Hi all,
One of my program is not running saying "HASP Device Driver not installed.. (-3)".
I got one hasp95.vxd in system directory...
Did any one have the idea? though there is no direct relation with ASM!!:) :grin:
My comp is a 98SE m/c
Posted on 2004-02-25 12:00:37 by zakham
HASP is a software protection device attached either to the parralel port ot to the USB hub.

Judging by the VxD it is a paralell version. So basically the owner of the software has pulled out the key...

Take care as this forum does not allow questions about breaking software protection
Posted on 2004-02-25 12:13:10 by BogdanOntanu
This is for hardware protection. The software ask a hardware key for authorization. The encryption mechanism is good and breaking it is anti-economical, so it offers a good protection over unauthorized copying. The drawback is that drivers have had bug problems and this is a constant annoiance for protected software users.

Go to www.ealaddin.com as they are providers of HASP keys. The driver you are talking about is probably for a NetHASP key where the authorization request arrives from a hardware key located on a server.

The error message for having the key out of place is different. This is for not having drivers installed.

Regards,
Posted on 2004-02-25 12:54:02 by pelaillo
...and a question like this goes in Heap, not Main.
Posted on 2004-02-25 13:10:41 by f0dder
I've got three of them on my PC :)

Two for proprietary software and one for hardware based encryption of all data.
Posted on 2004-02-25 13:21:26 by donkey
Yeah i have moved it to the Heap

BTW Pelaillo,

It is easy to break contrary to common beliefs i have never seen a software protected with it that was not breaked in a few days or 1-2 weeks at maximum. ...sometimes at a few clicks of a button .

The drivers are not very good and the algorithms used to "envelope" are decent but nothing special.

Keeping the key in a hardware device is by no way safer... than keeping it on a CD-ROM or something, but all is in the mind of the customers :grin:.

The idea would be that is pretty hard to attemp and duplicate such a physical device and/or reverse engineer it...

Funny ideea, as i have never seen anybody ever trying to do so, all that every bad boy does is break the software not the device... so the software protection is the real key and not the device itself....

So using asembly will always help making a better software protection IMHO....

Also a btetter world would make the need for protection obsolete and would alow us to concentrate on growing rather than killing/compeeting against eachother... but guess what will never happen?
Posted on 2004-02-25 17:41:40 by BogdanOntanu
Hi Bogdan,

There was one guy who broke the device. This is not bad information as it was a 1980's thing but there was Bob McQuaid of Quaid Software that had such programs as CopyWrite. He also had a program called RamKey that was a TSR that would imitate a dongle and software would react as if it was actually attached to the machine.

He was sued for infringement of copyright etc.. and won. Why is this decision important enough to remember ? Well it is one of the only peices of case law that applies directly to reverse engineering a program. The US courts stated directly that any clause that prohibitted RE is unenforceable and therefore carries no weight in law :

The exact wording of the judgement for Quaid Software

We hold that: (1) Quaid did not infringe Vault's exclusive right to reproduce its program in copies under ? 106(1); (2) Quaid's advertisement and sale of RAMKEY does not constitute contributory infringement; (3) RAMKEY does not constitute a derivative work of Vault's program under ? 106(2); and (4) the provision in Vault's license agreement, which prohibits the decompilation or disassembly of its program, is unenforceable..
Posted on 2004-02-25 20:17:37 by donkey
Originally posted by BogdanOntanu
Also a btetter world would make the need for protection obsolete and would alow us to concentrate on growing rather than killing/compeeting against eachother... but guess what will never happen?


Bogdan, I fully agree with you on this. I was always against any protection schemes.
I was forced to protect a software (and I do it with assembly and a parallel port key) but I managed to convince my former boss to go open source and it has been since then.

But I have to use some propietary engineering programs protected with those keys. I have never seen a broken version of them arround neither in the net nor in the street since they got HASP.
I know it is always possible to break protections. I say it is antieconomical because the eventual user base is so small that it does not justify someone to spend a long time treating to break them.
Posted on 2004-02-26 06:53:24 by pelaillo
If you merely get the dingle from the device, *boom*, broken.

If you use the dongle itself to do decryption, it becomes harder (don't attempt this with par/ser dongles, customers will be annoyed at the slow data rates)

If you re-encrypt program parts after use, it becomes pretty damn annoying.

And, to top it all off, implement a few program features in the dongle...

Stuff like this would attract attention from the really skilled guys, though, so eventually your software still would be broken. But hopefully not before your next major release is out :)
Posted on 2004-02-26 08:51:28 by f0dder
Pelaillo,

Indeed, if the software protected is unknown and/or not very used / spread then there will not be a unprotected version floating arround and HASP is a pretty easy and good method to protect them

But with very much used and appreciated programs like 3D Studio Max and AutoCAD and such
... they are breaked in a few days after the original release :grin:

I guess it depends on the attention they get from the community
Posted on 2004-02-26 10:52:44 by BogdanOntanu
The drivers are not very good and the algorithms used to "envelope" are decent but nothing special.
Keeping the key in a hardware device is by no way safer... than keeping it on a CD-ROM or something, but all is in the mind of the customers :grin:.

The principle is exactly the same, you have a key that decrypts the program and does some checks. However it is easier to copy and distribute a simple text key like ABCD-12345 than a hardware device. Of course the device could be faked but in any case you will need an original dongle to start with. However, if you have the right dongle the protection is absolutely nothing special. The only way you can protect the software better is adding additional checks en decryption stuff like f0dder mentioned. Just using for example the envelope tool HASP supplies with its products is just like using a standard packer/encryptor.


Thomas
Posted on 2004-02-28 10:43:36 by Thomas

in any case you will need an original dongle to start with

A whole bunch of dongles protections have been weak enough that they could be broken without having any dongle access. Even some of the less trivial ones. And if a cracker doesn't have physical access to the dongle, but they have a supplier that's willing to help (but not to send the dongle to the crackers), there's the option of writing a layer of emulation code and have the application on the cracker's machine talk to the dongle on the supplier's machine over the internet...
Posted on 2004-02-28 18:59:56 by f0dder


A whole bunch of dongles protections have been weak enough that they could be broken without having any dongle access. Even some of the less trivial ones.

I know there have been, but I think (or hope ;)) that the latest dongles make that impossible.

And if a cracker doesn't have physical access to the dongle, but they have a supplier that's willing to help (but not to send the dongle to the crackers), there's the option of writing a layer of emulation code and have the application on the cracker's machine talk to the dongle on the supplier's machine over the internet...

You're right there but that way you are still indirectly using a dongle, you'll always need the data inside the dongle from somewhere (assuming the encryption is done well).

Thomas
Posted on 2004-02-29 02:36:17 by Thomas

You're right there but that way you are still indirectly using a dongle, you'll always need the data inside the dongle from somewhere (assuming the encryption is done well).

Yup, thomas, I was just pointing out that you shouldn't underestimate the resources and dedication of a few of the crackers out there. You must be sure your protection scheme doesn't add too big inconveniences for the end-user (like decrypting a 3meg executable through a serial dongle), because it will be cracked nonetheless...
Posted on 2004-02-29 08:37:35 by f0dder