This article describes ways to bypass hardware security systems. As an example, we consider the HASP (Hardware Against Software Piracy) technology developed by Aladdin Knowledge Systems Ltd. In past this technology was one of the most popular hardware software protection systems.
The power of HASP hardware protection is used by many serious software developers who do not want their product to be distributed without permission. Hasp, for example, protects the “1C.Accounting” or “1C.Enterprise” packages, without which no more or less organized business can survive. The popular legal directory “ConsultantPlus” also protects access to data using electronic keys. To use the above-mentioned or other equally expensive software without paying anyone a penny, it is not enough to simply surf the Internet in search of a txt tool with keys. However, a hacker will always figure out what to do with protection, even hardware. And he doesn’t need a soldering iron for this.
Exaggerating, we can say that HASP consists of two parts: hardware and software. The hardware is an electronic key in the form of a USB keychain, PCMCIA card, LTP device, or even an internal PCI card. The installed software will only work on the machine into which the electronic key is inserted. Actually, it would be a good idea to wean the software from such an unpleasant habit for the wallet.
The software part consists of electronic key drivers and various software that bind electronic keys with their drivers directly to the protected product or to some encrypted data. In this article we will look at and bypass protection using a USB keychain - probably the most popular electronic key today.
The key fob itself is almost of no interest to us, unlike the software included with it. The hardlock.sys module is of greatest interest to us. Without going into details, I’ll note that this driver is responsible for interacting with the hardware dongle. It has two device objects, one of which is symbolically named DeviceFNT0. Using this object, the protected application, through the I/O manager, checks the license to use this software.
The main disadvantage of such a protection system is the ability to intercept calls to the I/O manager and emulate a hardware key. There is also the option of developing a virtual key driver, but this is a much more complex technical task than call interception.
As you know, the driver model is described in the DRIVER_OBJECT structure when the module is loaded. It stores an array of message handlers. Moreover, no one bothers you to rewrite these addresses and gain control by executing our code. Thus, it is possible to intercept and replace IRP packets by substituting license data. In other words, if you have a dump of the security key, you can pass it to a program that checks the accuracy of the license data!
To operate another method, a key dump is also required, but data substitution is carried out differently, namely in software emulation. That is, the security driver will be able to handle the virtual key in the same way as a physical one.
As already noted, the idea of interception is to overwrite IRP packet handlers. To do this, you must be able to change the fields of the DRIVER_OBJECT structure. Luckily, there is a function called IoGetDevicePointer that returns a pointer to the top of the named device stack object and a pointer to the corresponding file object. Here is a code snippet for the function that sets the hook:
UNICODE_STRING DeviceName;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
RtlInitUnicodeString(&DeviceName, lpDevice);
IoGetDeviceObjectPointer(&DeviceName, 1u, &FileObject, &DeviceObject);
Having received a pointer to the DEVICE_OBJECT structure, we have a pointer to DRIVER_OBJECT. Now let’s replace the addresses of handlers and driver unloading functions with our own:
NTSTATUS HookDevice(LPWSTR lpDevice)
gDriverObject = DeviceObject->DriverObject;
gDeviceControl = gDriverObject->MajorFunction;
gDriverObject->MajorFunction = HookDispatch;
gInternalDeviceControl = gDriverObject->MajorFunction;
gDriverObject->MajorFunction = HookDispatch;
gDriverUnload = gDriverObject->DriverUnload;
gDriverObject->DriverUnload = HookUnload;
ObfDereferenceObject(FileObject);
The last line calls the ObfDereferenceObject function, which reduces the number of references to the file object. This must be done to correctly unload the driver to avoid resource leaks and similar errors.
Since the pointer to the protection driver object is saved, to remove the trap, you just need to restore the previous IRP packet handlers:
void UnhookDevice(void)
gDriverObject->MajorFunction = gDeviceControl;
gDriverObject->MajorFunction = gInternalDeviceControl;
gDriverObject->DriverUnload = gDriverUnload;
Of course, we need to add appropriate checks for the validity of pointers and so on.
