Pages

Friday, December 24, 2010

Windows could not start because the following file is missing or corrupt \windows\SYSTEM32\CONFIG\SYSTEM

Three days ago, a friend asked me to recover his laptop (winXP) from the following error which always appeared during booting:
Windows could not start because the following file is missing or corrupt \windows\SYSTEM32\CONFIG\SYSTEM

The solution is straightforward from Microsoft website (http://support.microsoft.com/kb/307545). In brief:
The first step is to gain access to windows OS by replacing the broken registry file with the default registry file (windows installation CD is required). The second step is to copy the latest system restore registry file (hopefully your system restore is enabled) to replace the default registry file.

To be more detail, those steps are done as follow:

  1. boot using the WinXP installation CD, select repair

  2. after entering the command prompt, manually copy (overwrite) the registry file (SYSTEM, SOFTWARE, SAM, SECURITY, DEFAULT) from C:\WINDOWS\REPAIR\ to C:\WINDOWS\SYSTEM32\CONFIG\ (you might want to backup the original files)

  3. restart to save mode.

  4. gain access to System Volume Information folder (http://support.microsoft.com/kb/309531/), inside the folder, find sub folder with name _restore {GUID}\RPx\snapshot. For example: C:\System Volume Information\_restore{D86480E3-73EF-47BC-A0EB-A81BE6EE3ED8}\RP1\Snapshot

  5. copy the following files from the Snapshot folder to any other folders: _REGISTRY_USER_.DEFAULT, _REGISTRY_MACHINE_SECURITY, _REGISTRY_MACHINE_SOFTWARE, _REGISTRY_MACHINE_SYSTEM, _REGISTRY_MACHINE_SAM. Rename each of the files to DEFAULT, SECURITY, SOFTWARE, SYSTEM, SAM, respectively.

  6. boot using WinXP installation CD, select repair

  7. after entering the command prompt, manually copy (overwrite) the file from step (5) to C:\WINDOWS\SYSTEM32\CONFIG\

  8. restart.

  9. finish, or according to the microsoft website, you should try to restore the setting to previous restore point (Start, All Programs, Accessories, System Tools, System Restore, Restore to a previous restore point).


That's all :)

Tuesday, June 29, 2010

Colored ls in MacOSX terminal

To have a colored ls in MacOSX terminal:
  1. edit or create ~/.profile
  2. add line:
    export CLICOLOR=1

That's all :)

Friday, February 12, 2010

Emulating HASP HL Basic

About a month ago, I was asked to remove the protection of a software (it looks like the software is specially developed --not for public sale) which is using usb key to protect the unauthorized execution.

First of all, I would like to give credit to the reverse engineering team board, even though I never post any message there, but their board contains invaluable information to help me complete this task. Please notice that I share this information only for educational purpose and only as a note for myself. If you have trouble, please don't ask me. Go to the board instead. :)

Gladly, the usb key type is HASP HL Basic, which is simpler to emulate. Here is the step I've done to successfully emulate the usb key:
  1. Get the password-1 and password-2 of the usb key
    Tool required: hasploger
    Plug the usb key and run hasploger. Then, execute the protected software. Hasploger will be able to get the password-1 and password-2 of the usb key.
  2. Dump the usb key (password-1 and password-2 from step (1) are required)
    Tool required: h5dmp
    The size of the dump file is 719 bytes (hasp.dmp)
  3. Create dummy memory file
    Tool required: any, notepad text editor is also possible
    Since hasp HL Basic does not contain memory, create file with any content with size 112 bytes (hhl_mem.dmp)
  4. Convert the dump file from step (2) and (3) to registry file to be used by emulator
    Tool required: UniDumpToReg
  5. Install emulation
    Tool required: I am using multikey_19.0.2-x86 to emulate the key in vista (32bit). While in XP I am using vbus_0.15.4.
    By using the example of registry file from multikey/vbus, modify the registry file from step (4). Then, install the registry and the emulation tool.
  6. Done.

All of the tools are available freely in the internet, however, it takes time to find.

That's all :)

Update #1 (2010/11/03)
I've just realized that I miss-typed when I checked my files,the correct multikey file that I was using is multikey_18.0.2-x86. Probably there's a new update now since it had been months.

That's all :)