Hasp SRM 3.25 Emulation

Update: I have been able to dump the Hasp SRM now with SRM2Mult_1.2 program.
Can anyone please help guide me with the next steps ?
I want to find out the passwords if possible and hope someone can advise me how to do it with a debugger like Olly ?

Thank you very much

if it does not uses white box api or if yes and you have also an older hasp_windows_90313.dll  too I could help you.

if it does not uses white box api or if yes and you have also an older hasp_windows_90313.dll  too I could help you.

Thanks prenumele.
Actually now I have found the 2 passwords and also the AES string from the hasp_windows_90313.dll.

I have also been able to generate a .reg file for use with Multikey 19.1
I have go tthe license key for the Multikey also.

But when I install it on a 32-bit XP system, the multikey works well and the system recognises that New Hardware is found and adds a Hasp HL ( the virtual one that we've made), to it.

But the protected program still keeps saying that Dongle Not Found.

Please help.

BTW it does not use the white box api. The key is a purple SRM dongle with Hasp HL written on it.

Thank you

I have my donlge old but was reprogramed and now soft uses wb api. wb can be old also.

Techlord, sounds like your emulator is working fine but the .reg is wrong. How did you convert it?

glib wrote:Techlord, sounds like your emulator is working fine but the .reg is wrong. How did you convert it?

Thanks for the answer. I took the dump after finding out the PW of the dongle from the hasp_windows dll and then I used the UnitoReg by sataron to make the .reg file. Then I added the DongleType as 1 to the reg file and changed the path as needed.

This is the reg file:

Code:

REGEDIT4
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Multikey\Dumps\XXXXXXXX]
"Name"="Someone"
"Copyright"="NoOne"
"Created"="10/12/2013 22:09:37"
"SN"=dword:XXXXXXXX
"DongleType"=dword:00000001
"Type"=dword:000000EA
"Memory"=dword:00000001
"SecTable"=hex:BA,8C,CB,CD,90,84,C1,C5
"NetMemory"=hex:00,00,00,00,00,00,00,00,00,00,FF,FF
"Option"=hex:00,01,02,4A,1F,01,0A,0B,0D,01,0E,09,35,00
"Data"=hex:\
47,23,41,40,4E,28,45,2A,53,25,48,20,4A,31,41,39,\
57,32,41,38,48,33,41,37,52,34,20,36,4B,40,52,35,\
49,53,2A,48,4E,41,00,00,00,00,00,00,00,00,00,00,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
57,42,50,54,05,00,00,00,10,00,00,00,00,00,69,64,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"ColumnMask"=dword:000000AB
"CryptInitVect"=dword:0000003C

Please note that this is a Hasp SRM dongle.

I have been able to use Olly to remove all the calls to the dongle in the software and it now runs perfectly.
But I want to LEARN how to do the SRM EMULATION so that the program will run WITHOUT any need of modifying its EXE file and so that the program thinks that there is a real dongle and thus runs.

I have been able to do so for the HASP HL dongles, but now I want to learn how to do SRM Emulation. Any tutorials or other learning materials  will be appreciated. I already have the tut from the AR Team...
Thanks

I assume you removed the SN from your post, or does it really say XXXXXX in your reg?

Are you sure Dongletype=1 is correct?

Did you use UniDumptoReg or are you talking about another tool?

I am on the same page as you here, I am trying to learn how to do this stuff. It's really hard to find the tools and even harder to find reliable information. Could you share the tutorial from AR team with me? I will try to make the stuff I learn more available to future generations.

edit: Also removing the copy protection fro the exe sounds really impressive. How exactly did you do that?

I assume you removed the SN from your post, or does it really say XXXXXX in your reg?

Are you sure Dongletype=1 is correct?

Did you use UniDumptoReg or are you talking about another tool?

I am on the same page as you here, I am trying to learn how to do this stuff. It's really hard to find the tools and even harder to find reliable information. Could you share the tutorial from AR team with me? I will try to make the stuff I learn more available to future generations.

edit: Also removing the copy protection fro the exe sounds really impressive. How exactly did you do that?

Of course, I had removed the SN and the Dongle ID as that bit of info can be used by my vendor to identify me and thus could possibly be not good for me !

According to the MK manual:
"DongleType" = dword: 0000000x - type key
1 - HASP
2 - HARDLOCK
3 - SENTINEL
4 - GUARDANT

So I think that "1" is correct.

I think the problem is that SRM protection requires an SRM emulator and I learnt that no public options available at present (ie. not free)

Reg the editing of the exe, first you've to find out if an Envelope protection is present and then remove it. Rebuild the IAT.This step requires dongle.
Next step is to edit the exe to find out all the hasp functions used in the program and remove them. Then prog runs without dongle.

Well sounds like you will have to go with the modified exe then, or are you still trying to find an emulating alternative?

Could you please point me to the AR Team tutorial you mentioned above? Cheers and good luck on your quest!

@glib: have PMed you..

I already am the owner of the program and I have the dongle. Just wanted to find out how to emulate the SRM, for the sake of learning.
Thus, I would continue to try to make my own emulator.

you are dreaming

making emulator source code is very difficult

@glib:

This is the link to the SRM unpacking tut that I found elsewhere in the internet. Credits to the original uploader.

Code:

https://anonfiles.com/file/0389845ec7de00a108cb34cb4f1067e7

This is not by the ARTeam though...

Any further forward witht his techlord, im struggling with this also. u have got further than me i must say tho.

prenumele wrote:if it does not uses white box api or if yes and you have also an older hasp_windows_90313.dll  too I could help you.

How do you determine if white box api is used and if your hasp_windows_xxxxxx.dll file is older one?

Techlord wrote:@glib: have PMed you..

I already am the owner of the program and I have the dongle. Just wanted to find out how to emulate the SRM, for the sake of learning.
Thus, I would continue to try to make my own emulator.

I read your post saying that you had a little success at finding passwords and aes string from hasp_windows file. Good for you. This is probably because you asked for help and received it directly or read others posts to glean the knowledge required.

What is missing is where you post how you did it and share this knowledge with the rest of the forum users. I am very interested to know how you found the information inside the hasp_windows file. Perhaps you will share it? For the sake of learning.