Reverse Engineering Team
Unregistered, You must accept the Forum Rules below to be able to use some forum functions.

Read forum rules below...

1. All posts must be written in English.
2. Don't spam/abuse any other member via E-mail or Private Messages.
3. Have phun!

For breaking above rules you may be warned/banned appropriately!

Reversing Seeds from Hardlock Key possible

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Go down

Re: Reversing Seeds from Hardlock Key possible

Post by kjms on Tue May 06, 2014 6:33 am

i have compile and collect the seeds more than 30nos, how could find the right seeds?

kjms

Posts : 183
Points : 236
Reputation : 45
Join date : 2010-09-12

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by nodongle.biz on Tue May 06, 2014 7:48 am

Test each founded seeds and will found the correct.

nodongle.biz

Posts : 273
Points : 318
Reputation : 22
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by erick2 on Fri Sep 09, 2016 7:37 am

Let say I have correct Seed1, Seed2, Seed3. Using MK it works, I mean HL_CODE decryption works correctly. But I want to build HL_CODE myself using Seed1, Seed2, Seed3. I've already went through "HARDLOCK Key Seeds brute-force finder" code but don't know if it is good way. Anyone could help?

erick2

Posts : 10
Points : 19
Reputation : 7
Join date : 2012-09-14

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by nodongle.biz on Fri Sep 09, 2016 7:47 am

You can extract the HL_CODE function from Hardlock API or from Multikey.

nodongle.biz

Posts : 273
Points : 318
Reputation : 22
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by erick2 on Fri Sep 09, 2016 9:43 am

Hardlock API? Is API asks dongle for seeds and then code it using internal algo? It make no sens. Can you explain this?

erick2

Posts : 10
Points : 19
Reputation : 7
Join date : 2012-09-14

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by nodongle.biz on Fri Sep 09, 2016 11:57 pm

Early versions of API was with HL_CODE and HL_CALC algo.

nodongle.biz

Posts : 273
Points : 318
Reputation : 22
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by erick2 on Sun Sep 11, 2016 4:51 pm

After some test with MultiKey I fill confused. Simple HL_CODE 2x8bytes captured before and after HL_CODE function:
before:8944C1BDF6B413DE1738E72B7D7D4660
after:  34323632312C34303134323037313736
On the same time MK log:
00000069    0.00662289    HDK_KEY_FN_HL_CODE BufferedData=BDC14489DE13B4F6     
00000070    0.00681286    HDK_KEY_FN_HL_CODE Response=51CEB3C8BC0EBC44     
00000071    0.00701674    HDK_KEY_FN_HL_CODE Response=384308488DA4DEA9     
00000072    0.00720197    HDK_KEY_FN_HL_CODE Response=683984DF58766F7C     
00000073    0.00738583    HDK_KEY_FN_HL_CODE Response=001D

It seems dongle produces long response for 8 bytes of input. How to use Response from dongle to calculate correct coded answer for HL_CODE?

erick2

Posts : 10
Points : 19
Reputation : 7
Join date : 2012-09-14

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by nodongle.biz on Sun Sep 11, 2016 10:48 pm

Analyze hl_code sources.

nodongle.biz

Posts : 273
Points : 318
Reputation : 22
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by erick2 on Fri Sep 16, 2016 3:05 am

OK. Now, after some debbuging I know more. First 8bytes block is decoded by dongle. Rest data by hlvdd.dll code. One thing I can't understand is how 1 block of decoded data is been transfer between dll and dongle.
Dump of data before DeviceIoControl in hlvdd.dll:
0A799320  18 F8 EA 00 00 E9 90 7C 98 42 91 7C FF FF FF FF  .......|.B.|....
0A799330  8F 42 91 7C 9C D0 01 00 02 00 01 F0 00 00 EA 00  .B.|............
0A799340  80 00 10 40 18 F8 EA 00 82 C4 EA 94 30 08 C5 39  ...@........0..9
and after:
0A799320  76 95 94 C4 6E 59 F7 0F 0F 87 64 C7 98 25 49 AB  v...nY....d..%I.
0A799330  33 01 F5 C6 56 E5 95 05 02 00 01 F0 2A 00 EA 00  3...V.......*...
0A799340  31 2C 35 32 56 E5 95 05 31 2C 35 32 34 32 36 32  1,52V...1,524262

Data transfer between dongle, buffer before and after DeviceIoControl. nOutBufferSize = 1C - only response from MK HL_CODE. This is only up to 0A7993C. First block of decoded data starting at +0x28. Who is filling this? Olly don't stop at breakpoint memory write.

erick2

Posts : 10
Points : 19
Reputation : 7
Join date : 2012-09-14

Back to top Go down

Re: Reversing Seeds from Hardlock Key possible

Post by Sponsored content


Sponsored content


Back to top Go down

Page 3 of 3 Previous  1, 2, 3

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum