+HCU Special project 3
[essays] ~ [tools]

How to "UNDONGLE" the hell out of it
Updated January 1999

Dongles

From Fravia's own private
"cracking posters" collection

"This is an enemy"
(1941)

+HCU project 3
How to undongle
(1997, 1998)

Dongle cracking... hardware checks cracking... well... dongle protection cracking has long been a "bete noire" of all crackers, old crackers' songs sing it, old crackers paintings show the terrible lost battles... so we decided, in may 1997, to start working on it, we wanted to show how useless even these supposed 'extremely hard' hardware protections resulted against Internet +team work.
In fact -as you will read- most of the times the programmers that have prepared the dongle-based protection schemes have been blinded by their greed... as we all know a 'commercial' approach to programming turns ALWAYS into a programming catastrophe (just look at Micro$oft's crashing programs and OSs if you need any confirmation of this matter of fact :-)
This +HCU 'dongle' project has made "history" in the scene (of course I know exactly who is continuously looking at this page) and has been allowed thank to the first (very sound) contributions by Xoanon and Zafer, good crackers that have 'broken the ice' and allowed the splendid Renaissance of these studies that we are enjoying now (January 1998)
When (and if :-) you'll have finished reading the marvellous essays on this page you'll never believe that once upon a time (couple of years ago) many crackers were scared to death from these relatively easy to defeat hardware protections (well... some of them ARE indeed pretty though -as you'll see)
Some of the essay on this page are VERY ADVANCED reading, and I'm sure that my advanced readers will find all this VERY INSTRUCTIVE
Of course, as usual this is a 'work in progress' section of my site... and you have the two usual choices: 1) You just leech and try to use what you learn here in order to gain some money for yourself =you slime :-( or 2) You contribute and, building on the shoulders of all others, allow others to build on your shoulders =you +cracker :-)
16 May 1997 PHASE 1 by Xoanon Cubase -Dongle protection cracking (the main tricks) - (xoacuba1.htm: FVP03F01)
3 Sep 1997
(Part C:
19 Oct 1997)
PHASE 2 by Zafer Dongle reverse engineering (Hasp dongles) - (zaferdon.htm: FVP03F02)
2 Nov 1997 PHASE 3 by +DataPimp  

Dongle cracking: NetXRay 1.1.3

(A Very Easy Dongle Protection) - (datapi1.htm: FVP03F03)
6 Nov 1997 PHASE 4 by Dr. Fuhrball
Simple unix busting (the microphar dongle galore) - (fuhrba.htm: FVP03F04)
29 Nov 1997 PHASE 5 by The+Chineese
Dongle protection reversing (HASP) - Pinit dongle testing (Encyclopaedia Universalis: the French reference) - (chineee1.htm: FVP03F05)
24 Dec 1997 PHASE 6 by zeezee
Zen and the Art of Dongle Cracking
(A somehow 'general' essay about dongles) - (zee__4.htm: FVP03F06)
11 Jan 1998 PHASE 7 by +Aitor
Reverse Engineering MATLAB 5 - Part I: Dongle Protection (Simple dongle reversing: the 'alien dll date' trick) - (aitor1.htm: FVP03F07)
20 Jan 1998 PHASE 8 by Quine Pushing the Envelope with HASP (De-Hasping, zip cracking and other marvels) - (quine_h1.htm: FVP03F08)
22 Jan 1998 PHASE 9 by Spyder
SSI Win32 Dongle Protection (Initial workaround for difficult Win32 targets) - (spyder_4.htm: FVP03F09)
29 Jan 1998 PHASE A by Frog's Print Dongle Bashing ~ End of the dongle old aera (How a single +HCU reverser can easily blow a whole commercial sector out of history) - (fp_dong1.htm: FVP03F0A)
21 February 1998  

redJack of Shadows,

Connected to the previous essay, same phase: Dongles are NOT dead! (programmers: use them!) __NEW__
03 Feb 1998 PHASE B by Dr Fuhrball: redMarx Crypto Box, the most Secure device ever made ("Protection Plus Professional") - (fuhrba_3.htm: FVP03F0B)
    reddrfuh5.htm

Connected to the previous essay, same phase:
Dr Fuhrball's treatment on the hardware side of accessing eeproms (with three gifs) Advanced

