-
"License" = hex: xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx,
xx, xx, xx, xx
To obtain a license under x32 systems use the online form on the
site of generation
http://testprotect.com/appendix/LicMkOnline
******************************************************************************
**************************************************
*** HASP (3,4,HL,SRM)
******************************************************************************
*************************
"SN" = dword: xxxxxxxx - serial number
"Type" = dword: 000000xx - Model
12 - Time HASP 3
0A - HASP4 M1 (deafult)
1A - HASP4 Time
EA - HASP HL
FA - HASP HL Time
"Memory" = dword: 00000001 - memory size
00000001 - 0x80
00000004 - 0x1F0
00000020 - 0xFD0
00000021 - 0x70
"SecTable" = hex: 00,00,00,00,00,00,00,00 - private table
"NetMemory" = hex: 03,00,0F, D0,02,00,00,00, FF, FF, FE, FF -
cell "network" Memory
// Typical data into NetMemory:
// 12 1A 12 0F 03 00 70 00 02 00 00 FF FF FF FF FF
// 12 1A 12 0F - sn
// 03 00 - key type
70 // 00 - memory size in bytes
// 02 FF -?
// 00 00 - net user count
// FF FF -?
// FF - key type (FF - local, FE - net, FD - time)
-
// FF -?
"Option" = hex: 00,00,00,00,00,00,00,00,00,00,00,00,00,00 -
additional options:
(to build on 18.2.4)
[0] = 01..7F - sets a time delay when working with keys
(type-1..4)
[0] = 0 - without time delays (to build on 18.2.4)
"Data" = hex: - memory
= TIME dongles =
For the time HASP keys are added to the field, for example:
"NetMemory" = hex: 05,00,80,00,02, FF, 00,00, FF, FF, FD, FF
"HaspTimeMemory" = hex: \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 \
3f, db, 95,7d, 00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00
"TimeShift" = hex: 00,00,00,00,00,00,00,00
where: 3f, db, 95,7d - the serial number of a recorded key
byte
= HL encrypt / decrypt =
The table-emulated function hasp_decrypt + hasp_encrypt, in the
absence of values in the tables
values are processed by the Inland AES agoritmu. If necessary,
change the default
AES key algorithm to make reg file its value:
"AesKey" = hex:
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
The tables are located in the main location of the dump
podvetkah:
Decrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \
MultiKey \ Dumps \
12345604 \ DTable];
Encrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \
MultiKey \ Dumps \
12345604 \ ETable].
The format of entries in the tables for multikeya version
-
99,88,77,66,55,44,33,22,11,00
"20: 00112233445566778899AABBCCDDEEFF" = hex: FF, EE, DD, CC,
BB, AA,
99,88,77,66,55,44,33,22,11,00
"30: 00112233445566778899AABBCCDDEEFF" = hex: FF, EE, DD, CC,
BB, AA,
99,88,77,66,55,44,33,22,11,00
**************************************************
***************************************
!!! for multikeya version> = 18.1 in the names of queries 20h
and 30h should take 32 bytes
request !!!
"10: 0123456789ABCDEF0123456789ABCDEF" = hex: 12,34,56,78,90,
AB, CD, EF,
12,34,56,78,90, AB, CD, EF
"20:5500A934CDE5D7B619568515F74D323695EC75E8C48F6B5D9880F6A88B251C48"=he
x:4F,8A,A7,A1,26,55,61,B3,1A,77,B4,A2,19,B3,34,FD
"30:9A2B6F7F80A2F2E36334D3258BAFD06FBB7286766A24910911648D98D8C56628"=he
x:12,71,B7,B5,3D,47,B4,2B,DC,93,4F,00,00,1C,2C,4E
**************************************************
***************************************
where
- "10: 00112233445566778899AABBCCDDEEFF" - a request to the
key
"10 (20.30)" - request length in bytes
"00112233445566778899AABBCCDDEEFF" - the first 16 bytes of the
request
- Hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00 -
answer key, taken only
the first 16 bytes of the actual response.
