securing the global village

Securing the

Global

Vil lage

Programmer's Guide

Version 12

Programmer's Guide

COPYRIGHTS AND TRADEMARKSThe HASP® system and its documentation are copyrighted (C) 1985 to present by Aladdin Knowledge Systems Ltd. All rights reserved.

HASP®, MacHASP® and MemoHASP® are registered trademarks of Aladdin Knowledge Systems Ltd.

NetHASP�, TimeHASP�, HASP36�, MemoHASP36�, NetHASP36�, USBHasp�, and AladdinCARD� are trademarks of Aladdin Knowledge Systems Ltd.

All other trademarks, brands, and product names used in this guide are trademarks of their respective owners.

HASP4 Programmer’s Guide i

LIMITED WARRANTY, LIMITATION OF REMEDIES AND LIABILITY

Aladdin Knowledge Systems Ltd. (�Aladdin�) warrants for a period of twelve (12) months after date of purchase its software and the HASP® key as set forth in the Developer's License Agreement.

Aladdin's sole obligation in the event of a breach of this warranty, and the limitation on its liability for damages to any party, are as set forth in the Developer's License Agreement.

EXCEPT AS STATED ABOVE, THERE IS NO OTHER WARRANTY, EXPRESSED OR IMPLIED, REGARDING ALADDIN'S PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

All attempts have been made to make the information in this document complete and accurate. Aladdin is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions. The specifications in this document are subject to change without notice.

ii © Aladdin Knowledge Systems, 2003

ALADDIN KNOWLEDGE SYSTEMS LTD. DEVELOPER'S LICENSE AGREEMENT

IMPORTANT INFORMATION - PLEASE READ THIS AGREEMENT CAREFULLY BEFORE OPENING THE PACKAGE AND/OR USING THE CONTENTS THEREOF AND/OR BEFORE DOWNLOADING OR INSTALLING THE SOFTWARE PROGRAM. ALL ORDERS FOR AND USE OF THE HASP PRODUCTS (including without limitation, the Developer's Kit, libraries, utilities, diskettes, CD_ROM, HASP® keys, the software component of Aladdin's HASP and the Developer's Guides) (hereinafter "Product") SUPPLIED BY ALADDIN KNOWLEDGE SYSTEMS LTD. (or any of its affiliates - either of them referred to as "ALADDIN") ARE AND SHALL BE, SUBJECT TO THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT.

BY OPENING THE PACKAGE CONTAINING THE PRODUCTS AND/OR BY DOWNLOADING THE SOFTWARE (as defined hereunder) AND/OR BY INSTALLING THE SOFTWARE ON YOUR COMPUTER AND/OR BY USING THE PRODUCT, YOU ARE ACCEPTING THIS AGREEMENT AND AGREEING TO BE BOUND BY ITS TERMS AND CONDITIONS.

IF YOU DO NOT AGREE TO THIS AGREEMENT OR ARE NOT WILLING TO BE BOUND BY IT, DO NOT OPEN THE PACKAGE AND/OR DOWNLOAD AND/OR INSTALL THE SOFTWARE AND PROMPTLY (at least within 7 days from the date you received this package) RETURN THE PRODUCTS TO ALADDIN, ERASE THE SOFTWARE, AND ANY PART THEREOF, FROM YOUR COMPUTER AND DO NOT USE IT IN ANY MANNER WHATSOEVER. UPON RETURNING THE PRODUCT WITH A COPY OF THE SALES RECIPT TO ALADDIN YOU WILL RECEIVE A REFUND.

HASP4 Programmer’s Guide iii

1. Title & Ownership THIS IS A LICENSE AGREEMENT AND NOT AN AGREEMENT FOR SALE. The software component of Aladdin's HASP Product Development Kit, including any revisions, corrections, modifications, enhancements, updates and/or upgrades thereto, (hereinafter in whole or any part thereof defined as: "Software"), and the related documentation, ARE NOT FOR SALE and are and shall remain in Aladdin's sole property. All intellectual property rights (including, without limitation, copyrights, trade secrets, trademarks, etc.) evidenced by or embodied in and/or attached/connected/related to the Product, (including, without limitation, the Software code and the work product performed in accordance with Section 2 hereunder) are and shall be owned solely by Aladdin. This License Agreement does not convey to you an interest in or to the Software but only a limited right of use revocable in accordance with the terms of this License Agreement. Nothing in this Agreement constitutes a waiver of Aladdin's intellectual property rights under any law.

2. LicenseSubject to payment of applicable license fees, Aladdin hereby grants to you, and you accept, a personal, non exclusive and fully revocable limited License to use the Software, in executable form only, as described in the Software accompanying user documentation and only according to the terms of this Agreement:

(i) you may install the Software and use it on computers located in your place of business, as described in Aladdin's related documentation;

(ii) you may merge and link the Software into your computer programs for the sole purpose described in the Developer's Guide; however, any portion of the Software merged into another computer program shall be deemed as derivative work and will continue to be subject to the terms of this Agreement; and

iv © Aladdin Knowledge Systems, 2003

(iii) you are permitted to make a reasonable number of copies - but not more than three (3) - of the Software solely for development and backup purposes. The Software shall not be used for any other purposes.

3. Sub-Licensing After merging the Software in your computer program(s) according to section 2 above, you may sub-license, pursuant to the terms of this Agreement, the merged Software and resell the hardware components of the HASP® keys which you purchased from Aladdin, to distributors and/or users. Preceding such a sale and sub-licensing, you shall incorporate by reference in your contracts with such distributors and/or users, and otherwise provide for all distributors and/or users to be bound by, the warranties, disclaimers, and license terms specified by Aladdin in this Agreement.

4. Prohibited UsesExcept as specifically permitted in Sections 1, 2 and 3 above, you agree not to

(i) use, modify, merge or sub-license the Software or any other of Aladdin's products except as expressly authorized in this Agreement and in the Developer's Guide; and

(ii) sell, license (or sub-license), lease, assign, transfer, pledge, or share your rights under this License with/to anyone else; and

(iii) modify, disassemble, decompile, reverse engineer, revise or enhance the Software or attempt to discover the Software's source code; and

(iv) place the Software onto a server so that it is accessible via a public network; and

HASP4 Programmer’s Guide v

(v) use any back-up or archival copies of the Software (or allow someone else to use such copies) for any purpose other than to replace an original copy if it is destroyed or becomes defective. If you are a member of the European Union, this agreement does not affect your rights under any legislation implementing the EC Council Directive on the Legal Protection of Computer Programs. If you seek any information within the meaning of that Directive you should initially approach Aladdin.

5. Limited WarrantyAladdin warrants, for your benefit alone, that

(i) the Software, when and as delivered to you, and for a period of three (3) months after the date of delivery to you, will perform in substantial compliance with the Developer's Guide, provided that it is used on the computer hardware and with the operating system for which it was designed; and

(ii) that the HASP® key, for a period of twelve (12) months after the date of delivery to you, will be substantially free from significant defects in materials and workmanship.

6. Warranty Disclaimer ALADDIN DOES NOT WARRANT THAT ANY OF ITS PRODUCT(S) WILL MEET YOUR REQUIRMENTS OR THAT ITS OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE. TO THE EXTENT ALLOWED BY LAW, ALADDIN EXPRESSLY DISCLAIMS ALL EXPRESS WARRANTIES NOT STATED HERE AND ALL IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NO ALADDIN'S DEALER, DISTRIBUTOR, RESELLER, AGENT OR EMPLOYEE IS AUTHORIZED TO MAKE ANY MODIFICATIONS, EXTENSIONS, OR ADDITIONS TO THIS WARRANTY. If any modifications are made to the Software or to any other part of the Product by you during the warranty period; if the media and the HASP® key is subjected to

vi © Aladdin Knowledge Systems, 2003

accident, abuse, or improper use; or if you violate any of the terms of this Agreement, then the warranty in Section 5 above, shall immediately be terminated. The warranty shall not apply if the Software is used on or in conjunction with hardware or program other than the unmodified version of hardware and program with which the Software was designed to be used as described in the Developer's Guide.

7. Limitation of RemediesIn the event of a breach of the warranty set forth above, Aladdin's sole obligation shall be, at Aladdin's sole discretion:

(i) to replace or repair the Product, or component thereof, that does not meet the foregoing limited warranty, free of charge;

(ii) to refund the price paid by you for the Product, or component thereof. Any replacement or repaired component will be warranted for the remainder of the original warranty period or 30 days, whichever is longer. Warranty claims must be made in writing during the warranty period and within seven (7) days of the observation of the defect accompanied by evidence satisfactory to Aladdin. All Products should be returned to the distributor from which they were purchased (if not purchased directly from Aladdin) and shall be shipped by the returning party with freight and insurance paid. The Product or component thereof must be returned with a copy of your receipt.

8. Exclusion Of Consequential DamagesThe parties acknowledge, that the Product is inherently complex and may not be completely free of errors. ALADDIN SHALL NOT BE LIABLE (WHETHER UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE) TO YOU, OR ANY THIRD PARTY (INCLUDING, WITHOUT LIMITATION, YOUR DISTRIBUTORS AND USERS OF YOUR SOFTWARE PROGRAM) FOR ANY LOSS OR DAMAGE (INCLUDING INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES), INCLUDING, WITHOUT LIMITATION, ANY LOSS OR DAMAGE TO BUSINESS

HASP4 Programmer’s Guide vii

EARNINGS, LOST PROFITS OR GOODWILL AND LOST OR DAMAGED DATA OR DOCUMENTATION, SUFFERED BY ANY PERSON, ARISING FROM AND/OR RELATED WITH AND/OR CONNECTED TO ANY USE OF THE SOFTWARE AND/OR ANY COMPONENT OF THE PRODUCT, EVEN IF ALADDIN IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

9. Limitation Of LiabilityIN THE EVENT THAT, NOTWITHSTANDING THE TERMS OF THIS AGREEMENT, ALADDIN IS FOUND LIABLE FOR DAMAGES BASED ON ANY DEFECT OR NONCONFORMITY OF ITS PRODUCT(S), ITS TOTAL LIABILITY FOR EACH DEFECTIVE PRODUCT SHALL NOT EXCEED THE PRICE PAID TO ALADDIN FOR SUCH DEFECTIVE PRODUCT.

10. No Other WarrantiesExcept as specifically provided herein, Aladdin makes no warranty or representation, either express or implied, with respect to its products as described in the preamble of this agreement, including its quality, performance, merchantability or fitness for a particular purpose.

11. TerminationYour failure to comply with the terms of this Agreement shall terminate your license and this Agreement. Upon termination of this License Agreement by Aladdin:

(i) the License granted to you in this Agreement shall expire and you, upon termination, shall discontinue all further use (including without limitation sub-licensing) of the Software and other licensed Product(s); and

viii © Aladdin Knowledge Systems, 2003

(ii) you shall promptly return to Aladdin all tangible property representing Aladdin's intellectual property rights and all copies thereof and/or shall erase/delete any such information held by it in electronic form. Sections 1, 4, 6, 7, 8, 9, 10, 11 and 12 shall survive any termination of this Agreement.

12. Governing Law & JurisdictionThis Agreement shall be construed and governed in accordance with the laws of Israel (except for conflict of law provisions) and only the courts in Israel shall have jurisdiction in any conflict or dispute arising out of this Agreement. The application of the United Nations Convention of Contracts for the International Sale of Goods is expressly excluded. The failure of either party to enforce any rights granted hereunder or to take action against the other party in the event of any breach hereunder shall not be deemed a waiver by that party as to subsequent enforcement of rights or subsequent actions in the event of future breaches.

13. Third Party SoftwareIf the Product contains any software provided by third parties, such third party's software is provided "As Is" without any warranty of any kind and Sections 2, 3, 4, 6, 8, 9-13 of this Agreement shall apply to all such third party software providers and third party software as if they were Aladdin and the Product respectively.

14. MiscellaneousThis Agreement represents the complete agreement concerning this License and may be amended only by a written agreement executed by both parties. If any provision of this Agreement is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable.

I HAVE READ AND UNDERSTOOD THIS LICENSE AGREEMENT AND AGREE TO BE BOUND BY ALL OF THE TERMS.

HASP4 Programmer’s Guide ix

CE ComplianceThe HASP product line complies with the CE EMC Directive and related standards*. HASP products are marked with the CE logo and a HASP CE conformity card is included in every shipment or upon demand.

*EMC directive 89/336/EEC and related standards EN 55022, EN 50082-1.

FCC ComplianceFCC authorities have determined that HASP is not a Class B Computing Device Peripheral and therefore does not require FCC regulation.

UL CertificationThe HASP product line successfully completed UL 94 Tests for Flammability of Plastic Materials for Parts in Devices and Appliances. HASP products comply with UL 1950 Safety of Information Technology Equipment regulations.

ISO 9001:2000 CertificationThe HASP product line is designed and manufactured by Aladdin Knowledge Systems, Inc., an ISO 9001:2000 certified company. Aladdin's quality assurance system is approved by the International Organization for Standardization (ISO), ensuring that Aladdin products and customer service standards consistently meet specifications in order to provide outstanding customer satisfaction.

x © Aladdin Knowledge Systems, 2003

Certificate of ComplianceUpon request, Aladdin Knowledge Systems, Inc. will supply a Certificate of Compliance to any software developer who wishes to demonstrate that the HASP product line conforms to the specifications stated. Software developers can distribute this certificate to the end user along with their programs.

HASP4 Programmer’s Guide xi

ContentsList of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

About the HASP4 Programmer�s Guide. . . . . . . . . . . . . . . . . . . . . xxi

Part 1: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3About HASP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Advantages of the HASP System . . . . . . . . . . . . . . . . . . . . . . . 4HASP Protection Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9HASP Developer Kit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12HASP Starter Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Basic Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . .15How Does HASP Work?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Identifying the HASP Key . . . . . . . . . . . . . . . . . . . . . . . . . . . 17HASP Protection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . 21The Full Authorization System (FAS) . . . . . . . . . . . . . . . . . . 22Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Installing HASP . . . . . . . . . . . . . . . . . . . . . . . . . . .29HASP Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29Software Protection � Quick Reference . . . . . . . . . . . . . . . . . 32Installing HASP under Windows . . . . . . . . . . . . . . . . . . . . . . 33Installing HASP under Mac . . . . . . . . . . . . . . . . . . . . . . . . . . 37Installing HASP under Linux . . . . . . . . . . . . . . . . . . . . . . . . . 40

HASP4 Programmer’s Guide xiii

Contents

Part 2: Using HASP Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Protecting with HASP Envelope . . . . . . . . . . . . . 51About the HASP Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . .52Starting HASP Envelope . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53Protecting an Application . . . . . . . . . . . . . . . . . . . . . . . . . . . .54Protecting Win32 Data Files . . . . . . . . . . . . . . . . . . . . . . . . . .55Saving FAS Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59HASP Envelope Parameters . . . . . . . . . . . . . . . . . . . . . . . . . .61HASP Envelope Command-Line Switches . . . . . . . . . . . . . .73Additional HASP4 Net Information . . . . . . . . . . . . . . . . . . .77HASP Envelope for Mac Applications. . . . . . . . . . . . . . . . . .78HASP Envelope for Linux . . . . . . . . . . . . . . . . . . . . . . . . . . .79Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . .80

Accessing Keys with HaspEdit . . . . . . . . . . . . . . 83HaspEdit for Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84HaspEdit for Mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . .114

Assisting End-Users & Vendors . . . . . . . . . . . . . 117

Part 3: Using the HASP API. . . . . . . . . . . . . . . . . . . . . . . . . . .127

Protecting with the HASP API . . . . . . . . . . . . . . 129Preparing for API Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . .130Implementing the HASP API . . . . . . . . . . . . . . . . . . . . . . . .131HASP Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136Enabling Local and Network Protection . . . . . . . . . . . . . . .142HaspDemo Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . .144

Protection Strategies. . . . . . . . . . . . . . . . . . . . . 147Software Protection Attacks . . . . . . . . . . . . . . . . . . . . . . . . .148Tips and Tricks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Basic HASP Services . . . . . . . . . . . . . . . . . . . . . . 157Service 1: IsHasp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160Service 5: HaspStatus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161

xiv © Aladdin Knowledge Systems, 2003

Contents

Service 8: CheckHaspGeneration . . . . . . . . . . . . . . . . . . . . . 163Service 9: HaspNetStatus . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Service 60: HaspEncodeData . . . . . . . . . . . . . . . . . . . . . . . . 165Service 61: HaspDecodeData . . . . . . . . . . . . . . . . . . . . . . . . 166

HASP4 Memory Services. . . . . . . . . . . . . . . . . . .167Service 3: ReadWord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170Service 4: WriteWord. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Service 6: HaspID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Service 50: ReadBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173Service 51: WriteBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

HASP4 Time Services. . . . . . . . . . . . . . . . . . . . . .175Service 70: SetTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Service 71: GetTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Service 72: SetDate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Service 73: GetDate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Service 74: WriteByte. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Service 75: ReadByte . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Service 76: WriteBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Service 77: ReadBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Service 78: HaspID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

HASP4 Net Services . . . . . . . . . . . . . . . . . . . . . . .187 Service 40: LastStatus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Service 42: Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Service 43: Logout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Service 44: ReadWord . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Service 45: WriteWord. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Service 46: HaspID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Service 48: IdleTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Service 52: ReadBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Service 53: WriteBlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Service 85: SetConfigFilename . . . . . . . . . . . . . . . . . . . . . . . 207Service 88: HaspEncodeData . . . . . . . . . . . . . . . . . . . . . . . . 208Service 89: HaspDecodeData . . . . . . . . . . . . . . . . . . . . . . . . 210Service 96: SetServerByName. . . . . . . . . . . . . . . . . . . . . . . . 212Service 104: HaspQueryLicense . . . . . . . . . . . . . . . . . . . . . . 213Service 110: LoginProcess. . . . . . . . . . . . . . . . . . . . . . . . . . . 214

