created also. I thought I was done when figuring out the serial/name/key combo....I was wrong. |
Yes, the sentinel hasp is the newest brand of hasp as i know
The exe you are talking about i think is hasplms.exe and is for licensing and not for dongle comunication. not sure on this info. |
Yeah but how can it have both Aladdin and Sentinel? Did one company buy the other or something (like HP and Compaq)? Or is there a Sentinel version of Aladdin?
After the software got the expected 'serial,name,key' combo it still says 'Demo' so if I understood u correctly: this is due to the hasplms.exe. So sentinel hasp is looking for Licensing Info inside the Aladdin dongle ? The logic flow is what I'm missing. Can you shed some light? |
Yes, SafeNet has purchased Aladdin, and 'Sentinel Hasp' is the same 'HaspSRM' from Aladdin.
Hasplms.exe is responsible with communication between dongle and software. |
the combo you entered + the the host id file are used to generate the license which could be in your case in the dongle
|
Guys thanks alot for putting some pieces of the puzzle together. The picture is getting clearer now and starting to make sense.
I'm now trying to find which .exe or dll (most probably will be a dll) is querying the Hasplms.exe to see what it's expecting (if it's possible) as I'm hoping to figure this out without having a valid dongle. The problem is always TIME, as my holiday's over and I'm currently back to work. It seems almost impossible to balance between work, family, and a hobby like this (20 years ago it was possible, and even fun!). Will keep posting, just a bit slower :) THANKS!! |
The easiest way is using ProtectionID... either if envelope or API.
or search for 'FEnteDev' in all dll/exe files if there is no envelope. There could be many other methods too. not difficult... |
| All times are GMT +8. The time now is 19:39. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX