+HCU Special project 3
[essays] ~ [tools]

How to "UNDONGLE" the hell out of it
Updated January 1999

Dongles

From Fravia's own private
"cracking posters" collection

"This is an enemy"
(1941)

+HCU project 3
How to undongle
(1997, 1998)

Dongle cracking... hardware checks cracking... well... dongle protection cracking has long been a "bete noire" of all crackers, old crackers' songs sing it, old crackers paintings show the terrible lost battles... so we decided, in may 1997, to start working on it, we wanted to show how useless even these supposed 'extremely hard' hardware protections resulted against Internet +team work.
In fact -as you will read- most of the times the programmers that have prepared the dongle-based protection schemes have been blinded by their greed... as we all know a 'commercial' approach to programming turns ALWAYS into a programming catastrophe (just look at Micro$oft's crashing programs and OSs if you need any confirmation of this matter of fact :-)
This +HCU 'dongle' project has made "history" in the scene (of course I know exactly who is continuously looking at this page) and has been allowed thank to the first (very sound) contributions by Xoanon and Zafer, good crackers that have 'broken the ice' and allowed the splendid Renaissance of these studies that we are enjoying now (January 1998)
When (and if :-) you'll have finished reading the marvellous essays on this page you'll never believe that once upon a time (couple of years ago) many crackers were scared to death from these relatively easy to defeat hardware protections (well... some of them ARE indeed pretty though -as you'll see)
Some of the essay on this page are VERY ADVANCED reading, and I'm sure that my advanced readers will find all this VERY INSTRUCTIVE
Of course, as usual this is a 'work in progress' section of my site... and you have the two usual choices: 1) You just leech and try to use what you learn here in order to gain some money for yourself =you slime :-( or 2) You contribute and, building on the shoulders of all others, allow others to build on your shoulders =you +cracker :-)

16 May 1997	PHASE 1 by Xoanon	Cubase -Dongle protection cracking	(the main tricks) - (xoacuba1.htm: FVP03F01)
3 Sep 1997 (Part C: 19 Oct 1997)	PHASE 2 by Zafer	Dongle reverse engineering	(Hasp dongles) - (zaferdon.htm: FVP03F02)
2 Nov 1997	PHASE 3 by +DataPimp	Dongle cracking: NetXRay 1.1.3	(A Very Easy Dongle Protection) - (datapi1.htm: FVP03F03)
6 Nov 1997	PHASE 4 by Dr. Fuhrball	Simple unix busting	(the microphar dongle galore) - (fuhrba.htm: FVP03F04)
29 Nov 1997	PHASE 5 by The+Chineese	Dongle protection reversing (HASP) - Pinit dongle testing	(Encyclopaedia Universalis: the French reference) - (chineee1.htm: FVP03F05)
24 Dec 1997	PHASE 6 by zeezee	Zen and the Art of Dongle Cracking	(A somehow 'general' essay about dongles) - (zee__4.htm: FVP03F06)
11 Jan 1998	PHASE 7 by +Aitor	Reverse Engineering MATLAB 5 - Part I: Dongle Protection	(Simple dongle reversing: the 'alien dll date' trick) - (aitor1.htm: FVP03F07)
20 Jan 1998	PHASE 8 by Quine	Pushing the Envelope with HASP	(De-Hasping, zip cracking and other marvels) - (quine_h1.htm: FVP03F08)
22 Jan 1998	PHASE 9 by Spyder	SSI Win32 Dongle Protection	(Initial workaround for difficult Win32 targets) - (spyder_4.htm: FVP03F09)
29 Jan 1998	PHASE A by Frog's Print	Dongle Bashing ~ End of the dongle old aera	(How a single +HCU reverser can easily blow a whole commercial sector out of history) - (fp_dong1.htm: FVP03F0A)
21 February 1998		Jack of Shadows,	Connected to the previous essay, same phase: Dongles are NOT dead! (programmers: use them!) __NEW__
03 Feb 1998	PHASE B by Dr Fuhrball:	Marx Crypto Box, the most Secure device ever made	("Protection Plus Professional") - (fuhrba_3.htm: FVP03F0B)
		drfuh5.htm	Connected to the previous essay, same phase: Dr Fuhrball's treatment on the hardware side of accessing eeproms (with three gifs) Advanced
13 Feb 1998	PHASE C by MaD:	Unplugging a dongle protection	(unplugging technical library from Micro house) - (dong_mad.htm: FVP03F0C)
16 Feb 1998	PHASE D by MaD	Bashing LPT-Parasites	(DONGLES: The weak brothership between hard- and software) - (maddon_1.htm: FVP03F0D)
26 Feb 1998	PHASE E by bayunni:	Undocumented HASP - Part I,	(what d'you think of all the hype about HASP?) - (bayu_2.htm: FVP03F0E) Advanced
04 Mar 1998	PHASE F by MaD:	Dongle DEJAVU	(Revealing sentinel Pro main code) - (madlas1.htm: FVP03F0E)
12 Mar 1998	PHASE 10 by bayunni:	Undocumented HASP - Part II	"xDEAD:xBEEF: extending HASP manufacturer's services" - (bayunn2.htm: FVP03F10) Advanced
04 May 1998	PHASE 11 by Shaman:	How to crack an hardcore dongle-protected program	Cracking 'Security Lock Number' ('SLN') - (casmw652.htm: FVP03F11) Advanced
27 May 98	Bajunny	bayu3.htm	Undocumented HASP 3 (no more security through obscurity)
21 Oct 98	SvD	bulga_1.htm	Data reverse-engineering - Lesson 1