HASP4 Programmer’s Guide xv

Contents

Service 230: GetCurrentServer . . . . . . . . . . . . . . . . . . . . . . .215

HASP API Status Codes . . . . . . . . . . . . . . . . . . . 217Status Codes for All HASP Keys . . . . . . . . . . . . . . . . . . . . .217Status Codes for HASP4 Time Keys . . . . . . . . . . . . . . . . . .219Status Codes for HASP4 Net . . . . . . . . . . . . . . . . . . . . . . . .220

Part 4: Using HASP in a Network . . . . . . . . . . . . . . . . . . . . . .227

HASP4 Net Basic Concept . . . . . . . . . . . . . . . . . 229What is HASP4 Net? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229How Does HASP4 Net Work? . . . . . . . . . . . . . . . . . . . . . . .230Preparing Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232Using HASP4 Net . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233Distributing HASP4 Net . . . . . . . . . . . . . . . . . . . . . . . . . . . .235Supported Protocols, Platforms and Operating Systems. . .237Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . .238

Protecting Applications with HASP4 Net . . . . . 241HASP Envelope Options for HASP4 Net . . . . . . . . . . . . . .242HASP4 Net API Services . . . . . . . . . . . . . . . . . . . . . . . . . . .243

Managing HASP4 Net Licenses. . . . . . . . . . . . . 247How does the HASP License Manager Work?. . . . . . . . . . .248HASP License Manager for Windows . . . . . . . . . . . . . . . . .249HASP License Manager for Mac. . . . . . . . . . . . . . . . . . . . . .253HASP License Manager for Linux . . . . . . . . . . . . . . . . . . . .256Customizing the HASP License Manager . . . . . . . . . . . . . .258

Configuring HASP4 Net Clients . . . . . . . . . . . . 271Search Sequence for Configuration File . . . . . . . . . . . . . . . .271Sections in the Configuration File. . . . . . . . . . . . . . . . . . . . .272Specifying Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273

Monitoring HASP4 Net Licenses. . . . . . . . . . . . 281Distributing Aladdin Monitor . . . . . . . . . . . . . . . . . . . . . . . .281Installing Aladdin Monitor . . . . . . . . . . . . . . . . . . . . . . . . . .282Settings for Aladdin Monitor . . . . . . . . . . . . . . . . . . . . . . . .282Checking the Properties of HASP License Manager . . . . . .283

xvi © Aladdin Knowledge Systems, 2003

Contents

Checking HASP Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Starting and Stopping HASP License Manager as a Service286

Adapting HASP4 Net to the Network . . . . . . . .287Defining the Range of Stations under IPX . . . . . . . . . . . . . 287Defining the Range of Stations under TCP/IP . . . . . . . . . . 288Defining the Range of Stations under NetBIOS . . . . . . . . . 290Adapting the Timeout Length . . . . . . . . . . . . . . . . . . . . . . . 291Defining the Number of Protected Applications Served . . 291

Part 5: Using the Remote Update System. . . . . . . . . . . . . . .293

Remote Update System . . . . . . . . . . . . . . . . . . .295Implementing RUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296Creating the RUS Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 299The Vendor Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301The Customer Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Remote Update System API . . . . . . . . . . . . . . .315Win32 Remote Update System API . . . . . . . . . . . . . . . . . . . 315Implementing RUS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316Functions Provided in Vendor DLL. . . . . . . . . . . . . . . . . . . 318Functions Provided in Client DLL . . . . . . . . . . . . . . . . . . . . 322Return Values. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324Customization Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326RUS API for Mac Applications . . . . . . . . . . . . . . . . . . . . . . 327

Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329Check List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330Problems and Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331

HASP Demo Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Technical Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349

HASP4 Programmer’s Guide xvii

List of TablesHASP Programmer�s Guide Symbol Guide .......................................................................... xxiiHASP Models.................................................................................................................................. 9Device Driver Installation Tools (Windows) .......................................................................... 33Command Line Switches for aksusbd (Mac) ............................................................................ 38Command Line Switches for aksparlnx.o (Linux) ................................................................... 42Command Line Switches for aksusbd (Linux).......................................................................... 44HASP Envelope Main Tab Options......................................................................................... 62HASP Envelope Option Tab Options..................................................................................... 65HASP Envelope DataHASP Tab Options.............................................................................. 70HASP Envelope Engines ........................................................................................................... 73HASP Envelope Switches .......................................................................................................... 73Key Access History Panel ........................................................................................................ 120Parameters for HASP Stand-Alone Keys .............................................................................. 132Parameters for HASP4 Net Keys............................................................................................ 132PortNum Values and Ports Searched ..................................................................................... 133HASP Models and Relevant Services ..................................................................................... 136Basic HASP Services ................................................................................................................. 137HASP4 Memory Services ......................................................................................................... 138HASP4 Time Services............................................................................................................... 139HASP4 Net Services ................................................................................................................. 140Basic HASP Services and Parameters..................................................................................... 158HASP4 Memory Services and Parameter .............................................................................. 168HASP4 Time Services and Parameters .................................................................................. 176HASP4 Net Services and Parameters ..................................................................................... 189Status Codes for All HASP Keys ............................................................................................ 217Status Codes for HASP4 Time Keys...................................................................................... 219HASP4 Net Status Codes......................................................................................................... 220HASP4 Net Warning Codes .................................................................................................... 224HASP4 Net Supported Platforms........................................................................................... 237HASP4 Net Protocols............................................................................................................... 237HASP Envelope Switches for HASP4 Net ........................................................................... 243HASP4 Net API Services ......................................................................................................... 244HASP License Manager Switches ........................................................................................... 258Search Order for nhsrv.ini.......................................................................................................... 259Boolean Values for HASP LM nhsrv.ini. ................................................................................. 260

HASP4 Programmer’s Guide xix

HASP LM Installation API Error Codes ............................................................................... 269nethasp.ini Configuration File Search Order......................................................................... 272HASP License Manager Information ..................................................................................... 283HASP Key Information ............................................................................................................ 284HASP Information .................................................................................................................... 285Program Table ............................................................................................................................ 285Login Table ................................................................................................................................. 285Vendor Utility Command Line Switches ............................................................................... 306Vendor Utility Error Codes...................................................................................................... 308Customer Utility Command Line Switches............................................................................ 313Customer Utility Error Codes.................................................................................................. 314Passwords of HASP Demo Memory Keys ............................................................................ 337Passwords of HASP4 Std Demo Keys ................................................................................... 337General Specifications for All HASP keys............................................................................. 339Specifications for HASP4 Std, HASP4 M1, HASP4 M4, HASP4 Net ............................. 340Specifications for HASP4 Time............................................................................................... 340Specification for USB models .................................................................................................. 341HASP PC-Card........................................................................................................................... 341AladdinCARD ISA .................................................................................................................... 342AladdinCARD PCI.................................................................................................................... 342HASP3 to HASP4 Compatibility ............................................................................................ 344

xx © Aladdin Knowledge Systems, 2003

About the HASP4Programmer’s Guide

The HASP Programmer�s Guide is designed to help you, the software developer, protect your application in the way that most suits your needs.

The first part, "Getting Started" (page 1), introduces the HASP protection system. It gives an overview of HASP hardware and software and leads you through the installation of the HASP software. This part is relevant regardless of which key and which protection method you are using.

The second part, "Using HASP Tools" (page 49), helps you to use HASP utilities for Windows and Mac which enable you to protect your software easily, to program your HASP keys for distribution and to assist your customers. This part is relevant regardless of which key and which protection method you are using.

The third part, "Using the HASP API" (page 127), introduces the HASP API protection methods and strategies. It provides detailed descriptions of all HASP API services. This part is only relevant, if you want to protect you software by adding HASP API calls to your source code.

The fourth part, "Using HASP in a Network" (page 227), introduces the HASP4 Net system and tools. This part is relevant if you protect your software for networks using HASP4 Net keys.

HASP4 Programmer’s Guide xxi

About the HASP4 Programmer’s Guide

The fifth part, "Using the Remote Update System" (page 293), provides you with information on tools and the API which enable you to update your customers� HASP keys remotely.

Throughout this guide noteworthy comments, suggestions, cautions and warnings are displayed in special framed inserts with the following symbols.

HASP Programmer’s Guide Symbol Guide

To help you understand the HASP system in greater depth, frequently asked questions are included at the end of most chapters. For your convenience, a comprehensive glossary provides concise explanations of HASP terms.

Information on technical specifications, passwords for HASP Demo keys and troubleshooting can be found in the appendices.

Symbol Meaning

Warning or caution.

Noteworthy comment.

Suggestion to enhance HASP performance.

!

xxii © Aladdin Knowledge Systems, 2003

Part 1Getting Started

This part introduces the HASP protection system. It gives an overview of HASP hardware and software and leads you through the installation of the HASP software.

The chapter "Introduction" (page 3) introduces the advantages and security features of the HASP system and gives an overview of HASP hardware keys and supported platforms and operating systems.

The chapter "Basic Concept" (page 15) explains the basic concept of the HASP system and describes the contents of the HASP Kits.

The chapter "Installing HASP" (page 29) gives an overview of the HASP software, the main stages of software protection and the basic installation procedures for the various operating systems.

HASP4 Programmer’s Guide 1

Part 1 - Chapter 1

IntroductionWelcome to Aladdin�s HASP � the professional software protection system. This chapter describes the HASP protection system, its security features and its advantages. It introduces the family of HASP protection keys and describes the contents of the HASP Developer�s and Starter�s Kits.

About HASPHASP is a state-of-the-art hardware-based system that protects software from illegal use by preventing unauthorized access to and execution of protected applications.

At runtime, the protected application queries the HASP connected to the computer. If the response returned by the HASP is as it should be and if the correct HASP algorithm is identified, the application executes. If the response is incorrect, the application may not load, may switch to a demo version, or limit certain features.

Implementing HASP security is easy, yet the level of security it provides is extremely high. Once your application is protected, it can be activated only when the HASP key originally supplied with your software is attached to the computer.


Introduction Part 1 - Chapter 1

Advantages of the HASP System

Substantial Developer FlexibilityThe HASP system provides the widest range of products, solutions, and features in the software protection industry � including memory, network and time-based solutions for multiple hardware platforms.

Maximum ease-of-use

A short learning curve and a standard application programming interface (API) for all products ensures easy and rapid incorporation of the HASP software into the application.

Support for a wide range of programming environments

The HASP system has interfaces for numerous compilers and programming languages that enable a quick and effortless implementation of HASP.

Support for a wide range of operating systems

Supported operating systems are: Windows 3.x, Windows 95, 98, ME, NT, 2000, XP, Server 2003, Linux, Mac OS 8.6, Mac OS 9.x, Mac OS X.

Cross-platform solution

HASP (USB version) provides a platform-independent solution. One HASP key can be used to protect Windows, Mac and Linux applications, thus saving you development time in integrating protection, and on shipping logistics and costs.

All references to Windows NT in this manual apply to Windows NT4 (service pack 6).

4 © Aladdin Knowledge Systems, 2003

Getting Started Introduction

State-of-the-art security

Full-custom ASIC Chip or Advanced Micro-Controller

All HASP keys (except USB models) are based on a proprietary, full-custom ASIC (Application Specific Integrated Circuit) chip. The 2800-gate, 1.2-micron HASP ASIC, designed in-house by Aladdin engineers, prevents reverse engineering and makes HASP hardware virtually impossible to crack.

USB models are unique in that they contain an advanced micro controller that provides an inherently high level of security.

Advanced Encoding Capabilities in the Hardware

The advanced data encoding and decoding facilities incorporated in the HASP hardware allow a far closer integration of the hardware into the software being protected. Intelligent functions within the key itself allow critical functions of the software to be dependent on the presence of the correct key, otherwise they will not operate correctly.

Any data used by the software can be encoded at any point in the software. The encoded data is a function of the data sent to the HASP and a unique, customer-specific �developer code�. This means that this facility provides far more comprehensive protection than simple periodical checks for the presence of a key.

Advanced Protection Algorithms and Anti-Debugging Technology

HASP software uses state-of-the-art proprietary code protection algorithms, plus the most advanced anti-debugging technology in the industry. Special anti-hacking features implemented in the HASP software create practically impenetrable obstacles for would-be hackers.



Scrambled Communication

All communication between the application and the HASP is randomly scrambled to protect the vital link between them. This feature prevents emulation of the hardware key.

Benefits to Your CustomerHASP protection benefits both you and your customers. The following are a few reasons why software protection is good for your customers.

Cost-Effective Software

As HASP protection increases your sales and revenues, you can budget more money to the ongoing development and support of your product. In turn, your paying customers can enjoy more advanced products, faster development times and higher-quality technical support.

Protecting the License Agreement

Software protection helps maintain the integrity of your software license agreement. HASP is the least painful, least intrusive means of assuring compliance with the agreement. It ensures that customers do not have to police their own employees or risk breaking the license agreement.

Protecting Investments of Legitimate Users

HASP protects legitimate end users from the unfair practices of dishonest end users who use unpaid-for software and waste your valuable technical support resources.

Worldwide Service and Support

Multiple Production Facilities

Production facilities on three continents ensure rapid and punctual supply, with back-up capabilities if necessary.



Local Service and Support in Over 40 Countries

With 8 international offices and over 40 local distributors, support for HASP is available virtually whenever and wherever required.



Aladdin Consulting

For more detailed advice and training on HASP implementation issues, contact our team of international consultants. They can provide you with tailored training sessions on the following:

� Integration of HASP production and distribution in your company

� Analysis of the best protection strategy for your applications

� Help with algorithm design and even implementation of HASP protection in your software



HASP Protection KeysHASP keys are available for different ports and as various models.

Table 1.1 HASP Models

HASP Model Memory Size Full Authori-zation System Options

Features Key Types

HASP4 Std. no memory no FAS encoding/decoding parallel, USB

HASP4 M1 112 bytes 16 applications encoding/decoding HASP ID

parallel, USB

HASP4 M4 496 bytes 112 applications encoding/decoding HASP ID

parallel, USB, PC-Card

HASP4 Time 496 + 16 bytes 8 applications expiration date

encoding/decoding HASP ID real-time clock

parallel, USB

HASP4 Net 5 496 bytes 112 applications on 5 stations

encoding/decodingHASP IDnetwork access

parallel, USB



parallel, USB



parallel, USB



HASP4 Key Types for Different PortsHASP4 keys are available in parallel port, USB and PC-Card versions which are identical in functionality.

� HASP4 parallel keys connect to parallel ports and can only be used to protect applications running on PCs.

� HASP4 USB keys are cross-platform keys that connect to USB ports and can be used to protect applications running on PCs and Mac platforms.

� HASP4 PC-Cards are advanced software protection cards that are inserted in PC-Card (PCMCIA) slots found on most notebook PCs.



parallel, USB



parallel, USB

HASP4 Net U 496 bytes 112 applications on an unlimited number of stations.


parallel, USB

HASP Model Memory Size Full Authori-zation System Options

Features Key Types

HASP4 Net U - it is recommended that the number of stations not exceed 200.



HASP4 Key Models

HASP4 Standard – Low cost, high security

HASP4 Standard is the most cost-effective software protection solution we offer. Using all the state-of-the-art techniques included in the HASP system, HASP4 Std. offers an extremely secure, yet surprisingly low-cost solution for your protection needs.

HASP4 Std. is available for the parallel port and for the USB port.

HASP4 M1 and HASP4 M4 – The most versatile and secure software protection keys available

HASP4 M1 and M4 combine the inherently high level of encryption-based security with the flexibility of up to 496 bytes of secured read/write memory and a unique ID number for each key. The HASP4 memory and its in-the-field upgrading capabilities let you implement your marketing strategy by enforcing sales models such as subscription, demo, try-before-you-buy and rental for up to 112 applications � all in a single key.

HASP4 M1 is available for the parallel port and for the USB port. HASP4 M4 is available for the parallel port, for the USB port and as PC-Card.

HASP4 Time – Software Protection with a Real-Time Clock

HASP4 Time contains an internal real-time clock, indicating the exact time (hours, minutes and seconds) and date (day, month, year. Specifically designed to enable software renting or leasing, HASP4 Time also lets you charge clients periodically for software use and maintenance. Based on HASP4 M4, HASP4 Time contains 512 bytes of secured read/write memory and a unique ID number for each key. Using the HASP4 Time memory you can control the distribution and access of up to 8 different software modules and different software packages, rent or lease software and distribute demos which expire after a specific date.

HASP4 Time is available for the parallel port and for the USB port.



HASP4 Net - Providing Licenses in a Network

The ultimate software protection solution for various network environments. Connect a single HASP4 Net to any network station to protect your application and to limit the number of stations using it simultaneously. HASP4 Net provides all the protection features of HASP4 M4.

HASP4 Net is available for the parallel port and for the USB port.

HASP Developer KitThe HASP Developer Kit contains everything you need to evaluate the HASP protection system, and includes the following:

Software

The HASP software is contained on a single CD-ROM.

Hardware

Your HASP Developer Kit comes with a demo HASP key. The demo HASP key is either a HASP4 M1, HASP4 M4, HASP4 Time, or HASP4 Net depending on the type of HASP key you requested when ordering the HASP Developer Kit.

Documentation

Your HASP Developer Kit includes one copy of the HASP4 Programmer�s Guide.

The demo HASP key you receive should be used for evaluation purposes only. When you order HASP keys, Aladdin assigns you a unique developer�s code that differentiates your keys from others.



HASP Starter KitThe HASP Starter Kit is similar to the HASP Developer Kit, except that it contains 5 HASP keys that are unique to your company (2 keys in the case of HASP4 Net). Your HASP key includes HASP passwords that only you know, thus ensuring that your keys are differentiated from other HASP keys.