For example:
==================================================
================
2008/10/10 07: 13: 25.109 HaspHL_decrypt: Status = 0x00
==================================================
================
2008/10/10 07: 13: 23.484
-
2008/10/10 07: 13: 23,484
7B 6E 8C DF | D6 51 A3 0C | E1 FA 60 47 | 51 79 71 6C
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
2008/10/10 07: 13: 23.546 ==> HaspHL_decrypt: Output Data
=
2008/10/10 07: 13: 23,546
02 B0 3C 6E | DA 88 46 BA | 4C 7E 5A 12 | 8E D6 DE 76
2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
2008/10/10 07: 13: 23.546 ==> HaspHL_decrypt: Status =
0x00
==================================================
================
2008/10/10 07: 13: 23.609 HaspHL_decrypt: Status = 0x00
==================================================
===============
The resulting table:
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \
Dumps \ 12345604 \
DTable];
"10: 2AE1F0A2E1B2F1F99FC872F6CA4B0149" = hex: 53,9D, 4D,
03,00,00,00,00, CB,
D2,6B, 04,00,00,00,00
"20:7B6E8CDFD651A30C47E1FA60516C79712E0E0C38C699FE97B2C2E1377F61CD7A"=h
ex:02,B0,3C,6E,DA,88,46,BA,4C,7E,5A,12,8E,D6,DE,76
"30:7B6E8CDFD651A30C47E1FA60516C79712E0E0C38C699FE97B2C2E1377F61CD7A"=h
ex:77,64,61,62,63,5F,60,61,A2,B9,AC,60,61,62,63,5F
If a single request protocol found in length 32 (20h) byte
followed immediately
there is no request of 48 (30h) bytes (or to put it another way,
in which the second byte of the
request 16
Is not equal to a second 16-byte response), such a request must
be saved in the table as
two queries 16 (10h) bytes
-
= SRM =
To emulate addition SRM HL key data like more data are
needed.
In looking for is this private information.
//
// List of supported functions for hasp key
//
enum KEY_FN_LIST {
// HL
KEY_FN_SET_CHIPER_KEYS = 0x80,
KEY_FN_CHECK_PASS = 0x81,
KEY_FN_READ_3WORDS = 0x82,
KEY_FN_WRITE_WORD = 0x83,
KEY_FN_READ_ST = 0x84,
KEY_FN_READ_NETMEMORY_3WORDS = 0x8B,
KEY_FN_HASH_DWORD = 0x98,
KEY_FN_GET_TIME = 0x9C, // Get time (for HASP time) key
KEY_FN_PREPARE_CHANGE_TIME = 0x1D, // Prepare to change time
(for HASP time)
KEY_FN_COMPLETE_WRITE_TIME = 0x9D, // Write time (complete) (for
HASP time)
KEY_FN_PREPARE_DECRYPT = 0x1E, // qwestions
KEY_FN_COMPLETE_DECRYPT = 0x9E, // answers
KEY_FN_ECHO_REQUEST = 0xA0, // Echo request to key
KEY_FN_ECHO_REQUEST2 = 0xA1, // Echo request to key
// srm
KEY_FN_SRM_A2 = 0xA2, // read the table of features
KEY_FN_SRM_26 = 0x26, // 26 / A6 - reading values key features
and memory
KEY_FN_SRM_A6 = 0xA6, //
KEY_FN_SRM_AA = 0xAA, // log into the key
KEY_FN_SRM_AB = 0xAB, // logout key
KEY_FN_SRM_AC = 0xAC, // hasp_get_rtc - getting time with
key
KEY_FN_SRM_AE = 0xAE, // xs, like there was a 3.25
KEY_FN_SRM_27 = 0x27, // 27 / A7 - write to memory key
KEY_FN_SRM_A7 = 0xA7, //
KEY_FN_SRM_29 = 0x29, // 29 / A9 - crypt dekript
KEY_FN_SRM_A9 = 0xA9, //
KEY_FN_SRM_28 = 0x28, // 28 / A8 - reading without key
encryption protocol signed (update)
KEY_FN_SRM_A8 = 0xA8, //
KEY_FN_SRM_38 = 0x38, // 38 / B8 - key update and stitching
KEY_FN_SRM_B8 = 0xB8 //
};
-
******************************************************************************
**************************************************
*** HARDLOCK
******************************************************************************
************************************
"ID" = dword: xxxxxxxx - serial number
"withMemory" = dword: 0000000x - key with memory or without
it
"Seed1" = dword: 0000xxxx
"Seed2" = dword: 0000xxxx
"Seed3" = dword: 0000xxxx
"HlkMemory" = hex: - memory
//
// List of supported functions for HARDLOCK key
//
enum HARDLOCK_KEY_FN_LIST {
HDK_KEY_FN_SET_CHIPER_KEYS = 0x80,
HDK_KEY_FN_CHECK_PASS = 0x81,
HDK_KEY_FN_READ_WORD = 0x82,
HDK_KEY_FN_WRITE_WORD = 0x83,
HDK_KEY_FN_HL_VERKEY = 0x87,
HDK_KEY_FN_READ_ID = 0x8B,
HDK_KEY_FN_HL_CODE = 0x8C,
HDK_KEY_FN_HL_CRYPT = 0x8D,
HDK_KEY_FN_HL_CODE_PAR = 0x0C,
