Beruflich Dokumente
Kultur Dokumente
Manual of MultiKey
with changes to the multikey 0.19.1.9 inclusive
*** General
******************************************************************************
********************************
"Name" = "xxx"
"Copyright" = "xxx"
"Created" = "xxx"
"DongleType" = dword: 0000000x - key type
1 - HASP (3,4, HL, SRM)
2 - HARDLOCK
3 - SENTINEL (spro, upro)
4 - GUARDANT (I, II)
5 - DINKEY
"License" = hex: xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx, xx
To obtain a license under x32 systems use the online form on the site of generation
http://testprotect.com/appendix/LicMkOnline
******************************************************************************
**************************************************
// FF -?
= TIME dongles =
For the time HASP keys are added to the field, for example:
"NetMemory" = hex: 05,00,80,00,02, FF, 00,00, FF, FF, FD, FF
"HaspTimeMemory" = hex: \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 \
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 \
3f, db, 95,7d, 00,00,00,00,00,00,00,00,00,00,00,00, \
00,00,00,00,00,00,00,00
"TimeShift" = hex: 00,00,00,00,00,00,00,00
where: 3f, db, 95,7d - the serial number of a recorded key byte
= HL encrypt / decrypt =
The table-emulated function hasp_decrypt + hasp_encrypt, in the absence of values in the tables
values are processed by the Inland AES agoritmu. If necessary, change the default
AES key algorithm to make reg file its value:
"AesKey" = hex: 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
The tables are located in the main location of the dump podvetkah:
Decrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \
12345604 \ DTable];
Encrypt: [HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ MultiKey \ Dumps \
12345604 \ ETable].
The format of entries in the tables for multikeya version <18.1 (all values are hexadecimal):
"10: 00112233445566778899AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00
"20: 00112233445566778899AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00
"30: 00112233445566778899AABBCCDDEEFF" = hex: FF, EE, DD, CC, BB, AA,
99,88,77,66,55,44,33,22,11,00
**************************************************
***************************************
!!! for multikeya version> = 18.1 in the names of queries 20h and 30h should take 32 bytes
request !!!
"10: 0123456789ABCDEF0123456789ABCDEF" = hex: 12,34,56,78,90, AB, CD, EF,
12,34,56,78,90, AB, CD, EF
"20:5500A934CDE5D7B619568515F74D323695EC75E8C48F6B5D9880F6A88B251C48"=he
x:4F,8A,A7,A1,26,55,61,B3,1A,77,B4,A2,19,B3,34,FD
"30:9A2B6F7F80A2F2E36334D3258BAFD06FBB7286766A24910911648D98D8C56628"=he
x:12,71,B7,B5,3D,47,B4,2B,DC,93,4F,00,00,1C,2C,4E
**************************************************
***************************************
where
- "10: 00112233445566778899AABBCCDDEEFF" - a request to the key
"10 (20.30)" - request length in bytes
"00112233445566778899AABBCCDDEEFF" - the first 16 bytes of the request
- Hex: FF, EE, DD, CC, BB, AA, 99,88,77,66,55,44,33,22,11,00 - answer key, taken only
the first 16 bytes of the actual response.
For example:
================================================== ================
2008/10/10 07: 13: 25.109 <== HaspHL_decrypt: Length = 0x10
2008/10/10 07: 13: 25.109 <== HaspHL_decrypt: Input Data =
2008/10/10 07: 13: 25,109
2A E1 F0 A2 | E1 B2 F1 F9 | 9F C8 72 F6 | CA 4B 01 49
2008/10/10 07: 13: 25.171 ==> HaspHL_decrypt: Output Data =
2008/10/10 07: 13: 25,171
9D 4D 03 53 | 00 00 00 00 | CB D2 6B 04 | 00 00 00 00
2008/10/10 07: 13: 25.171 ==> HaspHL_decrypt: Status = 0x00
================================================== ================
2008/10/10 07: 13: 23.484 <== HaspHL_decrypt: Length = 0x20
2008/10/10 07: 13: 23.484 <== HaspHL_decrypt: Input Data =
= SRM =
To emulate addition SRM HL key data like more data are needed.
In looking for is this private information.