Whereas the demo HASP key you receive in a HASP Developer Kit should be used for evaluation purposes only, the HASP keys you receive in the HASP Starter Kit can be used to protect the application in preparation for distribution to your end users.

With the HASP Starter Kit, you are ready to go. Simply protect your application and order the number of keys you need.


Part 1 - Chapter 2

Basic ConceptTo implement HASP protection effectively, we recommend that you familiarize yourself with the concepts and terms described in this chapter.

If you are protecting with HASP4 Net, you should also read "HASP4 Net Basic Concept" (page 229) to familiarize yourself with specific terms and concepts for HASP4 Net.


Basic Concept Part 1 - Chapter 2

How Does HASP Work?At runtime, the protected application queries the HASP connected to the computer. If the response returned by the HASP is as it should be and if the correct HASP algorithm is identified, the application executes. If the response is incorrect, the application may not load, may switch to a demo version, or limit certain features.

Figure 2.1 HASP Protection Mechanism


Getting Started Basic Concept

Identifying the HASP KeyProtection is based on making access to the protected application dependent on the presence of the correct HASP key.

HASP keys contain information specific for your company, thus ensuring the uniqueness of the HASP keys distributed by you.

The presence of the appropriate HASP key can be checked by using the following methods:

� Use the hardware-based encryption engine.

� Check the key-specific ID

� Use the memory functionality

Using the Encryption Engine When you implement HASP protection, you check for the presence of the HASP key. The HASP system performs these checks by encoding and decoding data via the HASP itself.

Verifying the presence of the HASP using the data encoding and decoding functions requires a certain amount of planning. To start with, you must have some data that you have previously encoded. You then send that data to the HASP using the DecodeData service. There, it is decoded and you can check whether the decoded data is correct. If it is, then the HASP is present.

The decoded data can be verified by using the data in your protected application. Refer to "Encode Internal and External Data" (page 149) for information on using decoded data.

The encoded data is a function of the data sent to the HASP and a unique, customer-specific �developer code�. Thus, encoding the same string with two different developer codes will lead to different results.

You can encode data using HaspEdit or the HASP API. For more information refer to "Accessing Keys with HaspEdit" (page 83) or to "Protecting with the HASP API" (page 129).



Figure 2.2 Decoding Data to Verify the HASP Key

Developer-Specific InformationWhen you order keys from Aladdin, you receive keys which contain information specific to your company. This information is used to differentiate your keys from other developers� keys.



Developer Code

The developer code is a unique code Aladdin assigns to each software developer. The developer code is burnt into the ASIC component of the HASP to prevent reverse engineering, thus ensuring total protection.

You use the same developer code when you order additional HASP keys. The developer code is represented by the set of five to seven letters printed on the label of each HASP.

HASP Passwords

The HASP passwords are two integers assigned to each software developer. The passwords are based on your unique developer code and ensure that only you can access your HASP keys.

Checking the HASP ID NumberEach HASP memory key has a unique ID number. A protected application can check and verify this ID number.

HASP keys with ID numbers let you distinguish between users of your application. By checking for the HASP ID number in your application you can decide how to respond if a specific HASP is or is not present.

You can retrieve the HASP ID using HaspEdit. For more information refer to "Accessing Keys with HaspEdit" (page 83).

Make sure to keep your passwords in a safe place, as they are used to access the HASP, protect your application and use the HASP utilities.

!

You cannot order HASP keys with specific ID numbers. They are assigned randomly during manufacturing and are guaranteed not to be repeated.



Using the HASP Memory OptionsAll HASP keys except HASP4 Std. contain internal read/write memory. You can use the HASP memory do the following:

� Control access to different software modules or different software packages

� Assign a unique code to each software user

� Rent or lease software and distribute demos which can be activated only a limited number of times

� Save passwords, program code, program variables, and any other data

For information on the read/write memory available with different HASP keys refer to Table 1.1 (page 9).

You can edit the memory using HaspEdit. For more information refer to "Accessing Keys with HaspEdit" (page 83).



HASP Protection MethodsHASP offers two different yet very powerful protection methods:

� HASP Envelope

� HASP application programming interface (API)

HASP EnvelopeThe simplest and quickest way to protect an application is to use the HASP Envelope. HASP Envelope provides very effective and powerful protection. This method does note require access to the target application�s source code. HASP Envelope adds a protective shield around executable files. The HASP Envelope scrambles your file, and incorporates HASP checks and anti-debugging features. After having protected your application with HASP Envelope, it cannot run without the correct HASP.

As using the Envelope does not require access to the application source code, it is a quick and easy method of protection. At the same time, it provides a very high level of protection, making it virtually impossible to debug or disassemble your applications.

For information on using HASP Envelope refer to "Protecting with HASP Envelope" (page 51).

HASP Application Programming Interface (API)If you have the source code of the application you want to protect, you can link the HASP API to your application.

Use the API to insert calls to the HASP throughout your application. With the API, you can check for the presence of the HASP whenever you choose, and decide how to respond if the correct HASP is not connected. In addition, you can check a HASP memory key for sensitive data you may have stored in its memory.

You must have access to the source code to implement the API.



Which Method to UseYou can use either the Envelope or the API alone, or combine both methods of protection.

Use the Envelope when you want quick and easy protection, or when you do not have access to the source code.

Use the API when you have access to the source code and when you want to customize your protection by implementing additional calls to the HASP key.

Both the Envelope and the API are very powerful protection methods. Protecting your application with only one protection method ensures a high level of security. However, we recommend you implement both Envelope and API protection if possible. Each method has its unique features, and complements and enhances the other.

Incorporate the HASP API into your application source code, compile, link the HASP library files or DLLs to your application, and then use the HASP Envelope protection on your executable file.

The Full Authorization System (FAS)The Full Authorization System is a powerful feature that allows you to protect multiple applications with a single HASP memory key, and to specify the conditions under which each application can be used.



FAS OptionsWith FAS, you can limit the use of your application by:

� Setting the number of activations (HASP4 M1, HASP4 M4 and HASP4 Net).This feature is useful for supplying demo versions of your application.

� Setting an expiration date (HASP4 Time).This feature is useful for leasing and renting your software.

� Setting the number of stations which can run the program simultaneously (HASP4 Net).

FAS is an optional feature of the Envelope when you protect with a HASP stand-alone memory key. With HASP4 Net, on the other hand, FAS is not optional. FAS is an integral part of the HASP4 Net protection system, whether you protect with the Envelope or the HASP API.

How Does FAS Work?A HASP-protected application which implements FAS performs several checks.

� The protected application first determines whether or not the correct HASP is connected to the computer.

� If the correct HASP is present, the HASP memory is checked to verify that the application is listed as authorized to run.

If the application is authorized to run then different checks are performed, depending on the model of HASP you are using:

� With HASP4 M1 and HASP4 M4, the HASP memory is checked to see that the number of authorized activations has not been exceeded. With each activation of the application, the number of authorized activations is decreased by one. When the application starts and the number of authorized activation equals 0, the protected application aborts and the appropriate error message is displayed.



� With HASP4 Time, the expiration date listed in the HASP4 Time memory is checked and compared to the HASP4 Time real-time clock. If the expiration date has passed, the application aborts with an error message.

� If you are using HASP4 Net, refer to "How Does HASP4 Net Work?" (page 230) to understand how FAS is automatically integrated into the HASP4 Net system.

FAS is used by the HASP Envelope�s licensing system. When using the API to license an application, you can implement your own licensing scheme.



Frequently Asked Questions

Question Can I change my HASP passwords?

Answer No. In order to ensure the highest protection level and to prevent reverse engineering of the hardware key, the HASP passwords are indelibly burnt into the ASIC component of the HASP during manufacturing. No one can then access the HASP to read and change these passwords.

Question Can I give every customer a HASP with a unique code or password?

Answer Yes. For this purpose, we recommend using HASP memory keys which contain a unique ID number for each key. In addition, you can program the memory of HASP memory keys individually for each of your customers.

Question Is it possible that another developer will be given the same passwords as me?

Answer No. Each developer is given a unique set of passwords.

Question What happens to a HASP4 Time when its battery dies?

Answer The HASP4 Time battery has a lifetime of 3-5 years, which by all measures is a long time in terms of software licensing. When the battery dies, HASP4 Time behaves in the same way as a HASP4 M4. Battery life is increased if the HASP4 Time key remains connected to an operating computer.



Question Can stand-alone HASP keys be used in a network environment?

Answer Yes. There are two options for using HASP in a network. The first is to connect a HASP to every station on which the protected application is running. The second � and more efficient option � is to protect your application with HASP4 Net, a sophisticated protection system designed especially for network environments.

HASP4 Net allows you to activate a protected application on several stations using a single key. To learn more about HASP4 Net, see "HASP4 Net Basic Concept" (page 229).

Question Can various HASP keys be connected to each other?

Answer Yes. Multiple HASP keys can be daisy-chained without any special connecting equipment.

Use an USB hub to connect multiple USB devices to the same port.

Question And what about keys made by other companies?

Answer HASP keys are fully transparent. You can chain them before or behind other keys, provided these keys are also transparent.

Question Can data files or applications written with software tools such as Lotus and AutoLISP be protected with HASP?

Answer Yes. There is a special system for data file protection called DataHASP. Easily implemented, DataHASP protects files by encoding their data and allowing only authorized applications to access them. DataHASP can be used with Win32 applications and works with all HASP keys.

For more information, see "Protecting with HASP Envelope" (page 51).



Question Why should I use a HASP memory key?

Answer There are three very good reasons to choose a HASP memory key to protect your application:

� To distribute a demo version of your application, or lease your software.

� To protect multiple applications using a single HASP.

� To use the HASP memory to save data and subsequently enhance the security of your protected application.

Question How can I update the HASP memory after delivering my protected application to my customer?

Answer The HASP Remote Update System (RUS) enables remote updating of the HASP memory when the HASP is in the possession of your customer. The RUS can be used via the Internet. For more information got to:

http://www.hasp.com/rus

You update the HASP memory by sending RUS passwords through phone, fax, or e-mail. This system enables additional software activations and execution of additional software modules.

For more information, see "Remote Update System" (page 295).


Part 1 - Chapter 3

Installing HASPThis chapter gives an overview of the HASP software, the main stages of software protection and the basic installation procedures for the various operating systems.

HASP SoftwareThe HASP software consists of the following parts:

� Device drivers to access HASP keys

� HaspEdit to prepare HASP keys for distribution

� Aladdin DiagnostiX to assist vendors and end-users

� HASP API and HASP Envelope to integrate application protection

� HASP Demo to demonstrate and test the HASP functionality

� HASP License Manager and Aladdin Monitor to provide, administer and monitor HASP4 Net licenses


Installing HASP Part 1 - Chapter 3

Device Drivers

The HASP device drivers as the link between the HASP key and the protected application. Both you and your customer need to install the appropriate driver in order to run the protected application.

HASP device drivers are available for the following operating systems: Windows 95/98/ME/NT/2000/XP/Server 2003, Mac OS 8.6, Mac OS 9.x, Mac OS X Linux.

HASP device drivers also enable you to use HASP keys on 64-bit IA64 processors for Windows XP and Linux applications.

You can also integrate driver installation into the installation of your protected application.

Accessing HASP Keys with HaspEditHaspEdit is a utility for accessing HASP keys, editing the memory of HASP memory keys, and encoding/decoding data.

Assisting End-Users with Aladdin DiagnostiXThe Aladdin DiagnostiX utility lets your customers collect information on their system and on their HASP key.

Protecting Applications

HASP Envelope

HASP Envelope is a tool which enables you to protect your application by wrapping it in a protective shield.

You can use HASP Envelope as a command-line tool or with a graphical user interface. For more information refer to "Protecting with HASP Envelope" (page 43).


Getting Started Installing HASP

HASP API

The HASP application programming interface (API) enables you to protect your application by inserting calls to the HASP key throughout your source code.

The root directory on the HASP CD is subdivided according to operating systems, development environment and compiler. The directory for each compiler includes the following:

� Libraries that must be linked to your application

� A sample application that demonstrates the use of the API with all HASP keys

For more information refer to "Protecting with the HASP API" (page 115).

HASP Demo

Utilities which let you test HASP services. For more information refer to "HASP Test Utility" (page 128).

Providing Licenses in a NetworkFor information on HASP4 Net refer to "HASP4 Net Basic Concept" (page 209).

HASP License Manager

A utility that communicates between the protected application and the HASP4 Net key.

Aladdin Monitor

A tool used to track the use of protected applications and HASP License Managers in a network.



Software Protection – Quick ReferenceThe following overview indicates the main stages normally involved in protecting your application using any HASP.

Stage 1: Install the HASP Device DriverEnables access to HASP key. The newest drivers can be downloaded at www.hasp.com/downloads.

For information on installing the drivers refer to the following sections.

Stage 2: Use the HaspEdit UtilityAllows you to customize your protection.

For information about HaspEdit refer to "Accessing Keys with HASP Edit" (page 73).

Stage 3: Use the HASP APIAllows you to incorporate HASP calls throughout the application.

For information on using the HASP API refer to "Protecting with the HASP API" (page 115).

Stage 4: Use the HASP Envelope UtilityProtects your application automatically without getting into the source code, for more information see "Protecting with HASP Envelope" (page 43).

Stage 5: Use the HaspEdit UtilityAllows you to customize your keys for distribution with your protected software.

For information about HaspEdit refer to "Accessing Keys with HASP Edit" (page 73).



Installing HASP under Windows

Installing the HASP SoftwareInsert the HASP CD into your CD-ROM drive. The Setup wizard will automatically start. If the installation does not automatically start, run setup.exe from the Setup directory.

Now follow the instructions in the Setup wizard.

Installing the HASP Device DriverThe HASP device driver is installed automatically when using the general HASP software setup. We provide also different applications for installing the HASP device driver:

Table 3.1 Device Driver Installation Tools (Windows)

You can find these applications in the Drivers directory of your HASP CD. They automatically recognize the operating system in use and install the correct driver files at the required location.

For information on which files are installed refer to the hdd.hlp help file.

HASP support for Linux can be installed either automatically via RPM packages or manually by extracting the requisite files from the tar archive. Drivers have to be installed manually to run HASP USB keys on Win64 systems using the Itanium processor.

Application Operating system

Hinstall.exe Win32, command line version

HDD32.EXE Win32, GUI version

HDD16.EXE Win16, GUI version

To install the HASP device driver under Windows NT/2000/XP/Server 2003, you need administrator privileges.



The HASP device driver loads dynamically as soon as the HASP is accessed following the system reboot.

If you install an upgraded version of the HASP device driver after running a HASP-protected application, you must reboot your system in order for the new driver version to load dynamically.

Customizing HASP Device Driver InstallationYou can install the HASP device driver on your customer�s system in one of two ways:

� Run hinstall.exe or HDD16.EXE/HDD32.EXE. You can write a command (batch) file to perform the installation and then distribute this file with your application.

� Use the HASP Install API in your setup program to install the HASP device driver.

You implement custom installation through a DLL or library.

In the Drivers\drvapi directory you can find interfaces for several compilers, including an interface for Install Shield. Each compiler interface directory contains a sample installation program. For more information on the hinstall utility and the HASP Device Driver Installation API, see the hdd.hlp help file.

The Hinstall Utility

hinstall.exe is a Win32 application that installs the HASP device driver under Windows 95/98/ME and Windows NT/2000/XP/Server 2003 systems.

To install the HASP Device Driver:

� Type hinstall -i from the command line.

A window appears informing you that the HASP device driver was successfully installed.

To remove the HASP Device Driver:

� Type hinstall -r from the command line.



A window appears informing you that the HASP device driver was successfully removed.

To upgrade a HASP Device Driver:

� Install the new HASP device driver following the steps for installation detailed above.

Installing HASP Win64 for Itanium

To enable HASP USB keys to run on Win64 systems, the following drivers are required.

Once installed, the above drivers enable both Win64 and Win32 applications to run on Itanium systems using the HASP API.

Installing HASP on IA64 Platforms

There is no automatic installation of HASP4 drivers on IA64 systems.

Follow the instructions below to manually install all the drivers required to run HASP4 USB on Win64 systems using the Itanium processor.

Driver Description

aksclass.dll Class installer used to create device class

aksusb.sys USB driver for handling USB communication

akshasp.sys HASP device driver for handling HASP services.

aksclass.sys Class driver used to load the HASP device driver

Only HASP USB keys can run on systems using the Itanium 64-bit processor.

The required HASP driver used for Win64 applications can only be installed manually. !



1. Plug in the HASP USB key.The Found New Hardware wizard indicates the presence of the �Aladdin USB key�.

2. Insert the HASP Installation CD. In the Wizard screen, check Install from a list or specific location. Click Next.

3. Specify the IA64\drivers directory. This directory should contain the following files: aksusb.inf, aksusb.sys, aksclass.sys.

4. Click Next.You have completed the installation of the USB driver.

5. The Found New Hardware wizard reappears to indicate the presence of the HASP key.

6. In the Wizard screen, select Install from a list or specific location. Click Next.

7. Specify the IA64\drivers directory. This directory should contain the following files required to install the HASP Key: aksclass.dll, akshasp.inf, and akshasp.sys. Click Next.

8. To complete the installation click Finish.

To ensure that the drivers have been installed properly, open the Windows Device Manager and check for the following:

1. Aladdin HASP Key should appear under Aladdin Software Protection Devices.

2. Aladdin USB Key should appear under Universal Serial Bus controllers.

3. The LED in the HASP key should be activated.



Installing HASP under MacThe HASP software for Mac includes the daemon and the extensions, the HASP API, the HaspEdit utility, the HASP Envelope, the HASP RUS and the HASP License Manager. The software is contained in the Mac directory on the HASP CD.

