HASP SRM

HASP is an acronym for Hardware Against Software Piracy, and is generally employed for software copy protection. This software DRM (Digital Rights Management) technique can be used by software vendors to protect their copyrighted software from piracy and therefore secure their intellectual property assets. I had a chance to use HASP SRM solution from Aladdin Knowledge Systems (AKS, an Israeli security vendor which is acquired by SafeNet – one of the largest suppliers of encryption technology to the United States Government).

Vendor suite introduction

Aladdin’s software suite has a number of tools, for example the HASP SRM Envelope which wraps the application with a protective shield which incorporates anti-reverse engineering, file encryption, code obfuscation, system-level anti-debugging, and automatic licensing. There is also HASP SRM Business Studio and Business Studio Server which give a single centralized system for management of the licences and protection keys.

To protect the software, I have used hardware based protection keys (HASP HL), which come in the form of dongles. Dongles are USB plugs with a little more EPROM than usual and custom ASIC coated in epoxy to prevent tampering. The idea behind a dongle protection is that the developer is issuing checks against return values obtained from the dongle, either by reading directly from its memory or using some internal algorithm. Aladdin’s hardware keys implement full on-chip AES encryption. With a symmetric encryption system such as AES all of the security rests in the secrecy of the actual key, AES has thus far proven itself very resistant indeed to any known attacks aimed at recovering the key,  and this implies that HASP-HL itself ought to be very secure as well.

Vendor keys

I’ve been provided with two HASP SRM Vendor Keys:

  1. Master key – used for licence production (it is connected to the Business Studio Server machine)
  2. Developer key – used to protect programs

I used the Cross-Locking technology which enabled a protected application to work with a HASP HL key, since I only wanted to employ the copy protection.

Roles

The HASP SRM system is role-based, I will briefly describe some of them:

  • Product Manager determines the product components to be protected (called Features).
  • Development role is for protecting the software using the HASP SRM Envelope
  • Order Management role is for defining and managing customer orders
  • Production role is for producing customer orders

Steps to protect the software

The steps to copy protect the application are enumerated:

  • Install the software (HASP SRM Business Studio Server and Vendor Suite)

I have choosen to install the software on a VirtualBox machine, and I encountered a problem – while starting the installation of HASP SRM, the machine (Windows XP SP3) would just go to blue screen of death and restart. To resolve the problem I had to have a VT-x capable processor, that is to support hardware virtualization, which I luckily enough had:

$ grep vmx /proc/cpuinfo
 flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm ida tpr_shadow vnmi flexpriority
 flags           : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 xsave lahf_lm ida tpr_shadow vnmi flexpriority

But to get it to work, I did had to enable these virtualization extensions through my BIOS first, and then for the VirtualBox machine.

  • Launch HASP SRM Vendor Suite and introduce two Vendor keys to the system
  • Define Features in Business Studio (a Feature is an identifiable functionality of a software application that can be independently licensed).
  • Use Envelope in Work Offline mode to apply protection to my application. Prior to protecting the .exe I had to select my Vendor Code, and add a few required assemblies for my application to a folder, and include that folder in assembly path in Envelope, or otherwise I would get errors complaining that some DLLs are missing.
  • Define a Product in Business Studio (Manage Products) with a perpetual license.
  • Define and produce Orders in Business Studio (Manage Orders), for previously defined products, and lock its license to the HASP HL protection key. The Orders are produced for a specific customer that has to be created in the system. In this section I have also burned the data to HASP HL key. If I hadn’t burned the key and tried to run the application with the key pluged in, I would get the “Feature not found (H0031)” error.
  • As an end-user I have tested everything: copied the protected binary over the unprotected one, installed the drivers for HASP HL protection keys (otherwise it would print an error message “Unable to access HASP SRM Run-time Environment (H0033)“), and tested it with the wrong key (error message was “Feature not found (H0031)”), without the key (it showed an error message that I have defined), and with the key with success.

Comments are closed.