Scribd
Upload
56 views3 pages

Manual ENG

The document describes the format and contents of keys and dumps for different hardware security key types including HASP, HARDLOCK, SENTINEL and GUARDANT. It provides details on serial numbers, memory contents, encryption tables and describes the structure of keys in the Windows registry.

Uploaded by

Duy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
56 views3 pages

Manual ENG

The document describes the format and contents of keys and dumps for different hardware security key types including HASP, HARDLOCK, SENTINEL and GUARDANT. It provides details on serial numbers, memory contents, encryption tables and describes the structure of keys in the Windows registry.

Uploaded by

Duy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

*** General ***

[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ xxxxxxxx]

xxxxxxxx - password key

To use the keys with the same password you want to add any character
after the password key:
... MultiKey \ Dumps \ xxxxxxxxa]
... MultiKey \ Dumps \ xxxxxxxx1]

"Name" = "xxx"
"Copyright" = "xxx"
"Created" = "xxx"

"DongleType" = dword: 0000000x - type key


1 - HASP
2 - HARDLOCK
3 - SENTINEL
4 - GUARDANT

*** HASP ***

"SN" = dword: xxxxxxxx - serial number

"Type" = dword: 000000xx - model


12 - Time HASP 3
0A - HASP4 M1 (deafult)
1A - HASP4 Time
EA - HASP HL
DA - HASP HL Time

"Memory" = dword: 00000001 - the size of memory

"SecTable" = hex: 00,00,00,00,00,00,00,00 - private table

"NetMemory" = hex: 03,00,0 F, D0, 02,00,00,00, FF, FF, FE, FF - cells' power
'memory

"Option" = hex: - not used

"Data" = hex: - memory cells

"ColumnMask" = dword: 000000FF

"CryptInitVect" = dword: 0000003F

Table-emulated functions hasp_decrypt + hasp_encrypt

The tables are arranged in podvetkah core of the dump:


Decrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \
12345604 \ DTable];
Encrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \
12345604 \ ETable].

The format of entries in the table (all values hexadecimal):


"10:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00
"20:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00
"30:00112233445566778899 AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00

where

- "10:00112233445566778899 AABBCCDDEEFF" - a request to the key


�� 10 (20,30) - query length in bytes
�� "00112233445566778899AABBCCDDEEFF" - the first 16 bytes of the query

- Hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00 - the answer key, are
only
�� the first 16 bytes of real answer.

For example:

================================================== ================
2008/10/10 07:13:25.109 <== HaspHL_decrypt: Length = 0x10
2008/10/10 07:13:25.109 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:25.109
�� 2A E1 F0 A2 | E1 B2 F1 F9 | 9F C8 72 F6 | CA 4B 01 49

2008/10/10 07:13:25.171 ==> HaspHL_decrypt: Output Data =


2008/10/10 07:13:25.171
�� 53 9D 4D 03 | 00 00 00 00 | CB D2 6B 04 | 00 00 00 00

2008/10/10 07:13:25.171 ==> HaspHL_decrypt: Status = 0x00


================================================== ================
2008/10/10 07:13:23.484 <== HaspHL_decrypt: Length = 0x20
2008/10/10 07:13:23.484 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:23.484
�� 7B 6E 8C DF | D6 51 A3 0C | 47 E1 FA 60 | 51 6C 79 71
�� 2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A

2008/10/10 07:13:23.546 ==> HaspHL_decrypt: Output Data =


2008/10/10 07:13:23.546
�� 02 B0 3C 6E | DA 88 46 BA | 4C 7E 5A 12 | 8E D6 DE 76
�� 2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A

2008/10/10 07:13:23.546 ==> HaspHL_decrypt: Status = 0x00


================================================== ================
2008/10/10 07:13:23.609 <== HaspHL_decrypt: Length = 0x30
2008/10/10 07:13:23.609 <== HaspHL_decrypt: Input Data =
2008/10/10 07:13:23.609
�� 7B 6E 8C DF | D6 51 A3 0C | 47 E1 FA 60 | 51 6C 79 71
�� 2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
�� 9C F3 2A BD | A4 DA 3B 78 | 97 CC 44 ED | 42 47 42 E6

2008/10/10 07:13:23.671 ==> HaspHL_decrypt: Output Data =


2008/10/10 07:13:23.671
�� 77 64 61 62 | 63 5F 60 61 | A2 B9 AC 60 | 61 62 63 5F
�� 2E 0E 0C 38 | C6 99 FE 97 | B2 C2 E1 37 | 7F 61 CD 7A
�� 9C F3 2A BD | A4 DA 3B 78 | 97 CC 44 ED | 42 47 42 E6

2008/10/10 07:13:23.671 ==> HaspHL_decrypt: Status = 0x00


================================================== ===============
The resultant table:

[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \ 12345604 \


DTable];
"10:2 AE1F0A2E1B2F1F99FC872F6CA4B0149" = hex: 53,9 D, 4D, 03,00,00,00,00, CB, D2,
6B, 04,00,00,00,00
"20:7 B6E8CDFD651A30C47E1FA60516C7971" = hex: 02, B0, 3C, 6E, DA, 88,46, BA, 4C,
7E, 5A, 12,8 E, D6, DE, 76
"30:7 B6E8CDFD651A30C47E1FA60516C7971" = hex: 77,64,61,62,63,5 F, 60,61, A2, B9,
AC, 60,61,62,63,5 F

If the protocol meets a single query length of 32 (20h) bytes, which is immediately

No request for a length of 48 (30h) bytes, then the query should be stored in the
table as
two requests to 16 (10h) bytes

*** HARDLOCK ***

"ID" = dword: xxxxxxxx - serial number

"withMemory" = dword: 0000000x - the key to memory, or without it

"Seed1" = dword: 0000xxxx


"Seed2" = dword: 0000xxxx
"Seed3" = dword: 0000xxxx

"HlkMemory" = hex: - memory cells

*** SENTINEL ***

"Type" = dword: 00000000 - Model

"sntMemory" = hex: - memory cells

"CellType" = hex: - types of cells

*** GUARDANT ***

... MultiKey \ Dumps \ xxxxxxxx] - xxxxxxxx - pwRead - password key for reading;

"DongleType" = dword: 00000004


"pWrite" = dword: 23232323>>> password for entry, optional if the program does not
use record
"Data" = hex: \
... (256 bytes - a full dump of descriptors)

You might also like