Installing the HASP Daemon for Mac OS XThe HASP daemon aksusbd enables the Mac OS X system and the protected application to access the HASP key.

Both you and your customer need to install and load the daemon aksusbd in order to work with the HASP key under Mac OS X. The script dinst enables you to do this.

To install the daemon or the extensions click on the aksusb Installer. The daemon will be started automatically on every system boot.

After the HASP daemon has been successfully installed and loaded, your system will recognize HASP keys connected to the USB port.

You can configure the daemon with the following command line switches:



Table 3.2 Command Line Switches for aksusbd (Mac)

To configure the daemon proceed as follows:

1. Edit the startup file Aladdin which is referenced by the script dinst.

2. Add the desired switches to the line aksusbd which starts the daemon.

Installing the HASP Driver for Mac OS 8.6 and 9.xThe HASP driver enables protected applications running on Mac OS 8.6 and Mac OS 9.x systems to access the HASP key.

Both you and your customer need to install the driver in order to work with the HASP key under Mac OS 8.6 and 9.x. Use the aksusb Installer to quickly install the HASP drivers.

Another method to install the driver for OS 9.x and 8.6:

1. Copy the files MacHasp4Shim and MacHaspUsbDD to the Extensions folder in the System Folder.

Switch Meaning

-v Print version number as decimal, format xx.xx.

-u <umask> Specifies the permission bits for the socket special file. Default is 666 (access for everyone).

-l <value> Select type of diagnostic messages. Possible values are:0 - only errors1- normal (default)2 - verbose - logs key removals and connects to the syslog.3 - ultra verbose - includes some arcane error messages in the log file.

-h Print command line help.



2. Reboot the system.

Your system will now recognize HASPs connected to the USB port.

Installing HASP4 Net Support and UtilitiesFor information on HASP4 Net refer to "HASP4 Net Basic Concept" (page 209) and subsequent chapters.

If the files already exist you need to move them out of the folder first, because they cannot be overwritten.



Installing HASP under LinuxThe HASP software for Linux includes the following:

� Kernel mode drivers for various kernel versions and a daemon

� Utilities to query the driver version and to display parallel ports

� HASP Demo application and the source code.

� HASP library

The Linux software is contained in the tar.gz archive in the Linux directory on the HASP CD.

A simple way to install HASP for Linux is to use RPM packages that are available at:

http://www.hasp.com/downloads

For detailed information on the components refer to the readme files in the archive.

Opening the ArchiveTo open the archive proceed as follows:

1. Create a new sub folder.

2. Unpack the archive using the following command:

Tar -xzf [path/]hasplinux105.tgz

Installing Daemon and Kernel Mode DriverTo access the HASP key, the kernel mode driver aksparlnx.o and the daemon aksusbd have to be loaded.

Kernel Mode Driver Installation (aksparlnx.o)

Driver installation includes the following steps:

All described actions should be executed as root.



� Generate the device node

� Initialize the parport system

� Loading the driver

Generating the Device Node

To enable access to the driver, generate a /dev/Hardlock device node. It should use the same major number as is used when loading the driver (major=xxx command line to insmod, or 42 default).

1. Generate the device node with the following command:

mknod /dev/Hardlock c 42 0

2. Allow everyone to access the node:

chmod 666 /dev/Hardlock

Alternatively, if the access to Aladdin keys should be restricted to a special group of users (e.g. group aladdin):

chgrp aladdin /dev/Hardlock

chmod 660 /dev/Hardlock

Initializing the Parport System

The aksparlnx driver uses the Linux parport driver in to access to the parallel port without disrupting other users of the parallel port (e.g. printer, zip drive).

Initialize the parport system before loading the aksparlnx driver:

modprobe parport_pc

The parport driver will report in the system log the parallel ports it has found in the system. aksparlnx will be able to access keys on any of these ports by default.

Loading the Driver

Load the aksparlnx driver with the following command:

insmod <path_to_driver>/aksparlnx.o



The status message is generated in the system log informing you if the installation has been successful or not. If the installation fails because of a kernel version mismatch, try a force installation with the following command:

insmod -f <path_to_driver>/aksparlnx.o

The loading of the driver (modprobe and insmod) should be incorporated into a startup script, so that it will be available on subsequent system boots.

Options for aksparlnx.o

Table 3.3 Command Line Switches for aksparlnx.o (Linux)

Switch Meaning

-major=<number>

The driver uses device major number 42 by default. You can change this by giving an argument to the insmod command.Also change the driver special file using the command mknod /dev/Hardlock c <number> 0

-loglevel= <value>

Select type of diagnostic messages. Possible values are:0 - only errors1- normal (default)2 - verbose3 - ultra verboseThe messages are logged in syslog with priority kern.info (and kern.debug). Refer to /etc/syslog.conf to see where the messages will be put, usually it is the file /var/log/messages.



Aladdin Daemon Installation (aksusbd)

Enabling Access to USB Keys

To enable access to USB keys, usbdevfs must be mounted on /proc/bus/usb. On newer distributions it is mounted automatically (e.g SuSe 7.0).

To mount usbdevfs manually use the following command:

mount -t usbdevfs none /proc/bus/usb

Enabling Access to Parallel Keys

To enable access to parallel port keys, the kernel driver aksparlnx must be installed before starting aksusbd.

Loading the Daemon

Load the daemon by starting it:

<path>/aksusbd

The daemon will fork and put itself into the background.

The status message is generated in the system log informing you if the installation has been successful or not.

-timeout= <value>

Specifies the maximum amount of time the driver waits when requesting exclusive port access from the parport driver. The value used is 1/100 of a second. The default value is 100 (= 1 second).After this time the request will be aborted with a PORT_BUSY error.

-hlportadress=<address>

If you have a parallel port in the system which by chance is not detected by the Linux parport driver (and therefore not seen by aksparlnx.o), you can make this port known to aksparlnx.o.

Use this switch only if you are an experienced user. Giving an illegal port address will cause the system to crash!

Switch Meaning

!



It reports its version, the version of the API used for USB and the version of the API inside the kernel driver (for parallel port keys).

If the kernel driver happens to be unavailable when aksusbd is launched, parallel port keys cannot be accessed, but USB keys are still accessible. The system log reflects this status.

If /proc/bus/usb is not mounted when launching aksusbd, USB keys cannot be accessed.

Preferably the daemon should be started at system boot up time with some script located in /etc/rc.d/init.d or /etc/init.d (depending on Linux distribution).

Options for aksusbd

Table 3.4 Command Line Switches for aksusbd (Linux)

Switch Meaning

-v Print version number as decimal, format xx.xx.

-l <value> Select type of diagnostic messages. Possible values are:0 - only errors1- normal (default)2 - verbose3 - ultra verboseThe messages are logged in syslog with priority kern.info (and kern.debug). Refer to /etc/syslog.conf to see where the messages will be put, usually it is the file /var/log/messages.

-u <umask> Specifies the permission bits for the socket special file. Default is 666 (access for everyone).

-h Print command line help.



Installing HASP for Linux on Itanium

The following software is required to run HASP USB keys for Linux distributions on Itanium processors:

� A daemon

� HASP Demo application and the source code.

� HASP library

The software is contained in the hasplinux105-ia64.tgz archive in the Linux directory on the HASP CD. The daemon is also part of the RPM package provided for either RedHat or SuSe distributions.

For detailed information on the components refer to the readme files in the archive.

There are two ways to install HASP for Linux on Itanium:

� Automatically using PRM packages

� Manually by extracting the tar archive

Automatic Installation of HASP for Linux on Itanium

Depending on the Linux distribution used, you can install HASP drivers using RPM packages. Use table below to select the RPM packages corresponding to your Linux distribution.

Only HASP USB keys can run on systems using the Itanium 64-bit processor.

Linux Distribution RPM Package

SuSE 7.3SuSE 8.0

rpm -i aksusbd-suse-1.5-1.ia64.rpm

RedHat 7.2RedHat 7.3

rpm -i aksusbd-redhat-1.5-1.ia64.rpm



The aksusbd packages listed above contain the USB daemon, which is started by default.

Manual Installation of HASP for Linux on Itanium

To manually install HASP keys you must:

a. Open the archive.

b. Install the Daemon.

c. Enable access to HASP USB keys.

Opening the Archive

To open the archive proceed as follows:

1. Create a new HASP sub folder.

2. Unpack the archive using the following command:

tar -xzf [path/]hasplinux105-ia64.tgz

Installing Daemon

To access the HASP key, the daemon aksusbd has to be started.

Enabling Access to USB Keys

To enable access to USB keys, usbdevfs must be mounted on /proc/bus/usb. To mount usbdevfs manually use the following command:

mount -t usbdevfs none /proc/bus/usb

Loading the Daemon

Load the daemon by starting aksusbd:

The PRM packages only contain software for accessing HASP keys. The developer library and sample files for implementing HASP4 in your applications are located in the hasplinux105.tgz tar archive.

All described actions should be executed as root.



<path>/aksusbd

The daemon will fork and put itself into the background.

The status message is generated in the system log informing you if the installation has been successful or not.

It reports the daemon version, the API version used for USB keys.

If /proc/bus/usb is not mounted when launching aksusbd, HASP USB keys cannot be accessed. Preferably the daemon should be started when the system is booted with a requisite startup script stored in /etc/rc.d/init.d or /etc/init.d (depending on Linux distribution).


Part 2Using HASP Tools

This part describes the HASP utilities HASP Envelope, HaspEdit and Aladdin Diagnostic.

The chapter "Protecting with HASP Envelope" (page 51) explains the use of HASP Envelope which provides a convenient way to protect your application and encode data files.

The chapter "Accessing Keys with HaspEdit" (page 83) explains the use of HaspEdit for Win32 and for Mac which let you access your HASP keys.

The chapter "Assisting End-Users & Vendors" (page 117) describes how you can assist your customer with Aladdin DiagnostiX which lets your customers collect information on their system and on their HASP key.


Part 2 - Chapter 4

Protecting withHASP EnvelopeUsing HASP Envelope is the fastest way to protect your software from unauthorized use. Implementing HASP Envelope protection is easy, as you do not need to alter the application�s source code.

HASP Envelope is available as command-line tool (DOS, Win16, Win32) and as graphical user interface (Win32).

Using a configuration file to define and store protection parameters, HASP Envelope is also available for Mac and Linux applications.

The HASP Envelope interface provides a convenient way to perform any of the following operations:

� Protect applications

� Protect Win32 data files

� Save FAS protection parameters to the HASP memory

If you plan to use both HASP Envelope and API protection, first implement the HASP API and then the HASP Envelope.

!


Protecting with HASP Envelope Part 2 - Chapter 4

About the HASP EnvelopeThe HASP Envelope utility adds a protective shield around DOS, Windows and Win32 executable files and DLLs.

Envelope protection offers file encoding and advanced anti-debugging features which enhance the overall level of security.

Figure 4.1 HASP Envelope Protection

Before you implement HASP Envelope protection do the following:

� Backup your unprotected file.

By default, during protection, the original file is destroyed and a new one is created.

� Make sure there is enough space on your disk.

After protecting with the HASP Envelope, your application will require additional disk space. The amount of space depends upon the type of application you are protecting.


Using HASP Tools Protecting with HASP Envelope

Starting HASP EnvelopeYou can protect a DOS, Win16 or Win32 application using a graphical user interface (GUI) as described here, or from the command line as described on page 73.

1. Install the HASP device driver. See "Installing HASP under Windows" on page 33.

2. Connect the HASP key(s) with which you want to protect your application to the computer.

3. Activate the Envelope utility by either choosing HASP Envelope from the HASP CD folder, or by running haspenv.exe.

The HASP Envelope window is displayed.

There are three available options:

� Click Start HASP Wizard to access the Wizard, which guides you through the protection process step by step.

� Click New Envelope Configuration to begin a protection session using new protection parameters.

� Click Open Envelope Configuration to begin a protection session using saved protection parameters.



Protecting an ApplicationThis chapter describes the protection process using the New or Open Envelope configuration options.

1. In the Envelope�s Main tab, enter the path and name of the application to protect in the Unprotected File box.

2. Type the HASP passwords into the correct boxes.

3. If you are implementing FAS, fill in the FAS parameters according to the model of HASP you are using:

For HASP4 M1 and HASP4 M4, enter the program number and the number of activations on the Options tab.

For HASP4 Time, enter the program number and the expiration date on the Options tab.

For HASP4 Net, enter the program number on the Main tab. You can enter either the number of activations, the number of licenses, or both.

4. Fill in the remaining boxes in the Main, Options, and Error Messages tabs according to your specific protection needs. See the following sections for detailed descriptions of the tabs and their boxes.

5. Click the Protect icon or choose Protect Application from the Envelope Tools menu.

A window appears, informing you that the application was successfully protected.

6. Click OK.

If you assigned FAS protection parameters, you are now asked if you want to save them. See "The Full Authorization System (FAS)" on page 22 for more details.

The protected application cannot function unless the requisite HASP key is present.



Protecting Win32 Data FilesWith DataHASP, you can protect data files, such as text files. DataHASP encodes their data and enables only authorized applications to decode it.

You can protect Win32 data files using a graphical user interface (GUI) as described here, or from the command line as described on page 73.

When you protect Win32 data files, you also need to protect the application that loads these files and decodes them. This section provides instructions on how to protect both the data files and the application that accesses them.

Preparing Protection

1. Place a copy of the application which accesses the data file (for example Notepad.exe) in a temporary directory.

2. Create a data file and save it in the same directory (for example text.txt).

3. Connect the HASP key(s) with which you want to protect your data files to the computer and make sure that the HASP device driver is properly installed.

Never encode the same file twice. If you do, the software will not be able to restore it.

Alternatively you can build your own application and call API services 60, 61, 88 or 89 to encode and decode any data file opened by your program in whatever way you choose.

The application you authorize to decode data files should not support the copying or exporting of files. If it does, the end user will be able to copy or export an encoded data file to a non-encoded file.

!

!



4. Activate the Envelope utility by choosing HASP Envelope from the HASP CD folder. The HASP Envelope window appears.

5. Choose New Envelope Configuration.

Setting Protection Parameters

1. In the Envelope's Main tab, enter the path and name of the application to protect (in this example C:\Temp\Notepad.exe) in the Unprotected File box.

2. Enter the HASP passwords in the appropriate boxes.

3. Fill in the remaining boxes in the Main, Options, and Error Messages tabs according to your specific protection needs. See the following sections for detailed descriptions of the tabs and their boxes.

4. In the DataHASP tab, enter the name of the data file you want to encode and then decode at run time (in this example, test.txt).

Win32 and Linux applications protected by HASP Envelope, can run on systems using an Itanium processor.



Figure 4.2 DataHASP TabT

5. In the Encryption Key box, enter any eight characters as an encoding key.

6. In the Data Files to Encrypt box, choose Add, and select C:\test.txt.

7. Under Data Files to Decrypt at Run Time, type test.txt in the Decrypt box. Alternatively, you can use wildcards, i.e. *.*, or *.txt.

It is recommended that you use wildcards in the Decrypt box to ensure that an unencrypted copy of the file cannot be saved. Alternatively you can disable the Save As option in the program.

!



Performing Protection

1. Click the Protect icon or choose Protect Application from the Envelope Tools menu.

A window appears, informing you that the application was successfully protected and that you can encrypt the data files now.

2. Click OK and then click on the Encrypt Selected Files button at the bottom of the window.

A message appears, informing you that all selected files were encrypted successfully. Successful protection allows you to ensure that the document can only be opened with the protected application and not with any other copy of the executable.

If you assigned FAS protection parameters, you are now asked if you want to save them. See "Saving FAS Parameters" (page 59) for more details.

The protected application now cannot work without the correct HASP and only this application can access the protected data files.



Saving FAS ParametersAfter implementing HASP Envelope protection of executables or data files, you can also use HASP Envelope to save FAS protection parameters to the memory of your HASP key immediately after the protection process.

The FAS protection parameters which you can save to the HASP memory are:

� For HASP4 M1 and M4 the application program number and number of application activations.

� For HASP4 Time the application program number and application expiration date.

� For HASP4 Net the program number, number of licenses and number of activations.

You have the choice of using HaspEdit or the Envelope to set FAS protection parameters and save them to the HASP memory. However, you must use the Envelope to set the program number. By assigning the program number using HASP Envelope, you establish the link between the HASP key and your program�s protection parameters, which are saved to the HASP memory. It is this link that enables the protected application, when loaded, to retrieve the correct protection parameters from the HASP memory.

You can save FAS parameters to the HASP key immediately after implementing HASP Envelope protection, or independent of the Envelope protection process.

Alternatively, you can use HaspEdit to save FAS parameters to your HASP keys.

While FAS is optional for HASP stand-alone memory keys, it is an integral part of the HASP4 Net system. Therefore, remember that saving protection parameters to the HASP4 Net memory is mandatory.



Saving FAS Parameters After Implementing Protection

Directly after implementing protection, a dialog box appears giving you the option to write to the memory of the connected HASP key.

1. Select if you want to write to a local HASP key or a HASP4 Net key.

2. Click Save Parameters.

3. To write the same protection parameters to additional HASP keys, remove the currently attached HASP key, connect another one and click Save Parameters.

4. To stop writing to HASP keys, click Close.

Saving FAS Parameters Independent of the Protection Process

1. Set the FAS parameters you want to write to your HASP key.

2. From Envelope Tools select Program HASP.

The Save FAS Parameters dialog box appears.

3. Select if you want to write to a local HASP key or a HASP4 Net key.

4. Click Save Parameters.

5. To write the same protection parameters to additional HASP keys, remove the currently attached HASP key, connect another one and click Save Parameters.

6. To stop writing to HASP keys, click Close.



HASP Envelope ParametersThis section describes the HASP Envelope utility tabs, boxes, menus and icons.

Main TabYou must specify parameters in the Main tab in order to protect your application. If you are using a stand-alone HASP key only, fill in all the boxes except for those in the HASP4 Net Parameters frame. If you are using a HASP4 Net key only, fill in all the boxes except for those in the HASP Passwords frame. If you are using both a stand-alone HASP key and a HASP4 Net key, fill in all the relevant boxes.

Figure 4.3 HASP Envelope Main Tab #



Table 4.1 HASP Envelope Main Tab Options

Option Description

Unprotected File (source)

Enter the path and name of the application file to protect. Each file must have the extension.exe or .dll. Click Browse to search your disks for a specific file.

Protected File (destination)

Default: The filename entered in the Unprotected File box.By default, the HASP Envelope utility overwrites the original unprotected file when saving the protected version of your application. To avoid overwriting your original file, give the protected application a different filename. Type this filename in the Protected File box.

HASP Password Enter the HASP passwords of all HASP stand-alone keys with which you want to protect your application. You can enter up to 3 sets of HASP passwords to protect a single application with up to 3 HASP keys.

HASP Demo Key Check this box to enter the passwords of a HASP demo key automatically.

Use HASP4 Security Features

Check this box to use the enhanced security features of HASP4If you need to maintain compatibility with the HASP-3 generation of keys, you should not use this feature.

Executable Type The HASP Envelope tries to detect the executable type automatically. If it cannot detect the type of executable, this box will have the value Unknown Type.

Overlay File Check this box if the file to be protected contains overlays or extra data appended to the executable. Also creates a loader for DOS applications that exceed the maximum DOS size memory.

Target Computer Default: IBM PC and compatiblesSpecify the type of computer on which the application will run. If your target computer is an NEC, change the value accordingly to NEC.

NetHASP Passwords

When protecting with HASP4 Net, enter the passwords you received with your HASP4 Net key.

NetHASP Demo Key

Check this box to enter the passwords of a HASP4 Net demo key automatically.



Program Number Default: 1With just a single HASP4 Net, you can protect multiple applications. Assign a unique program number from 1 to 112 for each application you protect with HASP4 Net. Make a note of this number. You will need it later to save program protection parameters when programming HASP4 Net keys for your clients

Number of Licenses

When protecting with HASP4 Net, assign the number of application licenses in this box. This number is saved to the HASP4 Net memory. Type a number in this box or use the arrow keys to set it. Check the Unlimited option to assign an unlimited number of licenses.Possible values are dependent on the HASP4 Net model. You can assign every value from 0 up to the number of the model, for example 0 to 5 for a HASP4 Net 5 key. To save the number of licenses in the HASP4 Net memory, click Save Parameters when prompted after implementing Envelope protection.

Number of Activations

When protecting with HASP4 Net, assign the number of application activations in this box. This number is saved to the HASP4 Net memory.Type a number in this box or set it with the arrow keys. Check the Unlimited option to assign an unlimited number of activations.To save the number of activations in the HASP4 Net memory, click Save Parameters when prompted after implementing Envelope protection.

NetHASP Configuration File

Default: nethasp.iniYou can specify the name of a configuration file for the HASP4 Net system. To look for a file, click Browse. For more information about the HASP4 Net configuration file, refer to "Customizing the HASP License Manager" (page 258).If the application finds a configuration file, it reads the file and uses the information contained in it. If not, the application uses default values.

Option Description



Options Tab

The Options tab contains additional protection settings.

Figure 4.4 HASP Envelope Options Tab



Table 4.2 HASP Envelope Option Tab Options

Option Description

Use Full Authorization System (FAS)

Default: DisabledYou can use the Full Authorization System (FAS) with a HASP4 M1, HASP4 M4, or HASP4 Time. For more information about FAS refer to "Saving FAS Parameters" (page 59). To use FAS, check the Use Full Authorization System box.As FAS is an integral part of the HASP4 Net protection system, HASP4 Net FAS parameters are entered in the HASP4 Net Parameters frame on the Main tab.

Application Program Number

Default: 1If you are using a HASP stand-alone memory key to protect multiple applications with FAS, assign a unique number to the application. Make a note of this number. You will need it later to save program protection parameters when programming HASP keys for your client.Possible values are 1 to 16 for HASP4 M1, 1 to 112 for HASP4 M4 and 1 to 8 for HASP4 Time.

Number of Application Activations

If you are using a HASP M1 or HASP4 M4 in conjunction with FAS, enter the number of application activations in this box.Type the number of activations in the box or use the arrow keys to set it. Check the Unlimited box to permit an unlimited number of activations of the application.To save the number of activations in the HASP memory, click Save Parameters when prompted after implementing Envelope protection.

Application Expiration Date

If you are using a HASP4 Time in conjunction with FAS, enter the date after which the application will stop running. Click Date and select the month, day and year.To save the expiration date in the HASP4 Time memory, click Save Parameters when prompted after implementing Envelope protection.

Perform Background HASP Checks

Default: DisabledBy default, the HASP system checks for the presence of a key once when the application is loaded. If you want to repeat the check during run time, add background HASP checks. To enable this feature, mark with a check the Perform Background HASP Checks box.



Interval in Seconds When you use the Background HASP Checks option, you must specify at what interval the system checks for the key. Type a value representing the interval in seconds.

Anti Debug and Reverse Engineering

Default: EnabledWith this feature you can increase the protection level by keeping users from running your program with a debugger and by adding additional anti-debugger modules to your program file. To add a debugger detection, mark with a check the User Mode Debugger Protection box.To add additional anti debug modules, move the slider marked Anti Debug Modules to the right.

Use HASP ID Number

Default: DisabledUse this box to ensure that the protected application runs only if the HASP with the specified ID number is connected to the computer. To incorporate this option, mark with a check the Use HASP ID Number box. This option is available exclusively for HASP stand-alone memory keys.You can enter the appropriate ID number of a key in one of two ways:

� Click Let Envelope Detect HASP ID to read the ID number of the HASP key currently attached to the port.

� Click Enter HASP ID Manually to open a box in which you can manually enter the HASP ID number you previously determined using the HaspEdit utility. The ID number is a 32-bit unsigned integer which must be entered in hexadecimal form. With this method, you do not need to connect the HASP containing the specific ID while protecting. When protecting with more than one HASP key, use the ID number of the key for which the HASP passwords were entered in the first password box. The ID numbers of the other keys will not be checked.

Encrypt Program File

Default: EnabledThis feature allows you to add additional protection by scrambling the program file. Applications which write to their application file during run time should not be scrambled.

Option Description



Encryption Key (decimal)

The scrambling process requires several encoding keys chosen at random by the HASP Envelope utility. To ensure maximum security, you can set one of these scrambling keys to a number of your choice between 0 and 65535

Encryption Level You can specify the frequency of HASP key access for scrambling. Move the Encryption Level slider to the right to increase the frequency.

Protection Methods

In the Protection Methods frame, you indicate which method of protection you would like to use. You can use the Envelope method, incorporate Pattern Code Security, or both. When you click the Protect icon or choose Protect Application from the Envelope Tools menu, you implement the protection methods you indicated in this box.

Install HASP Envelope

Default: EnabledCheck the Install HASP Envelope box to implement the Envelope protection method. Envelope protection will take effect when clicking the Protect icon or selecting Protect Application from the Envelope Tools menu.

Install Pattern Code Security (PCS)

Default: DisabledCheck the Install Pattern Code Security (PCS) box to install PCS and enhance security. PCS will take effect when clicking the Protect icon or selecting Protect Application from the Envelope Tools menu.

Advanced Options Default: DisabledClick this button to access the DOS Advanced Options window.This is applicable for protected DOS applications that exceed 640 KB of allotted memory. The advanced options window contains information on the loader application. For more information on the loader see the HASP Envelope help file.

Switches In the Switches field you can enter additional protection parameters by using HASP Envelope command-line switches.

Option Description



DataHASP Tab

Use the DataHASP tab to protect data files. On the DataHASP tab, you can do the following:

� Specify the data files you want to encode

� Specify which encoded data files should be decoded during run time by your protected application

� Encode the data files

In addition to encoding the data files, you need to specify which application is authorized to decode them and protect that application. Do this by entering values in the appropriate boxes on the Main tab and other relevant tabs and protecting the application.

Alternatively you can build your own application and call API services 60, 61, 88 or 89 to encode and decode any data file opened by your program in whatever way you choose.

Never encode the same file twice. If you do, the software will not be able to restore it.!



Figure 4.5 HASP Envelope DataHASP Tab:



Table 4.3 HASP Envelope DataHASP Tab Options

Option Description

Data Files to Decrypt at Run Time

Enter the filename or file patterns of data files that your application should decode at run time. Also enter exceptional data files (from among those files specified for decoding) which your application should not decode.For example, consider an application that accesses all your encoded data files having an *.adb format. Suppose that the same application needs to access the file xyz.adb, which is not one of your encoded data files, but rather a file supplied by your application�s environment. In this case, in the Decrypt box enter *.adb. In the Do Not Decrypt box, enter xyz.adb. This instructs your protected application to decode all data files with an adb extension, except for the file xyz.adb.

Decrypt Type the files to decode at run time (represent them in the standard way, or using wildcards, i.e. *.*, or aa??.txt)

Do not decrypt Type the files (from among those files specified for decoding) not to decode at run time (represent them in the standard way, or using wildcards, i.e. *.*, or aa??.txt)

Protection Parameters

By entering protection parameters, you set the encoding key used to encode data files

Encryption Key Enter up to 8 characters in the Encryption Key box. These will become part of the encoding algorithm.

HASP Passwords for Encryption

The passwords of your HASP key, which you enter in the Main tab, automatically appear in the HASP Passwords for Encryption box. Only the HASP key to which these passwords belong will open the protected data files.



Data Files to Encrypt

Before encoding data files, make sure you have set the Protection Parameters in the DataHASP tab.

Never encode the same file twice. If you inadvertently do so, the software will not be able to restore the settings.

Input Data Files to Encrypt

Type the files (with their paths) to encode or click Add to choose files from directories.

Output Encrypted Data Files

DataHASP copies the filenames listed in the Input Data Files to Encrypt box and places them in a new directory. The new default file path automatically appears here.

Option Description

!

After supplying the encoded data files along with the protected application to the end user, you can send new encoded data files. Simply encode the data files, making sure that they are named so that they fit the patterns of the Data Files to Decrypt at Run Time boxes. If they fall outside these patterns, you must fill in all the boxes of the DataHASP tab and re-protect your application, remembering to include all the data files (the old and the new) in the Data Files to Decrypt at Run Time boxes.



Error Messages Tab

This tab lists the error messages which appear when a problem occurs during run time. You can edit these messages. For example, you can write the messages in another language in the boxes provided, if you want.

Figure 4.6 HASP Envelope Error Messages Tab



HASP Envelope Command-Line SwitchesProtecting with the Envelope using command-line switches can save you time and keystrokes. Switches also enable you to execute HASP Envelope protection from batch files without going through the HASP Envelope utility screens. You can run the DOS, Win16 and Win32 Envelopes from the command-line using switches.

Table 4.4 HASP Envelope Engines

The following table lists the various HASP Envelope command-line switches. You can use these switches with any Envelope, unless otherwise specified.

Table 4.5 HASP Envelope Switches

HASP Envelope Engine Executable Name

DOS Envelope Instdos.exe

Win16 Envelope Instw16.exe

Win32 Envelope Instw32.exe

Switch Operation

-c Specify number of anti debug modules (1-50). For the Win 16 and the Win 32 Envelope only.

-cfgfile <filename> Load a configuration file and use the parameters which were saved in it.

-createcfg <filename>

Create a configuration file. For the Windows and Win32 Envelopes.

-dhfilter <filename>

Files or file patterns to decrypt at run time (standard representation, i.e, *.* or aa??.txt). A maximum of 8 files or file patterns can be specified. For the Win32 Envelope only.



-dhfilterx <filename>

Files or file patterns not to decrypt from among the file patterns chosen for decrypting at run time (standard representation, i.e, *.* or aa??.txt). A maximum of 8 files or file patterns can be specified. For the Win32 Envelope only.

-dhkey <key> Specify an encryption key for data files (up to 8 characters in length). For the Win32 Envelope only.

-drvwait <seconds>

Increase the time interval for searching for a driver. Possible values 0 to 255. For the Win32 Envelope only and only applies to Windows NT/2000/XP/Server 2003.

-enc Default. Encrypt the file during protection.

-enclevel Encryption level for data encryption (1-5). For the Win 16 and the Win 32 Envelope only.

-exsecnum <num> Do not encrypt section number. For the Win32 Envelope only.

-fas Use the Full Authorization System.

-fasprgnum <prog number>

Specify the Full Authorization System program number.

-h3pass <pass1> <pass2>

Specify the HASP passwords.

-hasp4 Use the HASP4 security features for the Win16 and Win32 envelopes.

-help or -? Display a list of all switches, with brief explanations of each one and then exit.

-highsecoff Disable high security level. Default for protection with a HASP4 Net key and necessary for 286 processors and lower. For the DOS Envelope only.

Switch Operation



-highsecon Enable high security level. Default for protection with a HASP stand-alone key. For the DOS Envelop only

-interval <value> Specify an interval for background checks in seconds.

-loader<filename> Specify a loader filename when protecting an application with overlays For the DOS Envelope only.

-loginprocess Activates the per-process method of logging into a HASP4 Net key. Available only for the Win32 Envelope.

-loginx Use with applications that do not perform automatic HASP4 Net Logout (e.g., Visual Basic). For the Win32 Envelope only.

-mhid <IdNumber>

Specify the HASP ID number of the HASP4 M1, HASP4 M4 or HASP4 Time.

-mhpass <pass1> <pass2>

Specify the HASP4 M1, HASP4 M4 or HASP4 Time passwords.

-netcfg <filename> Specify a HASP4 Net configuration filename.

-nhpass <pass1><pass2>

Specify the HASP4 Net passwords.

-nodbgcheck Disables debugger detection. For the Win32 Envelope only.

-noenc Do not encrypt the file during protection.

-nofas Default. Do not use the Full Authorization System.

-nohasp4 Disable the HASP4 security features.

-norandomsize Disables the Random File Size option. For the DOS Envelope only.

Switch Operation



-nores Increase compatibility for resident DOS programs. This switch disables background HASP checks. For the DOS Envelope only.

-nospecial Default. Use the applications that do not contain overlays. Identical to: Special Overlays Mode = NO. For the DOS Envelope only.

-novir Disable automatic virus protection. For the DOS Envelope only.

-out <filename> Rename the protected application file.

-ovl Handle overlays. For the Win32 Envelope only.

-pcs Install PCS in batch mode.

-prg <filename> Specify the application file to protect.

-prgnum <program number>

Specify the program number. (With the Windows and DOS Envelopes, for FAS or HASP4 Net; with the Win32 Envelope, for HASP4 Net only).

-quiz <intensity> Specifies how often random data are encrypted and decrypted using the HASP key. Possible values 0 to 50. For the Win32 Envelope only.

-randomsize Default. Enables the Random File Size option. For the DOS Envelope only.

-special Handle overlays and DOS extenders. Identical to: Special Overlays Mode = NO. For the DOS Envelope only.

-special1 Alternative overlay handling. Identical to: Special Overlays Mode = YES - Method 1.For the DOS Envelope only.

-vir Default. Automatic virus protection. For the DOS Envelope only.

Switch Operation



Additional HASP4 Net Information

Protection for Networks and Stand-Alone MachinesHASP Envelope allows you to protect your application for both network environments and stand-alone machines.

When you activate an application protected for both networks and stand-alone machines, your application performs the following checks:

� First, the application checks that a HASP stand-alone key is connected to the computer that activated the application.

� If the application does not find a HASP connected to the computer, it searches the network for a HASP4 Net key.

To enable HASP Envelope protection for both networks and stand-alone machines, enter the passwords of both a HASP4 Net and a HASP stand-alone key in the correct password boxes.

HASP4 Net Idle TimeFor an Envelope-protected application, the default time span after which a station is considered idle is the default idle time of the HASP License Manager.

HASP4 Net Logout for Win 16 ApplicationsThe envelope automatically adds a HASP4 Net Login at the start of the program, and a HASP4 Net Logout when the application ends. However, if the application is Win16 and the protocol is TCP/IP only, the logout is not automatically performed. To ensure that the automatic logout is added in these cases, make sure one of the other supported protocols is installed.



HASP Envelope for Mac ApplicationsHASP Envelope protection can be implemented for Mac applications using HASP4 keys. HASP Envelope forMac is an OS X terminal utility that enables you to protect Mac Carbon applications.

Protecting Mac Applications

You protect Mac applications by:

a. Defining and storing protection parameters in a configuration file.

b. Accessing the configuration file during the protection session.

The HASP Envelope configuration parameters are detailed in the HASP Envelope for Mac Applications help file available on the HASP CD.

Once protection parameters are defined and stored in the configuration file, you activate the Envelope as follows:

InstMac --cfgfile <configuration filename>

You can run the HASP Envelope only on an OS X terminal. However once you have protected your applications with the Mac Envelope engine, the resulting carbon executables can be run on both OS 9 and OS X systems.

<configuration filename> is the name of the configuration file containing your settings.!



HASP Envelope for LinuxHASP Envelope protection can be implemented for Linux applications using HASP4 keys. HASP Envelope forLinux is an X86 terminal utility that enables you to protect Linux applications.

Protecting Linux Applications

You protect Linux applications by:

a. Defining and storing protection parameters in a configuration file.

b. Accessing the configuration file during the protection session.