HDK_KEY_FN_HL_CRYPT_PAR = 0x0D,
HDK_KEY_FN_HL_CALC = 0x89
};
******************************************************************************
**************************************************
*** SENTINEL
******************************************************************************
************************************
-
... MultiKey \ Dumps \ 0000xxxx] - xxxx - Developer ID
"Type" = dword: 00000000 - model 0-SuperPro, 1 all other
types;
"sntMemory" = hex: - a memory cell for "Type" = 0 - 64 cell for
"Type" = 1 depending on the
type of key
"CellType" = hex: - types of cells; for "Type" = 0 - 64 bytes
for "Type" = 1 depending on the
type of key
"Type" = 0 - total internal algo to SPRO, reg-file
old-fashioned
"Type" = 1 - only tabular emulation for all types of keys, in
the reg file to add new fields:
"Option" = hex: 02,00,03,80,7F, 00,00,00 (for example SPRO
supporting AES-tunnel)
where: [0] ... [3] - the value of the type of key, we get the
Funk GET_KEYINFO
[4] - the value of physically readable memory key, usually 7F or
FF
[5] ... [7] - reserve
"AesKey" = hex: 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
- aes AES-key for the tunnel
(so far so get out prog)
!!!!! To form a correct registration file is recommended dumper
SSUMD v1.1 !!!!!
Spro default dump the old regime ("Type" = 0).
The format of the tables:
... MultiKey \ Dumps \ 0000xxxx \ cell_yy] - yy - the number
cell, for which tables for each table
its Sella
"12345678" = hex: 22,33,44,55
"1122334455667788" = hex: 11,12,13,14,15,16,17,18
"11223344556677888877665544332211" = hex:
88,77,66,55,44,33,22,11,11,22,33,44,55,66,77,88
//
// List of supported functions for Sentinel key
//
enum SENT_KEY_FN_LIST {
SENT_KEY_FN_FIND_FIRST_UNIT = 0x10,
SENT_KEY_FN_READ = 0x11,
SENT_KEY_FN_QUERY_SHORT = 0x12,
SENT_KEY_FN_QUERY_LONG = 0x13,
SENT_KEY_FN_WRITE_0 = 0x14,
SENT_KEY_FN_WRITE_1 = 0x15,
-
SENT_KEY_FN_WRITE_2 = 0x16,
SENT_KEY_FN_WRITE_3 = 0x17,
SENT_KEY_FN_OVERWRITE_0 = 0x18,
SENT_KEY_FN_OVERWRITE_1 = 0x19,
SENT_KEY_FN_OVERWRITE_2 = 0x1A,
SENT_KEY_FN_OVERWRITE_3 = 0x1B,
SENT_KEY_FN_ACTIVATE = 0x1C,
SENT_KEY_FN_DECREMENT = 0x1D,
SENT_KEY_FN_GET_KEYINFO = 0x00,
SENT_KEY_FN_SET_PARAMETER = 0x03,
SENT_KEY_FN_GET_PARAMETER = 0x02,
USENT_KEY_FN_GET_LOGIN = 0x05, // for ULTRA and new SPRO
USENT_KEY_FN_LOGIN_21 = 0x21,
USENT_KEY_FN_AES_TUNNEL = 0x07,
USENT_KEY_FN_2F = 0x2F
};
******************************************************************************
**************************************************
*** GUARDANT
******************************************************************************
************************************
... MultiKey \ Dumps \ xxxxxxxx] - xxxxxxxx - pwRead - key
password to read;
"DongleType" = dword: 00000004
"pWrite" = dword: 23232323 >>> write password,
optional, if the program does not use record
"Data" = hex: \
... (256 bytes - full dump descriptors)
The format of the tables:
if the handle is 0 in the algorithm reg file, then we are
looking for the data in Table
... MultiKey \ Dumps \ xxxxxxxx \ algo_yy] where yy - the number
of the algorithm
"1122334455667788" = hex: 11,12,13,14,15,16,17,18
A simplified table - a request to the reg file is limited to 8
bytes, ie if the length
-
Request transforms more than 8 bytes, the query name in the
registry take only the first 8 bytes, a
full written response.
******************************************************************************
**************************************************
*** DINKEY
******************************************************************************
**************************************
... MultiKey \ Dumps \ 12345678]
where 12345678 - dinkSerial
"DongleType" = dword: 00000005
"dinkValue" = dword: xxxxxxxx
"dinkMemory" = hex: \
******************************************************************************
**************************************************
