It good to know its possible Yurkar, iv been having a play with the spare dongle which i know the passwords to and can confirm the calculator works as i put all 3 master codes in the calc and it gives me all 6 read / write code all right. So i need to find the 3 master codes so using the developers kit i can write a bit of software to log onto the dongle and change the expiry date im trying to understand how the dongle works am i right in saying the software does not talk to the dongle but talks to the driver which does not send any of the codes to the dongle and usb trace will have no information in it with the 3 code. Im thinking the only way to get the 3 master codes is to use a debug program like ollydbg??
We decided to do a teardown on a Keylok USB based dongle from A picture of the dongle is to the right. Opening the dongle was no challenge at all. Compal Hl90 Drivers.
Legal Dongle emulator is better than dongle crack! Order dongle emulator for Rainbow SENTINEL, HASP, HASP HL, HARDLOCK U. Manufactures and sells dongle crack or dongle recovery software and dongle emulators. Learn about product benefits in cases of broken dongles or other mishaps. Echo The list of software which use Sentinel SuperPro dongle licensing.
We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle's circuit board from the surrounding protective coating.
The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally.
We were a little surprised by this:(. The backside consists of two tracks and a large ground plane. The circuit is very simple for an attacker to duplicate.
With the devices removed, a schematic can be created literally within minutes. The 20-pin version of CY7C63101A can even be used in place of the smaller SOIC 24-pin package (which is difficult for some to work with). The 20-pin is also available in a dual-inline-package (DIP) making it a great candidate for an attacker to use. Red pin denotes pin 1 on the device. You might have seen this picture from the. That's because we borrowed the Cypress pictures from that teardown:).
We performed some magic and once again we have success to unlock the once protected device New Pan Card Form 49a Free Download Pdf 2014. . A quick look for ASCII text reveals a bunch of text beginning around address $06CB:.B.P.T..E.n.t.e.r.p.r.i.s.e.s.D.o.n.g.l.e..D.o.n.g.l.e..C.o.m.m.
Asdf Sanjit, There are a few dongles out there, empahsis on FEW which are pretty good in resistance to the casual hacker. I have done mostly low budget and low level attacks on pretty much every dongle that exist up to 2006; all of them fell to universal emulation. There are some dongles, however, that upload the actual logic of your code into the mcu. These are breakable, but with much more effort.
I know of one that is pretty darn good and uses a nice philips component which I would estimate costs around 50k to reverse, although I wouldnt bet that money against flylogic, these guys are one of the few outfits out there that actually impress and know wtf they're doing. If you are interested in a decent protection I can give you some guidance, just post back here sometime. Also, to the prior poster of many months ago, get the system drivers available for download on the keylok website and dissamble with IDA, you will have no problem finding the internal algorithm as long as you know it is in there, afterwards you can make whatever you want.
Comments are closed.