The HASP Envelope configuration parameters are detailed in the HASP Envelope for Linux Applications help file available on the HASP CD.

Once protection parameters are defined and stored in the configuration file, you activate the Envelope as follows:

InstLinux --cfgfile <configuration filename>

You can run the HASP Envelope only on SuSE 7.X and 8.0 terminals. The resultant executables can only run on X86 and Itanium (32-bit emulation mode) platforms.

<configuration filename> is the name of the configuration file containing your settings.!



Frequently Asked QuestionsIn addition to the FAQs listed below, an extensive list of solutions to both general and specific Envelope-related questions is provided in the Aladdin Knowledge base available at:

http://www.hasp.com/kb2

Please contact your local HASP representative for access passwords and further details.

Question How long does it take to load an Envelope-protected application into memory?

Answer Depending on the size of the application and computer performance, loading time increases by several seconds only.

Question Does HASP anti-debugging interfere with normal PC operation?

Answer No. The HASP anti-debugging mechanism is completely transparent and has no affect on application execution.

Question Does the HASP Envelope check for the key during the application�s run time?

Answer Yes. HASP Envelope can implement a series of background HASP checks while the application runs. For additional information, see Perform Background HASP Checks in the "Options Tab" (page 64).



Question Can I use a HASP Envelope to protect with a HASP4 M1 or a HASP4 M4 and a HASP4 Net?

Answer Yes. Enter the passwords of your HASP4 M1 and HASP4 M4 keys and HASP4 Net keys and the values of the additional boxes relevant to both types of keys. After protecting, the protected application will first search for the HASP4 M1 or HASP4 M4 on the computer at which the application is activated. If a HASP4 M1 or HASP4 M4 is not connected, the protected application will search the network for the HASP4 Net key.

Question When do I need to specify a program number when using HASP Envelope?

Answer With HASP4 Net, always! With HASP4 M1 or HASP4 M4, only when you implement the Full Authorization System.


Part 2 - Chapter 5

Accessing Keys withHaspEdit

HaspEdit is an application which lets you access your HASP keys.

HaspEdit is available for Mac OS 9.x and Mac OS X and for Windows 95/98/ME/NT/2000/XP/Server 2003.

The keys programmed with one of the HaspEdit applications can be used on all supported platforms. Alternatively, you can use the HASP API to program your HASP keys.

Use HaspEdit to perform two main types of operation:

� Prepare for application protection by encoding data and retrieving the HASP ID number.

� Program your HASP keys and prepare them for distribution to clients by editing the HASP memory, setting protection parameters and the HASP4 Time real-time clock.


Accessing Keys with HaspEdit Part 2 - Chapter 5

HaspEdit for WindowsThis chapter explains the use of HaspEdit for Windows in performing the main operations. For detailed information refer to the online help.

Activating HaspEdit

To load HaspEdit:

1. Connect the HASP key to your computer.

2. Choose HaspEdit from the HASP CD menu in the Windows Programs directory. The HaspEdit window appears:

3. Start a new HaspEdit session, or open an existing HaspEdit configuration file if you have one saved in your computer.

Do not connect more than one HASP key with the same passwords while using HaspEdit because you can only write to one key at a time.HaspEdit does not distinguish between different connected keys with the same developer code and could as a consequence mistakenly destroy data stored in one or more of them.

!


Using HASP Tools Accessing Keys with HaspEdit

HaspEdit Configuration FileA HaspEdit configuration file stores HASP parameters set using HaspEdit. In the configuration file, you save details of the HASP model you are using, the key�s passwords, its ID, its memory image and FAS protection parameters. Saving the details of your HaspEdit session is useful if you want to program multiple keys with the same information.

When you choose Save from the File menu, you save the HASP parameters to a file and not to the HASP key. The name of the configuration file then appears in the HaspEdit utility�s title bar.

Before closing, HaspEdit asks you whether or not to save the current HaspEdit parameters to the configuration file

When you activate HaspEdit, you can either start a new HaspEdit session, or load a previous session by opening a configuration file.

Starting a New HaspEdit SessionTo start a new HaspEdit session:

1. Choose New HaspEdit Session and click OK.

The HASP Password dialog box appears

2. Enter the HASP passwords. If you are evaluating a HASP demo key, check the A Hasp demo key box in order to enter the HASP demo passwords automatically.

3. Click OK.

If the passwords entered match those of the key connected, the Configuration window is displayed. You can now use HaspEdit.

The HaspEdit configuration file contains your secret passwords. Regard this file as if it were your source code and keep it in a safe place.

!



Opening an Existing HaspEdit Configuration File

To open an existing HaspEdit configuration file:

1. Choose Open HaspEdit Configuration and click OK.

The Open dialog box appears.

2. Select or enter the name of the configuration file to open.

3. Click Open.

If the passwords and model of the key saved in the configuration file match those of the key connected, the Configuration window is displayed. You can now use HaspEdit.

HaspEdit Configuration WindowThe Configuration window appears when you start a new HaspEdit session or open an existing HaspEdit configuration file. When you close this window, you are prompted to end the current HaspEdit session

Figure 5.1 HaspEdit Configuration Window.

The HaspEdit configuration Window displays the following information:

� The HASP model.

� The passwords of the HASP key. The passwords can be viewed or hidden by checking Passwords in the View menu.

� The unique ID number of the HASP key.



Preparing for Application Protection

Use HaspEdit to prepare for application protection by encoding data for use in your application and by retrieving the unique HASP ID number.

Encoding Data

This function allows you to encode data using a HASP4 key. After encoding, you can use the encoded data in your application and decode it during runtime using the appropriate HASP API function.

To encode data:

1. Choose Encoding from the HASP Tools menu or click the Encode icon. The Encode window appears:

2. Enter or select the source of the data you would like to encode. You can encode data from the windows clipboard or a file, or you can type a string directly at the keyboard.



3. Enter or select the name of a binary destination file for the encoded data (optional).

4. Enter the name of an ASCII destination file or choose Clipboard for the encoded data (optional).

ASCII-encoded data has the following appearance:

5. Select your programming language.

This option will produce an include file for your programming language, so you can use the encoded data easily within your application.

6. Click Encode to start the process.

Binary output data cannot be pasted into a text editor, since the characters are non-printable.

Theoretically, you can encode or decode up to 4GB of data in a single call. Please note that HaspEdit needs to allocate buffers to encode and decode the data. This means that the restrictions on the HaspEdit encoding/decoding feature are related to the amount of RAM and hard disk space on your computer.



To decode data:

1. Choose Decoding from the HASP Tools menu or click the Decode icon. The HASP Decode window appears:

2. Enter or select the name of a binary source file containing the encoded data you would like to decode.

3. Enter or select the name of a binary destination file for the decoded data.

4. Press Decode to start the process

Retrieving the HASP ID Number

With HASP Edit, you can retrieve the HASP ID of HASP4 keys with memory. The HASP ID is unique to every key. You can incorporate a check for this number into your application using HASP Envelope or API. Check for a specific HASP ID in your protected application using service 6 (HaspID).



To check the ID number of a HASP memory key:

1. Connect the HASP key to your computer.

2. Choose HASP ID from the HASP Tools menu or click the ID icon. The HASP ID window appears:

The window displays the ID number (an unsigned, 32-bit integer) in hexadecimal and decimal format and as two short, 16-bit words.

3. If you choose to protect with the HASP Envelope, note the ID number displayed in hexadecimal format. You can later enter it into the HASP Envelope.

4. If you choose to protect with the HASP API, note the ID low word and the ID high word and compare them with the values the hasp( ) routine returns in Par1 and Par2 of Service 6: HASP ID. Alternatively, note the ID number and compare it to the value you calculate using the formula found in Service 6.

To copy contents of the HASP ID window, select Copy from the Edit menu.



Setting Protection Parameters with FASThe Full Authorization System (FAS) enables you to lease your software, distribute demo versions of your application and protect multiple applications with a single HASP memory key.

Implementing FAS is optional when protecting with HASP4 M1 or HASP4 M4, and is implemented with the Envelope. However, FAS is required with HASP4 Net and is implemented via the HASP Envelope and/or the HASP API.

You can implement FAS only with HASP4 keys with memory.

This section describes how to program HASP keys if you are using FAS.

FAS Program List

With FAS, you create a list of applications to protect and set the protection parameters for each.

Use FAS to authorize the following up to:

� 16 applications using a single HASP4 M1

� 112 applications using a single HASP4 M4

� 8 applications using a single HASP4 Time

� 112 applications using a single HASP4 Net

Use HaspEdit to assign each application on the FAS program list a unique program number which identifies it and to set protection parameters.

FAS Protection Parameters

With HaspEdit, you specify protection parameters for each program on the FAS program list. The parameters you specify depend on the HASP model you are using.

Use FAS to do the following:

Comments written in MemoHASP FAS Editor are saved in the HaspEdit configuration file and not in the key�s memory.



� Limit the number of activations for each application protected with a HASP4 M1 or HASP4 M4.

� Set expiration dates after which applications protected with a HASP4 Time cannot run.

� Limit both the number of stations which can run a HASP4 Net protected program simultaneously and the number of activations for each application.

Use HaspEdit to set and/or edit the protection parameters for each program. Once you set protection parameters for each program, write the program list and protection parameters to the HASP memory.

The next sections describe how to edit the FAS program list for each of the different HASP memory keys.

Setting the FAS Program List for HASP4 M1 and HASP4 M4

Use FAS to limit the number of allowed activations for each application protected with HASP4 M1 and HASP4 M4.

To set the FAS program list for HASP4 M1 or HASP4 M4:

1. Choose Full Authorization System (FAS) from the HASP Tools menu and click MemoHASP, or click the FAS icon. The MemoHASP FAS Editor window appears:

Make a note of the number assigned to each program. In the Envelope utility, you use this number to specify the program you are protecting.



2. Click Add to add the program(s) you want to protect. The Add Program window appears.

3. In the Program box, enter a program number unique to the program you are protecting. The number can be from 1 to 16 for HASP4 M1, or from 1 to 112 for HASP4 M4. The program number should be identical to the number you assign your program when you protect it with HASP Envelope.

4. In the Activations box, enter the maximum number of allowed activations for the application. Check Unlimited to allow an unlimited number of activations.

5. In the Comments box, add information identifying the program, such as its filename and any further relevant comments.

6. Click OK. The program is added to the MemoHASP FAS Editor list.

7. Click Write. The Write HASP Memory window appears.



8. Save changes to the HASP key. You can either:

� Click Write to save all the changes to the memory.

� Check Write Selected Programs Only to save only the selected programs to the memory, click Write.

All changes to the memory are initially shown on screen in red. Clicking Write saves the changes to the HASP key. All data written to the key appear in blue.

Setting the FAS Program List for HASP4 Time

Use FAS to set an expiration date after which the HASP4 Time protected application(s) will stop running.

To set the FAS program list for HASP4 Time:

1. Choose Full Authorization System (FAS) from the HASP Tools menu and click TimeHASP or click the FAS icon. The TimeHASP FAS Editor window appears:



2. Click Add to add the program(s) to protect. The Add Program dialog box appears:

3. In the Program box, enter a program number unique to the program you are protecting. The number can be from 1 to 8. The program number should be identical to the number you assign your program when you protect it with the Envelope

4. In the boxes provided in the Program Expiration Date frame, enter the day, month and year of the application�s expiration date. Click the Unlimited Date box if you do not want to set an expiration date.


6. Click OK. The program is added to the TimeHASP FAS Editor list.


8. Save changes to the HASP4 Time key. You can either:



All changes to the memory are initially shown on screen in red. Clicking Write saves the changes to the HASP4 Time key. All data written to the key appear in blue.



Setting the FAS Program List for HASP4 Net

Use FAS to set the number of stations that can run the program simultaneously and to set the allowed number of activations for each of the applications protected with HASP4 Net..

To set the FAS program list for HASP4 Net:

1. Choose Full Authorization System (FAS) from the HASP Tools menu and click NetHASP or click the FAS icon. The NetHASP Program Editor appears:

2. Click Add to add the program(s) to protect. The Add Program dialog box appears.

FAS must be used whenever you use a HASP4 Net key, even when protecting a single program.



3. In the Program box, enter a program number unique to the program you are protecting. The number can be from 1 to 112. The program number should be identical to the number you assign your program when you protect it with the HASP Envelope or the HASP API

4. In the Stations box, enter the maximum number of stations allowed to use the program simultaneously.

5. The maximum number possible depends on the HASP4 Net model number. HASP4 Net5 allows up to 5 stations; HASP4 Net10 allows up to 10 stations, and so on. If using HASP4 NetU, check the Unlimited box to allow an unlimited number of stations.

6. In the Activations box, enter the allowed number of activations for the application or check the Unlimited box to allow an unlimited number of activations.


8. Click OK.

9. The program is added to the NetHASP Program Editor list.


11. Save changes to the HASP4 Net key. You can either:



All changes to the memory are initially shown on screen in red. Clicking Write saves the changes to the HASP4 Net key. All data written to the key appear in blue.

Note: It is recommended that the number of stations not exceed 200.



Editing the HASP MemoryWith HaspEdit you read and write to the HASP memory and save passwords, a customer�s name, parts of your program code or any other data.

Navigating in the HASP Memory Editor Windows

All HASP Memory Editor Windows are navigated similarly. Use the mouse to move from field to field in the window and the buttons to perform different operations.

You can view in the Offset box the position number of the selected word in memory. Enter the position number of a word in this box to select it for editing.

Click Hex (hexadecimal) or Decimal to choose the format in which to enter data in the left pane. Enter data in ASCII format in the right pane. Use the mouse to toggle between the two panes.

Press PageUp and PageDown to move between pages of HASP4 M4, HASP4 Time and HASP4 Net memory.

All changes to the memory are initially shown on screen in red. Clicking Write saves the changes to the key. All data written to the key appear in blue.

The box Location Description indicates the location of words in HASP memory. First, it specifies if a word of memory is located in the User area or FAS area. If the word is in the FAS area, it shows the program number (i.e., (P1) for program 1 or (P2) for program 2, etc.) associated with the selected word. Also, it notes if the word is unregistered (meaning that it is not on the FAS program list) or, if it is registered, it places in quotation marks comments you assigned.

Memory not used for FAS can be used to save any additional data of you choice.

If the cursor is located in the FAS area on a word of memory associated with a program whose protection parameters are saved in the FAS program list, make sure not to overwrite the word with your own data.

!



Editing HASP4 M1 and HASP4 M4 Memory

Use HaspEdit to edit HASP4 M1 (56 words of memory) and HASP4 M4 (248 words of memory). The first 24 words of memory comprise the User area and can be used to store any data. The remaining words of memory comprise the FAS area.

To edit HASP4 M1 and HASP4 M4 memory:

1. Choose HASP Memory from the HASP Tools menu and click MemoHASP, or click the Memory icon.

The MemoHASP Memory Editor opens and displays the contents of the key�s memory.

2. Edit the memory.

3. Click Write to save changes to the memory.

Editing HASP4 Time Memory

HASP4 Time incorporates two areas of memory: the 16-byte FAS HASP4 Time area and a user area of 248 words.

Follow the instructions under "To edit the HASP4 Time FAS memory" below to edit the 16 bytes section. Follow the instructions in "To edit the HASP4 Time user memory" to edit the 248-word section.



All 248 words make up the user area and can be used to store any data.

To edit the HASP4 Time FAS memory

1. Choose HASP Memory from the HASP Tools menu and click TimeHASP, or click the Memory icon.

The TimeHASP Memory Editor opens and displays the contents of the HASP memory:

2. Edit the memory.

3. Click Write to save changes to the HASP4 Time memory.

To edit the HASP4 Time user memory

1. Choose HASP Memory from the HASP Tools menu and click MemoHASP.



The HASP4 Time Memory Editor opens and displays the contents of the HASP memory.

2. Edit the memory.

3. Click Write to save changes to the memory.

Editing HASP4 Net Memory

Use HaspEdit to edit HASP4 Net (248 word of memory). The first 24 words of HASP4 Net memory comprise the User area and can be used store any of your data. The remaining memory comprises the FAS area

To edit HASP4 Net memory:

1. Choose HASP Memory from the HASP Tools menu and click NetHASP, or click the Memory icon.

Memory not used for FAS can be used to save any additional data of you choice.



The NetHASP Memory Editor opens and displays the contents of the HASP memory:

2. Edit the memory.

3. Click Write to save changes to the HASP4 Net memory.

Setting the HASP4 Time ClockWith HaspEdit you set the HASP4 Time real-time clock. With HaspEdit, you can view and change the time and date of the HASP4 Time clock.

To set the HASP4 Time clock:

1. Choose TimeHASP Clock from the HASP Tools menu.



The TimeHASP Time & Date dialog box appears:

2. Enter the month, day and year in the Date field.

3. Click Write to save the date.

4. Enter the time in hh (hours), mm (minutes) and ss (seconds) in the Time field. To set the real-time clock to the system time, click Get System Time and then click Write.

The HASP4 Time clock uses the 24-hour format (00:00:00 to 23:59:59)

5. Click Write to save the time.

6. Click Close to exit the TimeHASP Time & Date dialog box.



Programming Multiple HASP Keys

After you have protected your application, you can program your HASP keys in preparation for delivery (together with the application) to your customers.

When you program multiple keys, do not daisy-chain them. Instead, save the same memory to the keys one after another using a simple procedure. HaspEdit lets you program multiple keys with the same parameters set in the Memory Editor and FAS Editor using either of the following methods:

� Program Key

� Create Programming Utility

Program Key

When you use the Program Key option, you program each HASP key with the data from the current HaspEdit utility session.

To save HaspEdit memory to multiple keys:

1. Choose Program Key from the HASP Tools menu, or click the Prog icon on the toolbar.

The Multi-key Programming window appears.

