[讨论]MasterCAM X2的破解

jxjxc · 发表于 2006-10-17 10:40:00

各位大侠是不是时间限制就在里面，有谁来破解？"Data"=hex:97,D3,BC,C5,0F,AB,00,00,00,00,09,09,90,01,06,00,\            90,01,00,00,90,01,02,00,90,01,06,0A,90,01,00,00,\            74,34,7A,34,B9,54,27,45,0E,53,00,00,06,0A,90,10,\            90,10,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\            FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\            FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\            FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF

[此贴子已经被作者于2006-10-17 10:43:54编辑过]

yuyf · 发表于 2006-10-17 19:19:00

老兄，你搞错了。那个是DATA,数据的意思。不是DATE!破解应该没这么简单吧，一个这么简单的注册项就能搞定？

xiaming · 发表于 2006-10-17 22:44:00

[em03][em03][em03][em03]

xiaming · 发表于 2006-10-17 22:46:00

[em02][em02]

jxjxc · 发表于 2006-10-18 09:25:00

<div class="msgheader">QUOTE:</div><div class="msgborder">以下是引用yuyf在2006-10-17 19:19:00的发言： 老兄，你搞错了。那个是DATA,数据的意思。不是DATE!破解应该没这么简单吧，一个这么简单的注册项就能搞定？</div>看来这位兄台是高人.那你是如何破解的呢?能共享一下吗?

[此贴子已经被作者于2006-10-18 9:25:53编辑过]

yuyf · 发表于 2006-10-18 19:40:00

我不是什么高人，我自己也在到处找破解。只是知道几个英文单词而已！

落魄浪子 · 发表于 2006-10-19 16:28:00

国内会破的不破不会破的傻破[em06]

