Unpacking hasp envelope
5 posters
Page 1 of 1
Unpacking hasp envelope
Hello. I've spent several months learning about hasp and trying to remove the envelope. I am very close now. I am having trouble finding the magic jump. I have looked at a video on removing the envelope and fixing IAT, it helped a lot but the part that confuses me is finding that exact spot. How much do the iat redirection change between versions? Do the envelopes all have JE for the jump? Or could it be a different conditional jump like a JNE. My version is later then the video (although not whitebox) and I have found the right section of code but not the right line.
Also, in the hasp IAT fixer script, is the pointer section that you have to change based on the envelope version, supposed to be the magic jump? Or is it something else? I am not sure if it's the right spot or not.
Also, in the hasp IAT fixer script, is the pointer section that you have to change based on the envelope version, supposed to be the magic jump? Or is it something else? I am not sure if it's the right spot or not.
Last edited by Aykfc on Thu Jun 07, 2018 1:59 pm; edited 1 time in total
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Re: Unpacking hasp envelope
on what kind of windows have you done debugging? and with which tools?
prenumele- Posts : 161
Points : 227
Reputation : 47
Join date : 2010-09-11
Re: Unpacking hasp envelope
Well I have tried many different tools. At the moment I am using Windows 7 x32 in VirtualBox. Ollydbg 2. Program will load up fine in Olly and run. I've tried a couple different versions of Olly. I tried to get it working under IDA and used a plugin to help hide the debug settings but couldn't get it working. At least not yet. Mainly focusing on the IAT at the moment.
[You must be registered and logged in to see this link.]
That's the tutorial I was following. It's been helpful but I am still not sure on where the jump might be.
[You must be registered and logged in to see this link.]
That's the tutorial I was following. It's been helpful but I am still not sure on where the jump might be.
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Re: Unpacking hasp envelope
Can somebody at least tell me if the pointer section in the scripts to fix the IAT are the same as that magic jump you need to find?
@end_point:
find prtc_sec, #FFFF82D18BE55DC3# // #66C1E7??5E5B8BE566C1E6??5DC3#
mov endp, $RESULT
add endp, 4
bphws endp, "x"
I need to change the prtc_sec but don't know if it is that conditional JE jump I need to find.
@end_point:
find prtc_sec, #FFFF82D18BE55DC3# // #66C1E7??5E5B8BE566C1E6??5DC3#
mov endp, $RESULT
add endp, 4
bphws endp, "x"
I need to change the prtc_sec but don't know if it is that conditional JE jump I need to find.
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Re: Unpacking hasp envelope
[You must be registered and logged in to see this link.]
prenumele- Posts : 161
Points : 227
Reputation : 47
Join date : 2010-09-11
Re: Unpacking hasp envelope
You don’t need a script. What’s your target, I can help you. Send me a msg....
proaudiosoft- Posts : 3
Points : -24
Reputation : -42
Join date : 2017-09-15
Re: Unpacking hasp envelope
post here for us unpacking target complete, for Aladdin HL 1.x envelope.
if not get lost.
if not get lost.
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
Re: Unpacking hasp envelope
Thank you prenumele. I had some of it but others helped point me in the right direction. I have studied the script and just about got it working. I have found the pointer section finally. The script runs but it doesn't go to the fix section. I am thinking the sysmod is incorrect. I have on the memory map mfc100 and msvcr100. I have tried the PE header address for both but no luck. The video I watched used hnetcfg and my program is c++ I believe. What should I use for the sysmod line?
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Re: Unpacking hasp envelope
Well I have just about got it. I have rebuilt the IAT on the first file and the second file is almost done. The last part is figuring out the emulated IAT entries. I have 4 that I need to enter. I found a list of 5 entries manual fix iat
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
Can anyone point me in the right direction for figuring out the best way to resolve this? I tried doing a hardware breakpoint on execution but I couldn't find anything that stood out
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
Can anyone point me in the right direction for figuring out the best way to resolve this? I tried doing a hardware breakpoint on execution but I couldn't find anything that stood out
Aykfc- Posts : 17
Points : 18
Reputation : -8
Join date : 2015-06-14
Location : Michigan
Similar topics
» Hasp HL/SRM unpacking?
» HASP LDK Envelope 7.6
» hasp hl with srm envelope
» HASP Envelope New debugging
» Help to unpack the HASP SRM Protection Envelope for dotNET
» HASP LDK Envelope 7.6
» hasp hl with srm envelope
» HASP Envelope New debugging
» Help to unpack the HASP SRM Protection Envelope for dotNET
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|