2. Click Yes to write the HaspEdit memory to the connected HASP key. The number of keys you have programmed so far is displayed as the Write Count.

3. Remove the currently attached HASP key and connect the next one you want to program.

4. Repeat steps 2-3 until all the keys have been programmed.



Create a Programming Utility

When you create a programming utility, you create a stand-alone executable to program each HASP key with the parameters you set in the current HaspEdit session. When creating the file, make sure to leave open the FAS and/or Memory Editor windows (you can minimize them if you want), because it is with the data in them that the HASP Programming utility generates the executable.

To create a HASP Programming utility:

1. Choose Create Programming Utility from the HASP Tools menu. The HASP window opens:

2. Choose the type of executable in the Application Type frame.

3. Enter a name for the executable in the Utility Name box.

The default name is Haspprog.exe. You can change the name/directory by entering a new one or by clicking Browse.

4. In the Program Caption box (for Win32 GUI applications) or the Program Banner box (for Win32 console or DOS applications), enter a title to appear when the executable is loaded.

5. Click Create.

If an executable of the same name does not already exist, a message confirming creation of the executable appears. Click OK to return to the HASP Programming Utility dialog box.



If an executable of the name specified already exists, a confirmation dialog box appears. Click Yes to replace the file and create a new executable, or click No to return to the HASP Programming Utility dialog box.

You can now run the executable and edit keys.



HaspEdit for MacThis chapter explains the use of HaspEdit for Mac in performing the main operations on Mac OS X. For detailed information refer to the online help.

Getting Started

To start HASP Edit for Mac:

1. Connect a HASP key to your computer.

Do not connect more than one HASP key to the computer while using HaspEdit. The HaspEdit utility can only handle one key at a time.

2. Start HaspEdit. The Password window is displayed.

3. Enter the passwords and confirm with OK.

The passwords for HASP demo keys are inserted automatically by default. To change this setting, choose Preferences from the HaspEdit menu and activate/deactivate the option.

Setting PreferencesYou have the following options when setting preferences for HaspEdit for Mac:

� Change the value with which the memory will be filled when clearing the memory

� Set a root directory for your template files

� Display a warning if the time and date assigned to a HASP4 Time key differ significantly from the system time setting

� Facilitate the use of HASP demo keys by having their passwords inserted automatically

You can also start HaspEdit without connecting a HASP key, e.g. to edit templates.



� Scan for connected keys periodically

To set preferences, choose Preferences from the HaspEdit menu and activate/deactivate the option.

Preparing for Application ProtectionUse HaspEdit for Mac to prepare for application protection by encoding data for use in your application and by retrieving the unique HASP ID number.

Encoding Data

This function allows you to encode data using a HASP4 key. After encoding, you can use the encoded data in your application and decode it during runtime using the appropriate HASP API function.

To encode data:

1. Select Encode/Decode in the navigation tree.

2. Make sure the right HASP key is connected.

3. Enter data or click Load to load a file.

4. Select a format for your output data.

5. Use the mouse or the keyboard to select the section of data you want to encode (at least 8 bytes). Click Encode to encode the data and click Save As to save the encoded data to a file.

Retrieving the HASP ID Number

With HASP Edit, you can retrieve the HASP ID of HASP4 keys with memory. The HASP ID is unique to every key. You can check for a specific HASP ID in your protected application using service 6 (HaspID).

You have the option to edit the file and select sections to encode. If the file size exceeds 1024 bytes you can encode the file but you cannot edit it or select sections.



To retrieve the HASP ID, connect the HASP key to your computer and enter the passwords. The ID number is displayed automatically in the Current HASP view.

You can choose between three different 32-bit and 16-bit representations of the number:

� Hexadecimal

� Decimal unsigned

� Decimal signed

Programming HASP KeysBefore distributing HASP keys to your customers together with the protected application you need to program them. You can fill the memory of the HASP4 keys with data of your choice and/or use the memory for the Full Authorization System (FAS). The keys programmed with HASP Edit for Mac can be used on all supported platforms.

The programming process involves the two main steps:

First you create a master key or a template which serves as a basis for programming a number of keys. You may need to create several master keys or templates in case you are using more than one HASP key type.

After creating a master key or a template, you can start to program your keys for distribution. To program several identical keys quickly, use the multi key programming tool..

Do not connect more than one HASP key with the same passwords while using HaspEdit, because you can only write to one key at a time.

!



Programming a Single HASP Key

To program a single HASP key:

1. Connect the HASP4 key you want to use as a master key. In case the key is not displayed in the Current HASP view, choose Scan for Connected Key from the Edit menu.

2. Enter the passwords for the key.

3. Click the Memory box and edit the memory according to your needs.

The data are colored red until being written to the key or saved to a template file.

4. Click Write to program the key. You can also save the memory image to a template file (see below).

Working with Templates

The HaspEdit template file stores HASP parameters and additional information:

� The HASP key type

� The key's passwords

� The memory image and FAS protection parameters

� Additional comments about the FAS parameters

� HASP4 Time parameters

You use template files to program several HASP keys of the same type with the same memory content.

You have the following options when working with templates:

� Create, rename and delete templates

� Write to a currently connected key from the template view

The HaspEdit template file contains the HASP passwords. Regard it as part of your source code and be sure to keep it safe.

!



� Link comments from a template to a current key view for a better overview

To create a template:

1. Choose New from the File menu.

2. Choose Save as from the File menu.

3. Enter a name for the template and select a folder.

To create a template from a connected key:

1. Connect the key and choose Scan for Connected Key from the Edit menu to scan for it.

2. Choose Save as from the File menu.

3. Enter a name for the template and select a folder.

To program a single key from the template view:

� Connect the key you want to program.

� Select the template.

� Click Write Key.

Using the Multi Key Programming Tool

When you program multiple keys, you save the same memory to the keys one after another using the memory content of a key which has already been programmed or using a template.

To use the multi key programming tool with the memory of a programmed key:

1. Connect and program the key you want to use as a basis.

2. Select Current HASP in the navigation tree.

3. Select Multi Key Programming from the Tools menu.

4. Disconnect the key.

5. Connect a new key and confirm.



6. Repeat steps 4 to 5 for every new key.

To use the multi key programming tool with a template:

1. Select the template you want to use.

2. Select Multi Key Programming from the Tools menu.

3. Connect a key and confirm.

4. Disconnect the key.

5. Repeat steps 3 to 4 for every new key.

Using the Full Authorization System

The Full Authorization System (FAS) allows you to protect multiple applications with a single HASP memory key and to specify the conditions under which each application can be used. With HASP Edit, you specify protection parameters for each program on the FAS program list. The parameters you specify depend on the HASP model you are using.

You have the following options:

� Limit the number of activations for each application protected with a HASP4 M1 (up to 16 applications) or HASP4 M4 (up to 112 applications).

� Set expiration dates after which applications protected with a HASP4 Time cannot run.

� Limit both the number of stations which can run a HASP4 Net-protected program simultaneously and the number of times each application can be activated.

To view the FAS protection parameters:

1. Connect the key or select the template.

2. Choose As FAS List or Split from the View menu.

To set the FAS protection parameters:

1. Connect the key or select the template and click the FAS box.



2. Enter the number of possible activations (HASP4 M1, HASP4 M4, HASP4 Net), stations (HASP4 Net) and expiration date (HASP4 Time).

3. To set the number of activations to unlimited, choose Unlimited from the Edit menu or type U.

Memory usage with FAS

FAS programs are stored in the FAS area of HASP memory. The FAS area starts at word offset 24.

When you use HASP4 M1, HASP4 M4 or HASP4 Net keys, each program protected with FAS requires four bytes (two words) of HASP memory. Each pair of words in the FAS area is reserved for a specific program number. The first two words are reserved for program number 1, the second two words for program number 2, etc.

When you use HASP4 Time keys, each program protected with FAS requires two bytes (one word) of the additional HASP Time memory.

The comments entered in the FAS list are only saved in the template file, not in the key�s memory.




Question I�ve used HASP4 Net to protect a single application. The first 24 words in HASP4 Net memory are not sufficient. What can I do?

Answer The remaining 224 words of HASP4 Net memory are reserved for the protection parameters of the 112 applications you can protect with a single HASP4 Net. Since you are protecting only one application, you can use part of this reserved memory for other purposes.

Question Is HaspEdit the only utility with which I can program my HASP keys?

Answer No. You have several other options for doing so. The first is to create an automatic programming utility with pre-defined protection parameters which you set in the HaspEdit utility. For more information about the programming utility, see page 104. The second option is to write your own program that implements the HASP API and writes data to the HASP memory. For more information about the HASP API, see page 129. Finally, an option called �Program HASP�, which involves saving FAS parameters, is found in the Win32 Envelope utility. For more information about using the HASP Envelope in conjunction with FAS, see "Saving FAS Parameters" (page 59).



Question Can I use HASP keys programmed with HaspEdit for Mac or HaspEdit for Windows on the other platform?

Answer Yes. The keys programmed with one of the HASP Edit applications can be used on all supported platforms. Alternatively, you can use the HASP API to program your HASP keys.


Part 2 - Chapter 6

Assisting End-Users& Vendors

Aladdin DiagnostiXThe Aladdin DiagnostiX utility collects information on deployed keys and the systems on which they are running. This feedback mechanism will help you provide solutions to customers encountering problems related to the protected application.

Your customers can use the Aladdin DiagnostiX utility:

� To check for a HASP key.

� To create a report file that contains data for Aladdin devices and other relevant system information.

� To configure the HASP nethasp .ini file.

� To download an updated driver.

Aladdin DiagnostiX is available for the following environments: Windows 95/98/ME and Windows NT/2000/XP/Server 2003.

When your customers run the Aladdin DiagnostiX utility, instruct them to select the Check HASP tool to check for a HASP key. In addition to HASP device data, customers can use Aladdin DiagnostiX to generate reports containing vital information about their systems.

The Aladdin DiagnostiX utility is divided into three parts:


Assisting End-Users & Vendors Part 2 - Chapter 6

� Menus for creating reports, accessing the Aladdin DiagnostiX settings dialog, the online help system, and for exiting the system.

� The Diagnostic Tools pane contains icons used to activate the analytic and diagnostic tools.

� A display area to view the analytic and diagnostic tools.

The utility diagnoses your system at startup with the System Info diagnostic tool. Results are displayed in the workspace as part of the System Info screen. Your customers can use Aladdin DiagnostiX to update drivers for locally installed keys. These updated drivers are available via the Aladdin FTP site.

To update the drivers:

a. Click the Driver Update button provided under the System Info screen.

b. Follow the on-screen instructions to download and install the new driver(s).

Your updated drivers will not immediately appear in the System Info screen. You must restart the Aladdin DiagnostiX utility to include the new drivers in the system entity list.


Using HASP Tools Assisting End-Users & Vendors

Diagnosing HASP Keys

The Aladdin DiagnostiX utility provides two specific tools for HASP keys:

� The Check HASP tool is used to access and retrieve information on HASP keys.

� The HASP nethasp .ini Configuration tool is used to configure key server access settings for HASP4 Net keys.

Checking for a HASP Key

To check for a HASP key, select the HASP icon in the Diagnostic Tools pane. The Check HASP screen appears in the workspace.

To check for a HASP key

Follow the procedure below to check for a HASP key.

1. Select an Access Mode from the Check HASP screen. The default setting is Check any HASP key.Note: an additional access mode, Use Customized file, will be display if the corresponding DLL has been provided to you by your HASP vendor.

2. If you have selected Check a specific HASP key, please enter the two required passwords for the key in the fields provided.

3. To access keys connected remotely, check Access to HASP LM and enter the program number. This option is only available for checking demo or specific keys.

The HASP passwords are the core of HASP protection concept, therefore you must never reveal them to customers. This option of the Aladdin DiagnostiX utility must therefore only be used by those in your company who know the passwords.



4. If you want data in the HASP memory read and then encoded with a cryptographic algorithm, check Save memory to reports file. This option is not available when you define Access Mode to Check any HASP key.

5. Click OK.

6. Details for the access display in the Key Access History panel of the Aladdin DiagnostiX window.

Key Access History Panel

The Key Access History panel records and tabulates all attempts to access HASP keys. Key access information is displayed sequentially, showing the most recent access first. The table below details the Key Access History panel.

Table 6.1 Key Access History Panel

Column Value Description

Access Mode

local The key was found on a local port

remote The key was found on a remote port

Error No. Relevant error number

Port/Prog. Displays the number of the port to which the HASP key is connected. If a HASP was found and logged in on a remote port with HASP LM, the program number is also displayed. If the HASP key cannot be accessed, (n/a) is displayed.

Key Type The type of HASP key located

HASP ID ID number of the located key

Addit. Info Additional information related to error number displayed above



Configuring HASP nethasp .ini files

Aladdin DiagnostiX enables your customers to quickly configure and create HASP nethasp.ini files and thus speed up communications between their protected applications and HASP4 Net keys. Through the HASP nethasp .ini Configuration screen, your customers have three options for creating an ini file:

� Using an automated file. The file will be created based on information collected at startup. Information contained in the file will be then used to access servers. The first suitable protocol will be used in the following order: IP and then IPX. Only IP server names found at startup will be used.

� Using a default file. In this option, your customers can specify any of the following to be included in the .ini file.

� IP

� IPX

� NetBIOS

If this option is selected, no pre-defined settings for server names will be included in the default .ini file.

� Using a customized file. Aladdin DiagnostiX enables your customers to set particular local and server protocols.

To access the HASP nethasp.ini Configuration screen:

1. Double click the HASP icon in the Diagnostic Tools pane.The HASP nethasp .ini icon appear below the HASP icon.

2. Click on the HASP nethasp .ini icon.The nethasp.ini Configuration screen appears in the workspace.

To Configure an .ini file:

Use the following procedure to configure an .ini file using Aladdin DiagnostiX:



1. Select one of the three methods provided to create the file. If you select the automated options skip steps 2 - 3 and proceed to step 4.

2. If you have selected the default option in step 1, check any or all of the protocols provided. Skip to step 4.

3. If you have selected the customized option in step 1, use the fields provided to define IP and IPX servers. You can manually use command-line parameters or click the corresponding browse button to view and select from a list of available options.

4. Enter the name of the output directory for the .ini file in the Set output directory field. You can also use the browse button to point to the desired directory.

5. Click Create.

Creating Reports

Your customers can use Aladdin DiagnostiX to create reports containing information on the following:

� HASP devices

� System information including Win16 and DOS subsystems

� Information pooled by external reporting tools

� Memory read from HASP keys (encrypted)

If your customers are experiencing a problem with their HASP device or have difficulties in accessing the protected application, they can e-mail the reports to you or to the local HASP technical support staff.

Create Report Settings

The content and format of the reports generated by Aladdin DiagnostiX is set in the Create Report tab of the Aladdin DiagnostiX Settings dialog.

The settings listed below appear in the Create Report tab.



Report format: offers three format possibilities - XML, HTML, and TEXT.

The Aladdin DiagnostiX reporting feature may generate multiple files. To zip the generated files check the Zip all output files box.

To include information on Win16 and DOS subsystems in the generated reports, check the Include Win16/DOS box. Aladdin DiagnostiX will generate two separate report files for each subsystem.

To create a report:

1. Review the settings outlined in the preceding section.

2. Use one of the following methods to create a report.

� Click the Create Reports icon.

� Select Create Report from the Edit menu.

� [Ctrl] + R

� Create Report button under the System Info screen.

A message box appears indicating the contents of the report file and its location.

Linking to External Reporting Tools

Aladdin DiagnostiX allows you to define settings for up to two separate external reporting tools such as msinfo32. The reports generated by these external tools can be zipped and stored in a single file. Use the procedure below to link Aladdin DiagnostiX to external reporting tools:

1. Open the Reporting Tools tab in the Aladdin DiagnostiX Settings dialog.

If you select either the HTML or Text options, an additional XML file will be created containing the read memory of any key detected.



2. Check the Reporting tool 1 box.The Execute and Output File fields should be activated.

3. In the Execute field, either specify the command line path to the target reporting tool, or browse for the tool using the button. Add additional command-line parameters to run the tool in �silent mode� and specify the output DiagnostiX file.

4. Use the Output File field to specify the name of the file generated by the external tool. Specify the path to the destination directory, or browse for the file by clicking the button.

5. To define settings for a second external reporting tool, check the Reporting Tool 2 box and repeat steps 2-4.You can optionally set a time limit for the external tool to generate a report. Check the appropriate box and specify a time limit. If the reporting tool does not generate its report within the allocated time frame, it will be terminated.

6. Click OK to exit.



Aladdin Diagnostix Memory BeamerThe Aladdin DiagnostiX Memory Beamer is a vendor utility that serves as a channel for transferring secured data between vendors and their customers. In conjunction with the Aladdin DiagnostiX tool, the Aladdin DiagnostiX Memory Beamer:

� Enables you to send customized DLLs to your customers.

� Accesses reports generated by the Aladdin DiagnostiX utility.

� Decrypts the HASP memory of deployed keys.

� Prepares decrypted HASP memory to be read using HaspEdit.

Sending Passwords to Your Customers

The HASP passwords are the core of HASP protection concept, therefore you must never reveal them to customers. You can however use the Memory Beamer to �inject� passwords into customized DLL files that can later be supplied to your customers. Once available on your customers� system, these customized DLLs provide an additional means to access a HASP key via the Aladdin DiagnostiX utility.

Follow the instructions below to prepare a DLL with HASP passwords:

1. In the fields provided enter the two HASP passwords.

2. Click Inject.A message box appears confirming that the passwords have been �injected� into a DLL.A DLL file containing the two HASP passwords should appear in your current directory.