落魄浪子 · 发表于 2006-10-19 16:35:00

dongle and, more importantly, a complete set of return codes for a specific seed code. Later I will show how the latter fact reduces HASP's cipher strength from 64 bits to between 20 and 25 bits, putting it well within the limits of a brute-force attack. To be completely accurate, the cipher strength is actually only 16 bits because the seed code is only 16 bits - i.e. there are at most 65536 (= 2^16) unique 64 bit return code sequences. Thus, the envelope "protection," as implemented by AKS, does quite the opposite of what it was intended to do. Before analysing the cryptography aspect further we need to know how the HASPCODE routine works. 4. The HASPCODE Algorithm. The algorithm by which the HASP key generates return codes is surprisingly simple - a linear-congruential pseudo-random number generator is used to obtain a 6 bit (0 to 63) offset into a static 64 bit lookup table, and the return code is generated one bit at a time. The following assembly listing shows the complete ISHASP and HASPCODE emulation routine for a 32 bit environment. 80 FF 01        cmp  bh,1                 ; ISHASP requested? 75 05             jne    @CheckTwo    ; jump if not 31 C0            xor     eax,eax          ; else... 40                 inc       eax                ; ...return eax = 1... EB 67             jmp    @EndHProc    ; ...and exit @CheckTwo: 80 FF 02         cmp   bh,2                ; HASPCODE requested? 74 0A              je      @MakeCode   ; jump if so EB 60             jmp    @EndHProc    ; else do nothing @HASPData: db    x0 x1 x2 x3 x4 x5 x6 x7          ; HASP static data @MakeCode: 31 C9               xor     ecx,ecx         ; ecx <- 0 bit offs 31 DB               xor     ebx,ebx        ; ebx <- 0 byte offs E8 00 00 00 00  call    @NextInst      ; push next addr... @NextInst: 5E                   pop     esi                 ; ...and save to esi @NextHBit: 53                   push    ebx               ; save byte counter 66 BB 89 19    mov     bx,1989h F7 E3              mul     eax,ebx 83 C0 05         add      eax,5            ; seed <- seed*1989h+5 0F B7 C0        movzx  eax,ax         ; seed <- seed and FFFFh 50                  push     eax              ; save seed C1 E8 09         shr       eax,9 80 E0 3F         and      al,3Fh           ; al <- bit offset 89 C3             mov     ebx,eax C1 EB 03        shr       ebx,3            ; ebx <- byte no. 80 E0 07         and      al,7               ; al <- bit no. 51                  push     ecx               ; save current code 88 C1             mov      cl,al B0 01             mov      al,1 D2 E0             shl        al,cl              ; al <- bit mask 84 44 33 EF    test       byte ptr [ebx+esi-11h],al    ; is bit set? B0 00             mov      al,0               ; assume not so 74 01              je         @BitClear     ; jump if clear 40                  inc         eax              ; else set bit @BitClear: 59                  pop       ecx               ; ecx <- code string D0 E5             shl        ch,1               ; move to next bit 08 C5             or          ch,al             ; add latest bit 58                  pop       eax               ; eax <- seed 5B                 pop        ebx               ; ebx <- byte count 41                  inc         ecx               ; inc bit count 80 F9 08         cmp       cl,8               ; 8 bits done? 75 C7              jne       @NextHBit     ; jump if not F6 C3 01         test       bl,1                ; byte count odd? 74 03               je         @EvenByte    ; jump if so 5A                  pop       edx                ; get ret code 88 F1              mov       cl,dh             ; add upper 8 bits @EvenByte: 51                   push      ecx               ; save ret code 31 C9              xor         ecx,ecx       ; clear code string 43                   inc         ebx              ; inc byte count 80 FB 08         cmp        bl,8              ; 8 bytes done? 75 B6              jne         @NextHBit   ; jump if not 5A                  pop        edx               ; edx <- ret code 4 59                   pop        ecx               ; ecx <- ret code 3 5B                  pop        ebx               ; ebx <- ret code 2 58                   pop        eax              ; eax <- ret code 1 @EndHProc: C3                  ret                              ; return to caller The above code is tailored to be space efficient and to work regardless of where in memory it is loaded so that there is no need for any further address checking. It follows the machine code calling protocol for the ISHASP and HASPCODE services, as outlined earlier. Also, the code bytes are shown to reflect the actual size (114 bytes) and the signature of the emulation routine on an 80386 or later. The only difficulty in applying the above to a given HASP key lies in finding the 64 bits of static lookup data (the 8 bytes appearing as x0 to x7 in the above listing). This is where the information previously collected from the envelope is very useful, and leads us into the next section. 5. Reconstructing HASP's Static Table. The basic idea behind reconstructing the 64 bits of static HASP data is to recreate the sequence of pseudo-random bit offsets for the known seed code and extracting the corresponding bits in the known return codes, so building, at least in part, the lookup table for the dongle. The procedure is as follows - given Seed and RetCode_1 to RetCode_4: (1) write the four 16 bit return codes in order as a sequential bit string of 64 0s and 1s, not forgetting about byte reversals on 8086 processors, i.e. as LSB(RetCode_1) MSB(RetCode_1) LSB(RetCode_2) ... LSB(RetCode_4) MSB(RetCode_4) (2) Construct a 64 character string of '?' - this will become the HASP static table bit string