Sentinel, Hasp... commercial protectors... how much money should you actually PAY us for having demonstrated how bad implemented your protections are? (Note the 'implemented' bit :-)
And you, programmers, and you that have trusted dongles, believing them to be good protections. You that soon find your own 'dongle-protected' programs regged (and undongled) on any luser's warez site? Did you actually believe the crap written by the dongle-fabricants? Do you believe hypes? Haven't you learned yet to see THROUGH things? To reverse!
How much do you actually owe us for showing you (for free) the truth? Yet don't worry... we don't need, nor want, your money... what we do, we do because we enjoy it, not because we want useless bucks... that's the real reason, I'm afraid, that "non-commercial" reversers will always remain (quite) ahead in this lind of games...

Tools for dongle artists

9 January 1998

wkpe120.zip (215.763 Kb): Wkpe "Keypro": A dongle emulator from Taiwan, wkpe supports all win-dos boxes, incluse dos4gw, and has been sent to me, as a present, by a taiwanese programmer: 3n3E

Here how to use this dongle emulator:

********* Capturing all dongle I/O data to a file ************************

1. install your Dongle in LPT1 (Port address must be 378h)

2. Run WKPE.EXE and "Enable Capture"

3. Run your targets ,and test all menus
   Don't use any printer function, since this 
   version does not support them

4. If all tests are ok, return to WKPE windows and
   "Disable Capture and get Data"

5. Save I/O data to file. (backup dongle data)

********* ok ,you can now remove the dongle *******************************
********* Emulating the dongle ********************************************

6.  load I/O data file

7.  "Enable Emulator"

8.  run your target 

9.  "Disable Emulator"

Be careful though: here is what Slava wrote :-)


With all due respect to your site and your efforts, I must 
tell you that I haven't seen this kind of crap for years. 
Here are the results of my express-test of Wkpe dongle-emulator 
(I tried to cover different dongles/app modes):

1. Code Soft 4.0 (Brady) Memo Hasp, 16 bit application
I whish I knew all those exotic languages, but after
following all the instructions from the Readme file, I finished
up with some weird message box, whithout beeng able to save
anything.
                 
2. Genesys 6.1 (Eagleware) Time Hasp, 32 bit application
Page Fault as soon as I start capturing data, no matter what I do    
or how many times I try.
                 
3. Board Maker (any version) (Tsien) 16 bit, DOS application
Doesn't seem to do anything. The app simply exits with an error, 
same as without the emulator running. 

                 		Best regards, Slava (20 January 1999)

Let's see what the Authors of wkpe will answer... :-)

our protections

programmer's corner

How to protect better

our tools

homepage links anonymity +ORC javascript wars academy database
bots' wars tools cocktails antismut CGI-scripts search forms mail fravia+
Is reverse engineering legal?