Now you need to implement the correct unloading of drivers. Since the protection system for some reason may finish its work before our driver, in order to avoid a system crash due to invalid pointers, we will process this event in the HookUnload function:
void HookUnload(PDRIVER_OBJECT DrvObj)
UnhookDevice();
gDriverUnload(DrvObj);
Here the fields of the DRIVER_OBJECT structure are restored, and control is transferred to the original code for unloading the intercepted device driver.
We do the same if our driver terminates before the protection system. You just need to release the captured resources and not call the saved gHookUnload.
How the emulator works
Knowing the basic principles of the simplest interception of IRP packets, let’s proceed to implementing only the interceptor itself for further analysis. To do this, we will create a driver object that contains a symbolic name (for example, DosDevicesHook) and entry points CREATE, CLOSE, READ.
IoCreateDevice(DriverObject, 0, &usDeviceName, FILE_DEVICE_NULL, 0, 0, &pDeviceObject);
IoCreateSymbolicLink(&usSymbolicDeviceName, &usDeviceName);
DriverObject->MajorFunction = DriverDispatch;
DriverObject->MajorFunction = DriverDispatch;
DriverObject->MajorFunction = DriverDispatch;
DriverObject->DriverUnload = DriverUnload;
This is necessary in order to work with our interceptor as a file, using the CreateFileReadFileCloseHandle functions. With this implementation of data exchange between the application and the interceptor, it is impossible to immediately send it to the user program, so it is necessary to create some structure to store the necessary data about the caught packet. For example, a singly linked list, as implemented by me. Now you need to decide what information needs to be buffered. This is general information about the package (type, flags, etc.) and, of course, buffers. You can also add interception time. When copying the contents of buffers, you need to remember their type, otherwise it will crash. Looking ahead, I’ll note that the protection driver uses buffered I/O, which simplifies the code a little.
HookDispatch code
if (idlTail->IrpData.InputLength)
{
idlTail->InputBuffer = ExAllocatePool(NonPagedPool, idlTail->IrpData.InputLength);
RtlCopyMemory(idlTail->InputBuffer, Irp->AssociatedIrp.SystemBuffer, idlTail->IrpData.InputLength);
}
if (IoSL->MajorFunction == IRP_MJ_DEVICE_CONTROL)
Status = pHookedDriverDispatch(DeviceObject, Irp);
if (idlTail->IrpData.OutputLength)
{
idlTail->OutputBuffer = ExAllocatePool(NonPagedPool, idlTail->IrpData.OutputLength);
RtlCopyMemory(idlTail->OutputBuffer, lpBuffer, idlTail->IrpData.OutputLength);
}
All that remains is to implement reading from the driver. Since the packet contains buffers whose contents are of interest, the size of the messages is not known in advance. Therefore, we proceed as follows: on the first reading we get general information about the packet and size of buffers; when repeating, we read the contents, remove the link from the list of packages and do not forget about spin locks for sequential work with data:
DriverDispatch code
Length = IoSL->Parameters.Read.Length;
if (Length == sizeof(IRP_DATA) && idlHead)
RtlCopyMemory(Irp->UserBuffer, &idlHead->IrpData, Length);
else if (idlHead && Length == (idlHead->IrpData.InputLength + idlHead->IrpData.OutputLength))
{
RtlCopyMemory(Irp->UserBuffer, idlHead->InputBuffer, idlHead->IrpData.InputLength);
RtlCopyMemory((PVOID)((ULONG)Irp->UserBuffer + idlHead->IrpData.InputLength), idlHead->OutputBuffer, idlHead->IrpData.OutputLength);
}
else if (Length == 1 && idlHead)
{
if (idlHead->InputBuffer)
ExFreePool(idlHead->InputBuffer);
if (idlHead->OutputBuffer)
ExFreePool(idlHead->OutputBuffer);
idlTemp = idlHead->ldlNext;
ExFreePool(idlHead);
idlHead = idlTemp;
if (!idlTemp)
idlTail = NULL;
}
When the interceptor is ready, we launch it first, and then the protected application with and without keys. From the received logs it becomes clear which control codes are sent and their results. You can also see that the requests and responses to two different codes (9c402450, 9c4024a0) do not change. It would seem that it is possible to build a table emulator, but after a series of launches we are convinced that this is impossible, since the contents of the buffers are different, and it is not known how it is formed.