落魄浪子 · 发表于 2006-10-19 16:36:00

(3) Let CurrentBitNo <- 0 (4) Let Seed <- (Seed*0x1989h+0x5h) and 0xFFFFh and BitOffs <- (Seed shr 0x9h) and 0x3Fh (5) Let BitOffs <- 7+((BitOffs shl 1) and 0x70h)-BitOffs (6) Get bit no. CurrentBitNo (from left to right, zero-based) from the bit string of the return codes in (1) (7) Set the character in the string under (2) at position BitOffs (left to right, zero-based) to '0' or '1', in accordance with the state of the bit referred to in (6) (8) CurrentBitNo <- CurrentBitNo+1 (9) if (CurrentBitNo < 64) then go to step (4) else stop Once finished, the above routine yields a string with 0s, 1s and ?s. The ?s are those bits which were not referenced by the seed code, while the other bits are as they appear in the HASP key's static table in the correct order, viz. x0 x1 ... x7, when subdivided into groups of eight bits. Generally, a single set of HASPCODE data composed of a seed code plus four return codes will reveal between 39 and 44 bits, leaving 20 to 25 unknown. A different seed code for which the return codes are unknown will reference between 14 and 19 of the unknown bits. At worst, these bits can be found by a brute-force search. However, reasonable guesses can be made as to the state of these bits because the static data exhibits some patterns and cycles that only become evident when it is represented as an eight-by-eight bit matrix. As an example, the bit matrix for the Memo/Time/NetHASP DEMOMA demo key has the following bit matrix: x0 = 0 0 1 1 1 0 0 1 = 39h x1 = 0 1 1 0 0 0 0 1 = 61h x2 = 0 0 1 1 1 0 1 1 = 3Bh x3 = 0 1 1 0 0 0 1 1 = 63h x4 = 1 0 0 1 1 1 0 1 = 9Dh x5 = 1 1 0 0 0 1 0 1 = C5h x6 = 1 0 0 1 1 1 1 1 = 9Fh x7 = 1 1 0 0 0 1 1 1 = C7h Now suppose that we do not know this HASP key's static table, but that we have learned that for the seed code 11073 (decimal) this HASP key returns the code set RetCode_1 = 14990 = 3A8Eh RetCode_2 = 23754 = 5CCAh RetCode_3 = 43929 = AB99h RetCode_4 = 45507 = B1C3h Upon applying the procedure given above, we obtain                           [   8E     ] [   3A     ] [   CA    ] [   5C     ] [   99      ] [   AB     ] [   C3    ] [   B1     ] BitString(1)    = "10001110 00111010 11001010 01011100 10011001 10101011 11000011 10110001 "OutString(9) = "00111001 01?000?? ?0?????1 0?1?0??1 1??1110? 1?0?0?01 100?11?? 1?000?11" whence x0 = 0 0 1 1 1 0 0 1 = 39h x1 = 0 1 ? 0 0 0 ? ? = 40h, 41h, 42h, 43h, 60h, 61h, 62h or 63h x2 = ? 0 ? ? ? ? ? 1 = (one of 64 possibilities) x3 = 0 ? 1 ? 0 ? ? 1 = (one of 16 possibilities) x4 = 1 ? ? 1 1 1 0 ? = 9Ch, 9Dh, BCh, BDh, DCh, DDh, FCh or FDh x5 = 1 ? 0 ? 0 ? 0 1 = 81h, 85h, 91h, 95h, C1h, C5h, D1h or D5h x6 = 1 0 0 ? 1 1 ? ? = 8Ch, 8Dh, 8Eh, 8Fh, 9Ch, 9Dh, 9Eh or 9Fh x7 = 1 ? 0 0 0 ? 1 1 = 83h, 87h, C3h or C7h In this case 24 bits remain indeterminate, but inferring bit values based on assumed patterns reduces this number. For example, the first column has one unknown bit in the third row and the bits appear to be composed of two groups of four. It is therefore reasonable to suppose that the unknown bit is a 0. Similarly, the unknown bit in column 5, row 3 is probably a 1, and the three unknown bits in column 8 are all likely to be 1s. Continuing in this way, other patterns can be sought and built upon to yield a few of the most likely bit matrices, each of which can then be tested either against the HASP envelope or against other HASPCODE requests until the correct candidate is found. Having picked out the bit patterns for seven different HASP keys (the bit patterns and serial/batch numbers of which I will not divulge here for obvious reasons), it is safe, and indeed profitable, to infer the unknown bits of other keys, using the above example as a rough guide. One should look mainly for horizontal and vertical cycles and patterns, but diagonals can also prove useful, especially if the entire bit matrix is copied immediately to the right as well as below itself. Similar groups of two and four bits recur in all sorts of fairly self-evident ways. With some trial-and-error, the remaining bits can normally be found in fewer than about 30 attempts. Does AKS's claim of unsurpassed security still hold water in light of the above? The answer is, I think, quite obvious. 6. Completing the HASP Emulation. With the knowledge that it is possible to construct a short piece of code that performs exactly the same function as the ISHASP and HASPCODE calls to the HASP routine, emulating the remaining services is almost trivial. Routines that do what the READMEMO, WRITEMEMO, HASPSTATUS, HASPID, READBLOCK and WRITEBLOCK services do can be coded in a straightforward way, making use of the main program's code space to read/write HASP "memory," if necessary. Of course, this is only required if the main program actually makes any of these calls to the HASP routine. Some difficulty may be experienced in the case where a TimeHASP is used and its on-board clock is accessed, but even this can be overcome by using the GetSystemTime() Win32 API function, if required. Once a complete list exists of the HASP services a given program makes use of, a complete HASP emulation routine can be cobbled together without too much difficulty from the various bits and pieces. If the program makes use of PCS (see Section 3.), the emulation routine can be called from a loop which loads, executes and saves the PCS specifications sequentially from the data in the PCS masterlist and the PCS structures this list identifies. By reversing the relevant decryption routines and adjusting any CRC or checksum routines, an executable can be patched so as to not require an actual HASP key. This can generally be achieved with a total patch size not exceeding 1kB. This may sound like a lot, but pales in comparison to the 32 bit HASP routine which is around 70kB in size - another victim of code bloat? In some versions the block cipher mask depends on the en/decrypted bytes of the preceding en/decrypted block. This is a further safeguard against patching but is not particularly effective since the blocks immediately before and/or after the patch can be padded with adjusting bytes to ensure that other code and data are decrypted correctly. 7. Conclusions. This article has described the low-level operation of Aladdin Knowledge System's HASP dongles in some detail. Particular emphasis was placed on the HASPCODE service due to its pivotal role in the HASP security architecture. A technique and some tips for expediting the determination of the static 64 bit lookup table which fully defines the HASPCODE response for any HASP key were presented. The information contained in this article is accurate to the best of the author's knowledge, and appertains to the HASP-3, MemoHASP, TimeHASP and NetHASP keys. At the time of writing, it was not yet clear whether it remains applicable to AKS's latest generation of dongles, the HASP4. Investigations into this will be initiated in the near future and reported on as soon as some light is shed on the matter. In this context, it is worth noting that AKS have once again applied that annoyingly presumptuous phrase, "impossible to crack." We shall see. On the assumption that you, the reader, have at least an intermediate-level grasp of (32 bit) assembly language, you now have the basic knowledge and tools to understand fully the operation of a HASP dongle. How you use this information is, of course, entirely up to you.

