Help with TimeHasp4

Well, let me make it clear first, that i am new with dongles. I have read the tutes on this and woodmann's forum too.

Well I am working on this software which uses TimeHasp 4 flavour. I found the signatures cmp bh, 32 in some dll's but the section in which they lie are in data sections. so IDA /Wdasm are dont decompile those sections. using breakpoints on freeenvoirmentstingsa does give any break either.

Also the Hasp signatures (Cyberheg and ones posted on this forum) dont apply even a single function.


Where to proceed from here. Any help will gladly be appreciated.

Thanks in advance

Soft Ice

[dyn!o]

You're lucky since HASP dongles family is far the easiest one to crack.

If you've found the legendary opcodes (cmp bh, 32) then you're lucky again because that means you're step away from cracking it. I suggest to begin the tracing from this instruction (cmp...), few more minutes and you will find the right place to patch. Usually, HASP dongles (without Hardlock envelopes) can be easily defeated just by cutting the call to the procedure which tries to initialize the dongle via system device driver (Win9x - *.vxd, WinXP - *.sys) - then there must be a simple check like: "dongle initialized? yes... no...". It's easy to find since it blocks the system few times (short breaks).

There is nothing interesting in HASP, just usual patching, sometimes even 2 bytes are enough. The most funniest thing is that you can crack it without owning the dongle itself.

The other story is Hardlock...

Good luck...

Thanks a lot dyn!o, that gives me some confidence back into cracking the dongles. Will post a tutorial on it soon. Thanks once again