Captured packets without a key
Intercepted packets with key
Then there are several options for further actions:
Both options give necessary information. So, it turns out that the contents of the packets are encrypted using the public symmetric algorithm AES (Advanced Encryption Standard). The logical goal is to obtain the encryption key.
But if we delve even deeper into the study of the security system design, it turns out that the hardware key has a unique number and contains all the necessary information, but software keys are required to access it.
Key dump example
Therefore, the first thing you need to do is get the key. The problem can be solved by a simple brute force:
unsigned short Key;
unsigned char RefKey, VerKey;
for (Key = 0; Key<= 0x7fff, Key++)
{
if (!HL_LOGIN(Key, 1, RefKey, VerKey))
{
HL_LOGOUT();
Break;
}
}
The HL_LOGIN, HL_LOGOUT functions are available from the HASP SDK for developers of applications protected on this platform, and have the following prototypes:
WORD HL_LOGIN(WORD ModAd, Word Access, Byte *RefKey, Byt *VerKey);
WORD HL_LOGOUT(void);
The first function is used to open a session of working with a protection key using the driver, the second one ends the session. These are prototypes of older versions of the HASP SDK, but they also work with new types of keys, since the developers have ensured backward compatibility.
The new API differs little from the old one, and this does not in any way affect the principle of brute force operation. Detailed Hasp API documentation, ready-made implementations of brute force and key dumper can be found at.
Now you have everything you need for the module to work correctly. All that remains is to implement the substitution of license information. Moreover, only some IRP packets can be intercepted. Here everything depends on the specific version of the key and the protected program.
It is better not to embed the key dump into the driver, but to load it dynamically from the registry. It is better to rely on a ready-made request interceptor, this will make it easier to debug the driver by sending intercepted/substituted packets for analysis to the user application. Basically, the interceptor logic will look like this:
NTSTATUS HookDispatch():
PIO_STACK_LOCATION Stack = Irp->Tail.Overlay.CurrentStackLocation;
ULONG IoControlCode;
if (Stack->MajorFunction == 14)
{
IoControlCode = Stack.DeviceIoControl.IoControlCode;
If (IoControlCode != 0x9c402458)
{
Return gDeviceControl(DeviceObject, Irp);
}
else
{
Encrypt(Irp->AssociatedIrp.SystemBuffer);
Crypt(Irp->AssociatedIrp.SystemBuffer, Key, DumpMemory);
}
}
Return STATUS_FAILED;
The driver request packet is encrypted, so accessing its contents requires decryption and then encryption. The question arises: what algorithm and what key was used to encrypt? Having delved into the source code from the creators of the system, you can get the following primary packet encryption algorithm:
Encrypt() code
void Encrypt(BYTE * Buffer)
{
WORD Seed = ((WORD)Buffer + 0x5e);
WORD Ver = ((WORD)Buffer + 0xba);
if (Ver)
{
for (int i = 0; i< 0xB9; i++) {
(WORD)(Buffer + i) += Seed;
Seed = (Seed >> 15) | (Seed<< 1);
Seed -= (WORD)(Buffer + i) ^ i;
}
for (int i = 0xBE; i< 0xFF; i++) {
(WORD)(Buffer + i) -= Seed;
Seed = (Seed >> 15) | (Seed<< 1);
Seed += (WORD)(Buffer + i) ^ i;
}
((WORD)Buffer + 0xba) = Seed;
}
}
It can be seen that the algorithm is much more complex than the usual shift and exclusive “or”. And here is the decryption algorithm:
Code Decrypt()
void Decrypt(BYTE* Buffer)
{
WORD Seed = ((WORD)Buffer + 0x5e);
WORD Ver = ((WORD)Buffer + 0xba);
if (Ver) (
for (int i = 0xFE; i > 0xBD; i—) (
Seed -= (WORD)(Buffer + i) ^ i;
Seed = (Seed<< 15) | (Seed >> 1);
(WORD)(Buffer + i) += Seed;
}
for (int i = 0xB8; i >= 0; i—) (
Seed += (WORD)(Buffer + i) ^ i;
Seed = (Seed<< 15) | (Seed >> 1);
(WORD)(Buffer + i) -= Seed;
}
((WORD)Buffer + 0xba) = Seed;
}
}
Then follows another stage of data conversion, more complex and completely dependent on the structure of the request. You can’t do this without a disassembler; you’ll have to delve into the bin and borrow some code from the creators. This is not easy, since the security driver code is heavily obfuscated, but it does not have a variety of tricks. It will be enough to decompile the driver not completely, but only some pieces of code.