//
// List of supported functions for hasp key
//
enum KEY_FN_LIST {
// HL
KEY_FN_SET_CHIPER_KEYS = 0x80,
KEY_FN_CHECK_PASS = 0x81,
KEY_FN_READ_3WORDS = 0x82,
KEY_FN_WRITE_WORD = 0x83,
KEY_FN_READ_ST = 0x84,
KEY_FN_READ_NETMEMORY_3WORDS = 0x8B,
KEY_FN_HASH_DWORD = 0x98,
KEY_FN_GET_TIME = 0x9C, // Get time (for HASP time) key
KEY_FN_PREPARE_CHANGE_TIME = 0x1D, // Prepare to change time (for HASP time)
KEY_FN_COMPLETE_WRITE_TIME = 0x9D, // Write time (complete) (for HASP time)
KEY_FN_PREPARE_DECRYPT = 0x1E, // qwestions
KEY_FN_COMPLETE_DECRYPT = 0x9E, // answers
KEY_FN_ECHO_REQUEST = 0xA0, // Echo request to key
KEY_FN_ECHO_REQUEST2 = 0xA1, // Echo request to key
// srm
KEY_FN_SRM_A2 = 0xA2, // read the table of features
KEY_FN_SRM_26 = 0x26, // 26 / A6 - reading values key features and memory
KEY_FN_SRM_A6 = 0xA6, //
KEY_FN_SRM_AA = 0xAA, // log into the key
KEY_FN_SRM_AB = 0xAB, // logout key
KEY_FN_SRM_AC = 0xAC, // hasp_get_rtc - getting time with key
KEY_FN_SRM_AE = 0xAE, // xs, like there was a 3.25
KEY_FN_SRM_27 = 0x27, // 27 / A7 - write to memory key
KEY_FN_SRM_A7 = 0xA7, //
KEY_FN_SRM_29 = 0x29, // 29 / A9 - crypt dekript
KEY_FN_SRM_A9 = 0xA9, //
KEY_FN_SRM_28 = 0x28, // 28 / A8 - reading without key encryption protocol signed (update)
KEY_FN_SRM_A8 = 0xA8, //
KEY_FN_SRM_38 = 0x38, // 38 / B8 - key update and stitching
KEY_FN_SRM_B8 = 0xB8 //
};
******************************************************************************
**************************************************
*** HARDLOCK
******************************************************************************
************************************
//
// List of supported functions for HARDLOCK key
//
enum HARDLOCK_KEY_FN_LIST {
HDK_KEY_FN_SET_CHIPER_KEYS = 0x80,
HDK_KEY_FN_CHECK_PASS = 0x81,
HDK_KEY_FN_READ_WORD = 0x82,
HDK_KEY_FN_WRITE_WORD = 0x83,
HDK_KEY_FN_HL_VERKEY = 0x87,
HDK_KEY_FN_READ_ID = 0x8B,
HDK_KEY_FN_HL_CODE = 0x8C,
HDK_KEY_FN_HL_CRYPT = 0x8D,
HDK_KEY_FN_HL_CODE_PAR = 0x0C,
HDK_KEY_FN_HL_CRYPT_PAR = 0x0D,
HDK_KEY_FN_HL_CALC = 0x89
};
******************************************************************************
**************************************************
*** SENTINEL
******************************************************************************
************************************
//
// List of supported functions for Sentinel key
//
enum SENT_KEY_FN_LIST {
SENT_KEY_FN_FIND_FIRST_UNIT = 0x10,
SENT_KEY_FN_READ = 0x11,
SENT_KEY_FN_QUERY_SHORT = 0x12,
SENT_KEY_FN_QUERY_LONG = 0x13,
SENT_KEY_FN_WRITE_0 = 0x14,
SENT_KEY_FN_WRITE_1 = 0x15,
SENT_KEY_FN_WRITE_2 = 0x16,
SENT_KEY_FN_WRITE_3 = 0x17,
SENT_KEY_FN_OVERWRITE_0 = 0x18,
SENT_KEY_FN_OVERWRITE_1 = 0x19,
SENT_KEY_FN_OVERWRITE_2 = 0x1A,
SENT_KEY_FN_OVERWRITE_3 = 0x1B,
SENT_KEY_FN_ACTIVATE = 0x1C,
SENT_KEY_FN_DECREMENT = 0x1D,
SENT_KEY_FN_GET_KEYINFO = 0x00,
SENT_KEY_FN_SET_PARAMETER = 0x03,
SENT_KEY_FN_GET_PARAMETER = 0x02,
USENT_KEY_FN_GET_LOGIN = 0x05, // for ULTRA and new SPRO
USENT_KEY_FN_LOGIN_21 = 0x21,
USENT_KEY_FN_AES_TUNNEL = 0x07,
USENT_KEY_FN_2F = 0x2F
};
******************************************************************************
**************************************************
*** GUARDANT
******************************************************************************
************************************
Request transforms more than 8 bytes, the query name in the registry take only the first 8 bytes, a
full written response.
******************************************************************************
**************************************************
*** DINKEY
******************************************************************************
**************************************