View Full Version : Key-Lok II dongle on Linux program

November 8th, 2008, 01:09
I have been reading everything I can find regarding Key-Lok dongles, but I'm finding too much of it to be over my head. I'm scared to death to ask for too much help as I know what response that can elicit

So let me start by asking if what I want to do would even be possible:

The program runs on Linux and I have bought and paid for it legitimately. I have the dongle and everything works fine.

The protection is in the form of a counter. After x uses, you have to buy another dongle. I don't know how much is appropriate and/or allowed to be revealed about the software so I'll stop there and if more info is needed I'll provide it as asked.

If my understanding of the dongle is correct, the 3 dongle validate codes should be able to be obtained in the software, which can then be entered into SAB's keycalc.exe to obtain the rest of the codes unlocking read and write capabilities to the dongle memory. With this info and the SDK, I should be able to change the number of remaining uses on the counter... ?

Nothing I've read addresses attacking the dongle in this fashion, so I'm looking for some confirmation that it could be done. If so, I'd be grateful for guidance on how, or at least how I can learn to do it myself.


November 8th, 2008, 16:34
Take a look at this zip file: it has a link, a PDF, and the keycalc tool that you already mentioned.


The PDF outlines the function calls, which should help a lot with finding your key codes. If you happen to have the SDK, (I'm collecting SDK's for every dongle type) if you don't mind sending it to me I would appreciate it.

Basic plan of attack would seem to be:
First, determine if it's Keylok I or Keylok II, so you can get your functions right.
Next, debug process with dongle attached, and sniff out the key codes. (This should be very easy, as it will always be following some sort of IO call and it is almost always loaded onto the stack/registers)

At this point I would DISCONNECT the dongle for the rest of cracking, if you plan to emulate it with code.

If not I would stop running the program, as it seems that you can only run it a limited number of times with the dongle? And work with only the SDK and the dongle.

After you have recovered the dongle ID/dongle passwords you are pretty much golden with any dongle protection.

November 8th, 2008, 16:52
Thank you for the info. I do have the Key-Lok II and the SDK in hand. Where can I upload it for you?

btw, the SDK comes with software to write to the dongle memory. That's where I'm hoping to break this. If I can access just that part of the dongle I should be able to reset the counter at will. Creating an emulator is a little over my head, but if it was a windows machine I might try it. This is for Linux, which I know nothing about.

November 9th, 2008, 02:06
@root2020: you have SDK for Linux or Win?

November 9th, 2008, 03:47
[Originally Posted by FoxB;77662]@root2020: you have SDK for Linux or Win?

It includes windows binaries for all the regular stuff IE the read/write dongle tool, but has sample code for every language and all docs are PDF with a linux and windows 'quick start' guide/section.

March 18th, 2009, 15:15
i too have an application which runs on redhat linux 9, The protection is in the form of a counter. After x uses, you have to buy another dongle, i tried debugging the application in IDA pro using keylok signature but no luck, in IDA Strings shows "73e8466570a9e2300eeff2.MicroComputers Applications Inc" ...

please any one knows how to reset help me