In conclusion, I note that building a table emulator based on DeviceIoControl interception is a rather difficult task. But this emulator principle can be used at another level of interaction: to create a virtual USB bus.
This is not the only way to get rid of the security system. There are other, more advanced methods. The principles outlined in the article can also be used to analyze the operation of drivers by intercepting IRP packets. This way you can add a good tool to your kit made on your knee. Good luck!
The security of any cryptographic algorithm is determined by the cryptographic key used. Good cryptographic keys must have sufficient length and random bit values. In table 4.3 shows the key lengths of symmetric and asymmetric cryptosystems, providing the same resistance to a brute force attack (brute force attack).
To obtain keys, hardware and software are used to generate random key values. As a rule, pseudorandom number sensors (PRN) are used. However, the degree of randomness in generating numbers must be quite high. Ideal generators are devices based on “natural” random processes, for example based on white radio noise.
In a network with average security requirements, software key generators that calculate the PRSP as a complex function of the current time and (or) number entered by the user are quite acceptable.
One method for generating a session key for symmetric cryptosystems is described in the ANSI X9.17 standard. It assumes the use of the DES cryptographic algorithm (although other symmetric encryption algorithms can be used).
Designations:
E K (X) – the result of encryption of the value X by the DES algorithm;
K – key reserved for generating secret keys;
V 0 – secret 64-bit seed;
T – time stamp.
The scheme for generating a random session key R i in accordance with the ANSI X 9.17 standard is shown in Fig. 7.1. The random key R i is generated by calculating the value
R i = E K (E K (T i) Å V i).
Figure 7.1 – Scheme for generating a random key R i in accordance
with ANSI X9.17 standard
The next value V i+1 is calculated as follows:
V i+1 = E K (E K (T i) Å R i).
If a 128-bit random key is needed, generate a key pair R i , R i + 1 and combine them together.
If the key is not changed regularly, this may lead to its disclosure and information leakage. Regular key replacement can be done using the key modification procedure.
Key modification is the generation of a new key from a previous key value using a one-way (one-way) function. Participants in an information exchange share the same key and simultaneously enter its value as an argument into a one-way function, obtaining the same result. They then take specific bits from these results to create a new key value.
The key modification procedure is workable, but we must remember that the new key is secure to the same extent as the previous key was secure. If the attacker can obtain the previous key, then he will be able to perform the key modification procedure.
Key generation for asymmetric cryptosystems with public keys much more complicated, because these keys must have certain mathematical properties (they must be very large and simple, etc.).
Where is the door
Problems of protecting software from pirated distribution or protecting data from unauthorized copying inevitably arise all over the world, causing a lot of trouble for software manufacturers and custodians of confidential data. Naturally, solving these problems does not come without additional inconvenience caused to ordinary users. Currently, all methods of protecting software or data can be divided into two main groups:
One of the most effective and convenient ways protection is the use of hardware keys - small microelectronic devices, without which the program will not start and the data will not be decrypted.
The operating principle of systems that use hardware protection keys (at least externally) is approximately the same: the program accesses a certain device and in response receives a code that allows it to run a particular function or decrypt data. In the absence of a key, the program either does not function at all or works in demo mode (any functionality is disabled, data is not read, etc.). In addition, such a device itself may contain non-volatile memory in which data or code fragments are stored.