hyplip · 发表于 2006-10-19 21:55:00

已有人破解出来了

jxjxc · 发表于 2006-10-20 08:41:00

<div class="msgheader">QUOTE:</div><div class="msgborder">以下是引用hyplip在2006-10-19 21:55:00的发言： 已有人破解出来了</div>在哪呀?

yxhqqqq · 发表于 2006-10-20 14:18:00

X2是使用版还是正式版？？？

mastercamx2 · 发表于 2006-10-20 14:20:00

<div class="msgheader">QUOTE:</div><div class="msgborder">以下是引用yxhqqqq在2006-10-20 14:18:00的发言： X2是使用版还是正式版？？？</div>bata 3 使用版.

haiyang037 · 发表于 2006-10-24 07:31:00

看到这一段鹦哥历史我心都麻拉,

追雪2002 · 发表于 2006-10-24 09:08:00

还是等等吧

defa1 · 发表于 2006-10-24 10:36:00

落魄浪子兄是个高人啊!

byh831 · 发表于 2006-10-25 09:06:00

[em01][em01][em01]

cp0011 · 发表于 2006-10-26 22:32:00

真希望早点破解,大家努力啊~!

peng3511 · 发表于 2006-11-1 21:46:00

看不懂？

hb1619 · 发表于 2006-12-9 18:23:00

看不懂？

		自动登录	找回密码
密码			注册

申请者注册名：		*默认获取当前用户名
性别：	男女
年龄：		*请填写您的真实年龄
职业：		*请填写您当前的职业
申请版区名称：		*请选择您申请的版区
联系电话：		*请填写您的联系电话，此项必填！
我的QQ：		*请填写您的QQ，此项必填！
我的专业特长：		*请填写您的特长领域
申请理由：		*请填写您为什么要申请的理由
管理措施：		*您准备以何种措施管理申请的版块？

[讨论]MasterCAM X2的破解

浏览过的版块

招聘信息 /5

求职信息 /5

技术求助 /5

×