13 Feb 1998 PHASE C by MaD: Unplugging a dongle protection (unplugging technical library from Micro house) - (dong_mad.htm: FVP03F0C)
16 Feb 1998 PHASE D by MaD Bashing LPT-Parasites (DONGLES: The weak brothership between hard- and software) - (maddon_1.htm: FVP03F0D)
26 Feb 1998 PHASE E by bayunni: Undocumented HASP - Part I, (what d'you think of all the hype about HASP?) - (bayu_2.htm: FVP03F0E) Advanced
04 Mar 1998 PHASE F by MaD: Dongle DEJAVU (Revealing sentinel Pro main code) - (madlas1.htm: FVP03F0E)
12 Mar 1998 PHASE 10 by bayunni: Undocumented HASP - Part II "xDEAD:xBEEF: extending HASP manufacturer's services" - (bayunn2.htm: FVP03F10) Advanced
04 May 1998 PHASE 11 by Shaman:
How to crack an hardcore dongle-protected program Cracking 'Security Lock Number' ('SLN') - (casmw652.htm: FVP03F11) Advanced
27 May 98 Bajunny bayu3.htm Undocumented HASP 3 (no more security through obscurity)
21 Oct 98 SvD bulga_1.htm Data reverse-engineering - Lesson 1

 

Sentinel, Hasp... commercial protectors... how much money should you actually PAY us for having demonstrated how bad implemented your protections are? (Note the 'implemented' bit :-)
And you, programmers, and you that have trusted dongles, believing them to be good protections. You that soon find your own 'dongle-protected' programs regged (and undongled) on any luser's warez site? Did you actually believe the crap written by the dongle-fabricants? Do you believe hypes? Haven't you learned yet to see THROUGH things? To reverse!
How much do you actually owe us for showing you (for free) the truth? Yet don't worry... we don't need, nor want, your money... what we do, we do because we enjoy it, not because we want useless bucks... that's the real reason, I'm afraid, that "non-commercial" reversers will always remain (quite) ahead in this lind of games...


Tools for dongle artists


9 January 1998
wkpe120.zip (215.763 Kb): Wkpe "Keypro": A dongle emulator from Taiwan, wkpe supports all win-dos boxes, incluse dos4gw, and has been sent to me, as a present, by a taiwanese programmer: 3n3E

Here how to use this dongle emulator:

********* Capturing all dongle I/O data to a file ************************



1. install your Dongle in LPT1 (Port address must be 378h)



2. Run WKPE.EXE and "Enable Capture"



3. Run your targets ,and test all menus

   Don't use any printer function, since this 

   version does not support them



4. If all tests are ok, return to WKPE windows and

   "Disable Capture and get Data"



5. Save I/O data to file. (backup dongle data)



********* ok ,you can now remove the dongle *******************************

********* Emulating the dongle ********************************************



6.  load I/O data file



7.  "Enable Emulator"



8.  run your target 



9.  "Disable Emulator"


Be careful though: here is what Slava wrote :-)



With all due respect to your site and your efforts, I must 

tell you that I haven't seen this kind of crap for years. 

Here are the results of my express-test of Wkpe dongle-emulator 

(I tried to cover different dongles/app modes):



1. Code Soft 4.0 (Brady) Memo Hasp, 16 bit application

I whish I knew all those exotic languages, but after

following all the instructions from the Readme file, I finished

up with some weird message box, whithout beeng able to save

anything.

                 

2. Genesys 6.1 (Eagleware) Time Hasp, 32 bit application

Page Fault as soon as I start capturing data, no matter what I do    

or how many times I try.

                 

3. Board Maker (any version) (Tsien) 16 bit, DOS application

Doesn't seem to do anything. The app simply exits with an error, 

same as without the emulator running. 



                 		Best regards, Slava (20 January 1999)


Let's see what the Authors of wkpe will answer... :-)

tough
our protections

USEFUL
programmer's corner

protec
How to protect better

otools
our tools


redhomepage redlinks redanonymity red+ORC redjavascript wars redacademy database
redbots' wars redtools redcocktails redantismut CGI-scripts redsearch forms redmail fravia+
redIs reverse engineering legal?


red(c) Fravia+ 1995, 1996, 1997, 1998, 1999. All rights reversed