You can work with electronic “stubs” both locally and in a network version. When using a network key, there is no need to install local keys on each workplace. Licensing in in this case carried out with one key from a software server that processes requests from protected applications. For example, if a key and a driver servicing it are installed on the server (a small program servicing the key is conveniently registered in Windows NT/2000/XP as a service launched at boot, and in Windows 95/98/Me as a resident program), then any remote the program can request a license from the server and only if it is received, continue to work. The number of licenses for each key can be specifically set, and depending on how many simultaneously running copies the program you purchased is designed for, it will either start or not. In this case, the distribution of licenses, as a rule, is carried out according to a simple principle: “one computer - one license.” This means that if several copies of an application are running on a particular computer, then only one license will be allocated for this. Thus, there is a limitation on the number of workstations from which the program can be used simultaneously.
The undoubted advantages of this protection method include its simplicity and reliability. In addition, such protection will immediately deter inexperienced users from unauthorized actions. The disadvantage of such a system is the need to install special drivers for the key along with the program, and take care of the key itself and, if necessary, carry it with you. In addition, additional restrictions on this type of protection may be imposed by the presence or absence of the required port or smart card reader, as well as possible hardware problems with interaction with other devices that use the same port for their operation.
Naturally, you should protect your program or data in this way only if their cost (or intangible value) is comparable to the price of a hardware protection key (even the most primitive similar key for a parallel port costs about $10).
In addition, the truth of life is that it is basically impossible to talk about absolute protection with any approach. And in order for the application to be impossible to hack, it would be necessary to completely exclude any access to it. Therefore, the degree of security must be adequate to the threat. As common sense dictates, the more difficult it is to access an application or data, the less convenient it is to work with. A well-built security system can withstand hacking at the level to which it can be susceptible, and no more.
An electronic key is a device designed to protect programs and data from unauthorized use, copying and replication. It is, as a rule, a small microelectronic device that has two connectors: one of them is designed to connect to a parallel or serial port of a computer, and the other is used to connect a printer, modem or other devices that work with this port. In this case, the key should not affect the operation of the port and should be completely “transparent” to devices connected through it (that is, it should not interfere with their normal operation). There are, however, other types of keys for different ports and in different designs (internal, external, in the form of a key fob, in the form of a PCMCIA or smart card, etc.). Keys can operate in cascade, when several keys, including different types, are simultaneously connected to one port. The protocol for exchanging data between the key and the port is usually dynamically changed, encoded and “noisy” to protect against emulation.
Many modern types keys are equipped with electrically programmable non-volatile memory. Typically, the dongle does not have built-in power sources, is completely passive and retains the information recorded in it when disconnected from the computer. However, modifications with a built-in clock and autonomous battery power, which allows you to build various models sales, rental, leasing and licensing of protected software. The intellectual and physical capabilities of the key are largely determined by the base on which the key is made.
Based on hardware modern keys can be divided into the following types:
In terms of their external design, the most popular are keys produced in the form of key fobs for connecting to USB ports.
Additional information on the design and operation of protection keys can be found on the Russian Web site (http://www.aladdin.ru/) of Aladdin Knowledge Systems (http://www.aks.com/), the developer of the HASP protection system.
How can you protect an application using an electronic key?
Such a key can provide several levels and methods of protecting programs and data. The simplest method is automatic protection, when a key is attached to ready-made programs using a special utility in just a few mouse clicks. However, an auto-protection module implemented into a program cannot form a single whole with it, so there is a danger that a hacker will be able to separate the auto-protection module and the application.
More complex methods are based on the use of a specialized API, which is supplied by manufacturers of electronic keys to developers of protected software. The functions of this API are designed to perform various operations for the interaction of a program with a key: search the required code, reading/writing dongle memory, running dongle hardware algorithms and converting application code and data using them.
For additional control over software distribution, electronic keys provide for the storage of unique numbers - this can be both the user registration number and the software version number. Moreover, the security system can be built in such a way that only those applications whose version numbers do not exceed the value recorded in the key can work with this key, and using remote programming, new information can be written to this field, which will ensure that only legal, registered users are updated.
