Hardlock Envelope Problem...

[souz]

Hi!

Problem IS:
I have a prog packed with Hardlock Envelope
and emul undongle.sys. Program running with this emul normally.
But new release of this program does not run normal.
I have a dongle dump for new program release.
Program crashes on fuction "hl-crypt"...
Does HL-CRYPT need something other than new memory dump.
Both dongles seems to be identical but memory...

[CrackZ]

Updated information now given below.

[souz]

Here is my emulators:
undongle.sys for program (ModAd 0x3948)
hardlock.sys (for unipst) with HL_Crypt

It's need to know only 6 byte i heard to implement all the key function.
6 bytes is calculated from 8192 bytes table...

[Edit JMI: DO NOT answer your own Post. Use the Edit Button.]

[souz]

Hi!
Does anyone know how hardlock envelope can be removed without the original dongle, bases on data contained in envelope itself?
Thanks

[CrackZ]

OK,

Since we are no longer keeping Hardlock information particularly private anymore ;-).

The Hardlock envelope uses the undocumented API function 0xE to decrypt its code sections, this is just a simple cipher of an 8 byte encrypted block into an 8 byte decryption key, (which is then cycled through the data). Fn 0xE is not the API HL_CODE(), but it is based on it, you can recover HL_CODE() from toro's emulator (he has chosen not to implement function 0xE) however even function 0xE's make up is no great secret any longer.

Function 0xE's security is based around 3 16-bit seeds (again see toro's post), without any knowledge i.e. a Hardlock dump this gives a theoretical strength of 2^48, this is beyond the realms of a single desktop attack and most probably any known plaintext attacks as well, however significant computing power could probably break it from a known good encrypt/decrypt response.

This means that without an original Hardlock you have pretty much no hope of successfully decrypting the envelope.

Regards

CrackZ.

Greetings Crackz,

Quote:

This means that without an original Hardlock you have pretty much no hope of successfully decrypting the envelope.

Had this been told earlier, i would have saved several days some months back, & could have concentrated on new things Hasp_hl

Regards, Sope.

[souz]

So, with knowledge of the SEEDs, how much time will be spended to break the
envelope protection?

[toro]

hi

i implemented oxE function that i named hl_crypt. it is in my emulator. but i disabled it. so everyone can recover it from my emulator too.

as i say in my last posts, at least there are 3 rull for decresing the volume of keyspace. rull 2 is independent of dump. so it can be apply to a bruteforcer for hardlock envelope w/o having dump of original dongle. and as i underestand from analyse of hl_crypt, it is more comlpicated than hl_code in implimentation but simpler in computation time. so doing brutefoce on it take less time. but with only one hl_crypt pair, seeds can not be found.

however one of my friend said that there is a way in which with 3 hours bruteforcing for one envelope, seeds can be found. but i have not it.

and to souz :
undongle.sys has not hl_code or hl_crypt. it contain all of crypt pairs that need for emulating one envelope. so if new version of your program does not work with it, it is reenveloped.

Quote:

Originally Posted by souz

Here is my emulators:
undongle.sys for program (ModAd 0x3948)
hardlock.sys (for unipst) with HL_Crypt

F$cking traders... well, it's my emulator. Files can be unpacked without dongle. You can send me PM with URL.

[souz]

So if i don't know the correct seeds1,2,3 i how many HL_CRYPT pairs will be enough to break the envelope?

[CrackZ]

toro, I was hoping people REALLY INTERESTED in this stuff would do their own research with your emulator ;-).

The bar seems to have been raised somewhat now with Hardlock, the internal algorithms are no longer a secret, so now the knowledge rests in 'how to derive the seeds from a dump' and 'how to break the Hardlock envelope' without access to the original Hardlock. I would have preferred the emulators attached to this post not to have been made quite so public but then thats just me ;P.

I personally haven't made a full enough study of the Hardlock algorithm to tell if the envelope really can be broken (I've heard rumours that it can be using the tables stored in the Hardlock envelope section).

I always believed you should give people enough information to find their own answers ;-), since Aladdin has pretty much abandoned Hardlock there probably isn't as good a reason as there was to hold on to its 'secrets'.

Anyway, my 2c and then some. I will probably write my own Hardlock envelope 'ditty' sometime.

Regards

CrackZ.

hardlock rus login crackkkk ????