Rockey2 Emulation/Duplication

I've got a Rockey2 dongle that runs my licensed software. 
I also have a blank Rockey2 dongle that I was hoping to program... 
The trouble is I can't seem to find a way to get the UID/HID from the working one, and write them to the blank one.
The developer tools seem to generate them from a seed (which I don't have)...

I've looked through the USBTrace log, and found two "bString" values: 2BF5A08C364EDA2A and OEM. Seems like these are the important bits, but I'm not sure where to go from here... Since I've got the blank dongle as an option, would it be easier to duplicate the dongle or emulate it? 

On the emulate option: I'm currently using MultiKey for a previous version of the software, so this is already a Virtual USB device, right? Can I modify the registry key to reflect this additional device, or am I way off base here?

mk not support rockey2/4/4nd dongle

Why? Does it lack the ability to return the requested information? My basic thinking was "Virtual USB device = Virtual USB Device", and the registry key just tells it what to return... 

Also, what are your thoughts on duplicating the dongle? Is there any software that can directly read from/write to a Rockey2 without generating from a seed?

Can I somehow get the UID/HID from the USBTrace?

I can't put the link here because of forum restrictions, but I've uploaded the log, executable, and setup files for anybody that thinks they can help. I think I can PM them, even if I can't post them here...

try to RTFM for MK
may be your other version use hasp/hardlock/sentinel/dinkey dongle instead rockey

the UID/HID can get from the USBTrace

in the Rockey2 emulator possible change any info without generating from a seed

So if I understand you correctly, MK just wont work. That's fine. (you are correct, the previous version of the software used Sentinal)
You mention a Rockey2 emulator?

On the blank dongle, I reset the UID/HID to a known value and ran USBTrace on it, to try to find where these values might be... The known UID/HID are not listed in the USBTrace log (at least not in their decimal form)...

How can I get these values? I've gone into a Linux VM with the Rockey2 development tools, and I see how the C code works... apparently I should be able to send a new UID/HID to the blank one, as long as I know the existing UID (similar to the "you can only change your password if you know your old one" idea).

Scratch that... The rockey2.h file only contains the ability to write to the memory blocks 0-4... Is there a way to directly write a new UID/HID? 
Or is that what the RY2_Transform does...?

I've modified the test.c file to dump the memory contents to files 0.txt - 4.txt in preparation.

Anybody? Please?

Files are on dropbox  /sh/kduuhcmvgb50i29/AAAjGSk228rqMv3OSjv_0wIUa?dl=0

Where I am now, I need:
1) The ability to determine the UID/HID of the working dongle
2) The ability to write these values directly to the empty dongle

I can read the data blocks from the working dongle and write them to the new dongle with no problem, but I can't read the data blocks unless I know the UID... I've looked through the USBTrace logs, but I really can't figure out how the information is in there...

Ciberprint rockey2 emulation is trivial. Uses only read and write. Dongle memory is encrypted with blowfish algo.
More complex is lic file
Upload lic - i want compare with my library.

Uploaded to the previous link.

You mean emulation is easy? I've read around, and there have been many blunt statements of "just write your own", but I'm terribly lost on where to start... Do you have an example of a similar emulation that I can adapt to my purposes here? Rather than reinvent the wheel... I'm not great at coding, but I can get by if I'm modifying existing code.

Also, what do you think about duplicating the dongle? I did spring for the blank one (cheap though it was).

On the "modifying existing code" option: It would also be helpful to have some suggestions on what kind of environment to modify in (visual studio, notepad & linux bash prompt, etc).

If have programming knowledge - check SDK, and make emulation by dll - rockey2.dll
Thats enough.

Duplicate topic - i not know.

sure-best way is Rockey2.dll or Rockey4ND.dll replacer

OK. I've looked through these DLLs in IDA... Assembly language is nonsense to me, but the pseudocode is helpful. Can you send me dlls that have been modified for this purpose? I might be able to see the differences and find what I should be targetting.

Read what i write you. You not need IDA and asembelr to make dll replacement.
SDK headers, and some compiler enough. You need write about 20 lines of code.

--Deleted--

On second thought... I've got the SDK headers handy... Do I need to write them in C?
Do I simply send the data that the USBTrace log captured (in response to the calls)?
Like, whenever {this} function is called return {string}?

...or defining ints and chars...


Running into a hiccup... Why are they using Rockey4ND.dll if it's a Rockey2 dongle? I don't have the SDK for that...
Feitian's website doesn't seem to be hosting those files anymore... Anybody have a copy they can share?

hello blarghh,
i don´t know if its something you need but i found some little chinese program to clone rockey dongles.. the probleme is, the buttons are in chinese language an shown as ??  I guess you need to have pw1, pw2 and ID of dongle source and pw1+2 of dest.dongle. I could not test if it really works. Send pm if you want dl-link.

greets, pollo

So I've got the SDK for each the Rockey2 and the Rockey4ND now.
I've created a new project in Visual Studio 2010 for a new dll.
I've included the header file from the Rockey2 SDK.

I don't know what code to put in here... I suppose I need to declare functions, and have those functions return the information retrieved from the USBTrace log...
Do I need to know how the program is calling them? Or just use every instance there's a USBTrace for, like:

char[16] RY2_Read() {return "2BF5A08C364EDA2A"};

Here's where an example would be really handy... Can anybody help me with the structure I need here?

RY2_Read is fuction for dongle memory
device serial number 2BF5A08C364EDA2A is not dongle memory

read sdk manual what every RY_xxxx function do
and code functions according this

Earlier you said it uses only read and write, so I assumed that the information in the USBTrace must have been a read...

The USBTrace log is showing only basic USB information, including language and serial number...?
I can see what the SDK functions do, but I'm not sure what I'm looking at in the USBTrace log... How the information in the USBTrace log corresponds to the dongle functions.

Can I enlist your superior knowledge to help me put the pieces together?

usb trace is low level part, dll is high level part of the api