In addition, keys can impose various restrictions on the use of protected applications, as a result of which you can limit the time you use programs or data, as well as the number of times an application or module is launched. To do this, a special counter is organized in the dongle's memory, the value of which can decrease either at certain intervals or each time the application is launched. In this way, you can deliver demo or limited versions of applications, and as you pay or change the terms of the contract, you can remove restrictions through remote key programming.
Http://glasha.zap.to/ HASP key emulators are offered to everyone).
So what if we're talking about about software, then to combat piracy it is much more effective to establish good service technical support, and keep secret data in a safe...
ComputerPress 3"2002
To combat computer piracy, along with special software, hardware and software are also used. They are based on the use of electronic devices connected either to the internal bus of the computer or to its external connectors. If we evaluate the degree of reliability of protection by the amount of labor required to “break” it, then hardware and software are “stronger” than pure software.
Indeed, to reveal such a defense, it is not enough to unravel the tricks in the program. It is necessary to restore the protocols and content of the exchange of programs with additional equipment. Solving these problems usually requires the use of special hardware such as logic analyzers.
Electronic key is a compact device that connects to the parallel or serial ports of a computer and does not affect the interaction of the computer with external devices. The idea of protection using an electronic key is to use a special algorithm for interacting with the key in the protected program, which does not allow the program to be executed without it. In this case, each copy of the program is supplied with an electronic key. Criteria for assessing the quality of an electronic key: the key must be some kind of function generator, and not just a memory for constants; the key must be made on the basis of a custom integrated circuit, which excludes the possibility of its legal reproduction.
Electronic keys can be used to solve the following tasks:
1. Programs are protected in two ways. The first method (let's call it manual) consists of the developer himself integrating fragments into his program that interact with the electronic key. The second method is based on automatic switching on into a protected exchange file with a key. In this case, a special program supplied with the key automatically processes executable files in such a way that they become inoperable without the key. Advantage automatic protection before manual is almost zero labor intensity of this procedure. In addition, the automatic protection program is created by highly qualified specialists, which ensures its greater reliability.
2. Data protection from disclosure of the information contained in it is achieved through encryption. There are enough effective methods encryption, such as the DES algorithm. However, the security of encryption cannot be higher than the secure storage and transmission of the encryption key. In this case, the encryption key does not need to be remembered or written down and, which is very important, does not need to be entered into the computer from the keyboard. Data stored on a computer can only be decrypted if the key is available. In addition, to increase reliability, the encryption/decryption program itself can be protected using the same key.
3. Protecting your computer from unauthorized persons involves downloading operating system only for authorized users, as well as ensuring that each user has access only to allocated resources, which may include logical drives, directories and individual files. The implementation of such protection is related to user identification. Electronic keys can be used for this. In this case, two approaches are possible.
The first approach assumes that each authorized user has a unique electronic key at his disposal. User recognition is carried out without entering any passwords after connecting the key to the connector. In this case, it can be argued that the key to the user's secrets is kept in their pocket. But, if the computer is used in an organization, then the administration, as a rule, wants to have access to all files and control the work of all users. To do this, you must have at least two identical sets of keys, with one set kept by the head of the organization.
The second approach reduces the cost of protection by using only one key for all users. The key is managed by the system administrator appointed by the organization's management. The operating system can only be loaded when the dongle is connected. User identification is carried out by entering passwords.
Self-test questions
Data integrity refers to a system of Microsoft Access rules that allows, when one object is changed, to automatically change all related objects and provide protection against accidental deletion or modification of related data.
The list of values can be specified either by a fixed set of values that are entered by the user when the field is created, or by a list of values from a reference table or query.
Index is a Microsoft Access tool that speeds up searching and sorting in a table. The key field of the table is indexed automatically. You cannot create indexes on MEMO and Hyperlink fields or OLE object fields.
A unique index is an index defined for the Indexed field property with the value "Yes (No matches allowed)". In this case, it becomes impossible to enter duplicate values into the indexed field. A unique index is created automatically for key fields.