3. Send the DLL file to your customer with instructions for them to store the file in the same folder where their Aladdin DiagnostiX utility is located.

Aladdin Diagnostix Memory Beamer is designed for the exclusive use of software vendors and not end users.



Reading Report Files

The Beamer enables you to quickly access and sort reports generated by the Aladdin DiagnostiX utility. The Beamer displays the following information based on information stored in report files:

� Type of HASP key

� Access Type and HASP ID

You can also use the Beamer to decrypt the read memory of a HASP key after providing the required passwords. This memory can then be read via the HaspEdit tool.

Follow the instructions below to read a report file:

1. Open the report file appearing in the Report File field. If the Report field is empty, use the browse button to point to the directory where the report file is stored. Click Open.

2. If the report file contains relevant HASP entries, the Key Type and Access fields should display information.

3. The Beamer can be used to decrypt the memory of deployed HASP keys. If the report file contains the encrypted read memory from the HASP key, enter the two required passwords in the Password fields.

Provide a file name to store the decrypted memory from the report file or use the browse button to point to a desired location.The memory data will be stored as a HED file and can be read using the HaspEdit tool.

The Aladdin Diagnostix Memory Beamer currently only runs on 32-bit operating systems.

If at any time you wish to skip a particular report file and move on the next file, click Skip.

!


Part 3Using the HASP API

This part introduces the HASP API protection methods and strategies. It provides detailed descriptions of all HASP API services.

The chapter "Protecting with the HASP API" (page 129) explains how to use the hasp() routine and gives an overview of HASP API services.

The chapter "Protection Strategies" (page 147) provides you with information on how to maximize your protection.

The chapter "Basic HASP Services" (page 157) describes services relevant for all HASP stand-alone keys.

The chapter "HASP4 Memory Services" (page 167) describes services relevant for all HASP4 M1, HASP4 M4 and HASP4 Time keys.

The chapter "HASP4 Time Services" (page 175) describes services relevant for HASP4 Time keys.

The chapter "HASP4 Net Services" (page 187) describes services relevant for HASP4 Net keys.

The chapter "HASP API Status Codes" (page 217) explains all status codes returned by the HASP system.


Part 3 - Chapter 7

Protecting with theHASP API

The HASP application programming interface (API) is a powerful protection method, the strength of which depends on how you implement it. The more sophisticated and complex your API calls are, the better your HASP protection will be.

You use the API to insert calls to the HASP throughout the application and thus enhance security. You can check for the presence of the HASP key at any point in the application and decide how to respond according to the result of the check. You can also check a HASP memory key for data you stored in its memory.

The manner in which you perform these checks is a crucial and determining factor for security. It is essential, therefore, that you consult the chapter "Protection Strategies" (page 147) for guidelines on how best to do so.

Before protecting with the HASP API, we recommend that you check the API files for your compiler. Each HASP interface includes a sample application demonstrating API usage.


Protecting with the HASP API Part 3 - Chapter 7

Preparing for API UsageTo use the HASP API, you have to install the HASP device driver or a daemon. Refer to "Installing HASP" (page 29) for information on installing the HASP drivers.

Before implementing the API calls in your application, use HASP Edit and/or the API to perform the following tasks.

Encode data for use within your applicationUse the service HaspEncodeData or the HASP Edit utility to encode data. You can decode this data with the API when the correct HASP key is connected.

Edit the HASP memoryThe API enables you to access the memory and read and write data from and to a specified address.

You can use HASP Edit or the services WriteWord, WriteBlock and WriteByte (only HASP4 Time) to write to the memory.

Determine the HASP ID numberHASP memory keys have a HASP ID number. With the API, you can check the presence of a specific HASP by verifying its ID number.

You can use HASP Edit to determine the ID number.


Using the HASP API Protecting with the HASP API

Implementing the HASP APIAfter you have performed the necessary operations using HASP Edit or the API, you are ready to protect your application with the API by incorporating calls to the hasp( ) routine throughout your source code.

Main Stages of Implementation

To implement the API:

1. Examine the sample code that corresponds to your chosen development environment.

2. Add the hasp() call to your source code.

3. Use the API to decode and verify important data that your application uses.

4. On the basis of the output from step 3, carry out any error checking and issue appropriate notification to the user.

5. Repeat steps 2-4 several times, incorporating these checks in the various different modules.

6. Compile your source and link it to the HASP object files or to the supplied library.

7. Use the HASP Envelope utility to add an additional layer of protection to your application.

Using the hasp( ) RoutineUse the hasp( ) routine to incorporate API protection into your application. The hasp( ) routine checks for the presence of a HASP key, encodes data at runtime and accesses the memory of a HASP memory key to perform read and write operations.

The hasp( ) routine is called differently for stand-alone keys and HASP4 Net keys.



Parameters for HASP Stand-Alone Keys

The hasp( ) routine accepts the following nine parameters.

Table 7.1 Parameters for HASP Stand-Alone Keys

Parameters for HASP4 Net Keys

The hasp( ) routine accepts the following nine parameters.

Table 7.2 Parameters for HASP4 Net Keys

hasp (Service, SeedCode, PortNum, Password1,Password2,Par1, Par2, Par3, Par4)

Parameter Description

Service Determines the operation performed by the routine.

SeedCode Used for backward compatibility only.

PortNum Specifies which port to search for the HASP key.

Password 1 First password for the HASP key.

Password 2 Second password for the HASP key.

Par1 to Par4 The values of Par1 to Par4 change according to the service.

hasp (Service, SeedCode, ProgNum, Password1,Password2,Par1, Par2, Par3, Par4)


Service Determines the operation performed by the routine.

SeedCode Used for backward compatibility only.

ProgNum Program number assigned to the protected application in the HASP4 Net memory.



Specifying the Port

You can use the PortNum parameter to specify a parallel port or the USB port number. Applications protected with HASP4 Net search all ports for the HASP4 Net key, so if you are using HASP4 Net, skip this section.

Specifying the Parallel Port

Use the PortNum parameter to specify the parallel port to be searched for HASP stand-alone keys.

If you set PortNum to 0, the protected application automatically searches all parallel ports in the following order: 378h, 278h, 3BCh. The automatic search stops when the application finds the HASP.

You may want to search for the HASP at a specific parallel port or to address a hardware port directly (bypassing the BIOS data area). The following table lists the various values you can assign to PortNum in order to search for a specific port.

Table 7.3 PortNum Values and Ports Searched

Password 1 First password for the HASP key.

Password 2 Second password for the HASP key.

Par1 to Par4 The values of Par1 to Par4 change according to the service.


PortNum Port Searched

0 Automatic search at all ports

1 LPT1 only

2 LPT2 only

3 LPT3 only

101 03BCh only



Specifying the USB Port

Use the PortNum parameter to specify the USB port number. For the purpose of HASP USB enumeration, integers from 201 through 255 are reserved for the USB port. Each port at which a key is attached is assigned one of these 55 numbers in consecutive sequence.

The following example shows how to use HASP USB enumeration:

1. Call the hasp() routine with the IsHasp() service. The value returned in P2 is the number of ports to check for your specific key.

2. Treat the number in P2 as the variable n, where n is the number of USB ports to check.

3. Call the hasp() routine with a HASP API service that reads memory or retrieves the HASP ID number, transferring the first USB port number in the PortNum parameter. You should check for unique data that confirms the identity of a particular key.

4. If the memory of the key at that first port identifies it as the specific key you want, store its USB port number. Otherwise, loop back to step 3 with the next USB port number. In all, loop up to n times.

Later in your code, you communicate with that particular key using its specific port number.

102 0378h only

103 0278h only

201 - 255 Specific HASP on USB port

PortNum Port Searched



Checking for Vital Errors

For HASP stand-alone keys there are two vital error codes to check after every call to hasp(). The relevant codes are returned in p3:

� "HASP not found": error -3. If this error is encountered, prompt the user to attach the (correct) HASP key.

� "Port Busy": error -6. Call the hasp key again after a short pause, or ask the user to wait for the printer or other devices to finish before continuing with the application.

You should also perform one check at the start of your application to establish whether the HASP device driver is installed. Do this by checking the first hasp() call for errors -100, -110 and -111. If either of these are encountered, install the driver and continue the program.



HASP ServicesRefer to Table 7.4 for information on which service to use with the various HASP models.

Table 7.4 HASP Models and Relevant Services

HASP Model Relevant Services

HASP4 Std. Basic HASP services

HASP4 M1, M4 Basic HASP servicesHASP4 memory services

HASP4 Time Basic HASP servicesHASP4 memory services HASP4 Time services

HASP4 Net HASP4 Net services



Basic HASP Services

You can use the basic HASP services with HASP4 Std., HASP4 M1, HASP4 M4 and with HASP4 Time. The following services are available.

Table 7.5 Basic HASP Services

Service

Name Operation

1 IsHasp Check if any HASP is connected to the computer.

5 HaspStatus Check the type of HASP connected to the computer. Check which parallel port has a key connected to it. Check the memory size of a HASP memory key.Check the API version.Return values relate to the first key found with the specified passwords.

8 CheckHaspGeneration Determines whether a connected key is a HASP3 or HASP4.

9 NetHaspStatus Determines what kind of HASP4 Net key is connected.

60 HaspEncodeData Encode data sent to the connected HASP4 key. Use in conjunction with HaspDecodeData to verify that a specific HASP4 key is connected.

61 HaspDecodeData Decode data sent to the connected HASP4 key. Use in conjunction with HaspEncodeData to verify that a specific HASP4 key is connected.



HASP4 Memory Services

You can use HASP4 memory services with HASP4 M1, HASP4 M4 and with HASP4 Time (496 bytes area). The following services are available.

Table 7.6 HASP4 Memory Services

Service Name Operation

3 ReadWord Read one word of data from the HASP memory.

4 WriteWord Write one word of data to the HASP memory.

6 HaspID Get the HASP ID number.

50 ReadBlock Read a block of data from the HASP memory.

51 WriteBlock Write a block of data to the HASP memory.



HASP4 Time Services

You can use HASP4 Time services with HASP4 Time keys.

Use services 74 to 77 to access the 16-byte HASP4 Time memory. Use the HASP4 memory services 3, 4, 50, and 51 to access the 496-byte memory of the HASP4 Time key.

The following HASP4 Time services are available.

Table 7.7 HASP4 Time Services


70 SetTime Set the HASP4 Time clock to a given time.

71 GetTime Get the time from the HASP4 Time clock.

72 SetDate Set the HASP4 Time clock to a given date.

73 GetDate Get the date from the HASP4 Time clock.

74 WriteByte Write one byte of data to the HASP4 Time memory.

75 ReadByte Read one byte of data from the HASP4 Time memory.

76 WriteBlock Write a block of data to the HASP4 Time memory.

77 ReadBlock Read a block of data from the HASP4 Time memory.

78 GetHaspID Get the HASP4 Time ID number.



HASP4 Net Services

You can use HASP Net services with HASP4 Net keys only. The following services are available.

Table 7.8 HASP4 Net Services


40 LastStatus Check the status of the last call. Use this service after each call to the hasp( ) routine.

42 Login Request permission from the HASP License Manager to activate the application.Unless you use services 85 or 96, login must be your first call to the hasp( ) routine.

43 Logout Request HASP4 Net session termination from the HASP License Manager.

44 ReadWord Read one word of data from the HASP4 Net memory.

45 WriteWord Write one word of data to the HASP4 Net memory.

46 HaspID Get the HASP4 Net ID number.

48 IdleTime Set a maximum time frame for idle stations.

52 ReadBlock Read a block of data from the HASP4 Net memory.

53 WriteBlock Write a block of data to the HASP4 Net memory.

85 SetConfigFilename Set name of HASP4 Net configuration file.



88 HaspEncodeData Encode data sent to the connected HASP4 Net key. Use in conjunction with HaspDecodeData to verify that a specific HASP4 Net key is present on the network.

89 HaspDecodeData Decode data sent to the connected HASP4 Net key. Use in conjunction with HaspEncodeData to verify that a specific HASP4 Net key is present on the network.

96 SetServerByName Set the name of the HASP License Manager to which the protected application will perform a HASP4 Net login.

110 LoginProcess Determines whether activations of applications protected with HASP4 Net keys will be decremented per station or per process.

230 GetCurrentServer Retrieves the currently used License Manager address.




Enabling Local and Network ProtectionThe API allows you to protect your application for both network environments and stand-alone PCs.

To enable API protection for both networks and stand-alone computers:

1. Use the basic HASP, HASP memory, and HASP4 Time services to check whether or not the correct HASP stand-alone key is connected to the local port of the computer.

2. If the correct HASP stand-alone key is not found, use the HASP4 Net services to search for the HASP4 Net.



HaspDemo UtilityWith the HaspDemo utility, you can test the HASP API services and the operation of HASP4 Net.

The test utility available is haspdemo.exe for Windows and Win32.

With this utility, you can test HASP keys of all models. The haspdemo.exe is a multi-object sample program that you use to test keys with different versions of the HASP API. Access it by clicking HaspDemo for Win16 or Win32 on the HASP CD menu. You can find the executable under Utility\Haspdemo\Windows\Win16 or Win32

You need to provide passwords for most of the functions in the HaspDemo utility. The core of HASP protection concept are the passwords, therefore you must never reveal them to customers. Haspdemo.exe must only be used by those in your company who know the passwords. Use Aladdin DiagnostiX as a secure communication medium with your customers. See "Assisting End-Users & Vendors" on page 117.

!




Question How long is a HASP check?

Answer With HASP stand-alone keys, a call to the hasp( ) routine takes about 20 milliseconds. A HASP4 Net login takes approximately two seconds, depending on network traffic. Calls to the other HASP4 Net services require approximately half a second. As is clear from these figures, you can issue as many calls to the HASP as you like.

Question How does HASP prevent code tracing?

Answer More than 60% of our routines are designed specifically to prevent tracing the code of the protected application. Naturally, we cannot reveal all our �tricks-of-the-trade�, but below are some samples.

� Grabbing debugger interrupts, making it difficult to activate the debugger itself.

� Special traps for hardware debuggers.

� Hard-to-trace self-generating code.

� Time traps.

� Frequent releases of software upgrades which implement new features and security enhancements.



Question The programming language or compiler I am using is not compatible with any of the HASP supported languages and compilers. How can I protect my software?

Answer In this case, we suggest the following:

� Try using an available HASP interface which uses the same type of object files as your compiler.

� Try using a DLL (for Windows and Win32 applications).

� Consult your local HASP representative. New interfaces are constantly added to the long list of compilers and languages supported by HASP.

� Use the HASP Envelope utility.

Question How can I protect a DLL with HASP?

Answer You can use the Win32 Envelope utility to protect Win32 DLLs, the Win16 Envelope to protect Win16 DLLs, and the HASP API to protect Windows and Win32 DLLs.

There are two options when protecting DLLs with the API:

� Use the object files supplied with the HASP software and link them to your DLL. Incorporate calls to the hasp( ) routine into your application.

� Call the hasp( ) routine from your DLL. The hasp( ) routine is defined in the HASP DLL we supply. Include both your DLL and the HASP DLL when you distribute your application.



Question I�ve used the API to check the HASP ID number. Sometimes, HaspID returns a negative number in IDLow. When I calculate the ID number, I get a different one than that which appears in HaspEdit.

Answer When IDLow is negative, use the following equation to calculate the ID number:

ID number = 65536 + IDLow + 65536 * IDHigh

Alternatively, you can use HaspEdit to check the short (16-bit) fractions of the IDLow and IDHigh words. You can then directly compare them to the IDLow and IDHigh parameters returned by the hasp( ) routine without calculating the ID number.

Question Where can I find a sample program that demonstrates how to implement the API?

Answer There is a sample program on our CD for most of the common compilers. For example, for Visual C++, you can find a sample under win32api\c\for sources, or make files under win32api\c\msc.


Part 3 - Chapter 8

ProtectionStrategies

The HASP protection system includes the best hardware and software protection tools available on the market today. However, a HASP-based software protection system is only as secure as the way in which you implement it. The calls to the hasp( ) routine that you insert into your code ultimately control access to your application. Because the HASP hardware is virtually impossible to break or duplicate, attacks usually focus on tracing the protection code and eliminating the protection routines.

To achieve maximum protection with HASP, use both the Envelope and API protection methods. Each method has its unique features and complements and enhances the other.

To increase software security when protecting with the API, use the techniques outlined in this chapter. This chapter describes the following:

� Attacks on software protection schemes that can be avoided by implementing proper protection techniques.

� Tips for maximizing the security of your protected application.

If you would like assistance in strengthening your application against possible attacks, we can offer a more personalized support service from our team of Aladdin Consultants. They will be able to provide help on a wide range of issues, including protection strategies and implementation techniques.


Protection Strategies Part 3 - Chapter 8

For more information on Aladdin Consulting, please contact your local HASP representative.

Software Protection AttacksThere are two main methods of attacking a protected application:

� Patching calls to the protection routine

� Patching the software of the key manufacturer

To patch calls to the protection routine, you need to change the protected executable so that it does not send requests to the key, verify the results returned by the key, or act according to the results specified in the code.

This kind of attack is used when you assume that protection has been poorly implemented.

To patch the software of the key manufacturer, you need to change the routines responsible for communication with the hardware key. When you change these routines, you ensure that they return the expected results even when the correct key is not connected.

It is important to note that both of these methods are application-specific and cannot be applied as is to other protected applications.

To achieve maximum security, we recommend that you link your applications to HASP objects rather DLLs.


Using the HASP API Protection Strategies

Tips and TricksThis section provides tips and tricks to combat the attacks described in the previous section. Use as many of the strategies as possible to maximize the level of your application�s security.

Keep in mind that when you implement protection, you should do so in a way that considers the implications for legitimate end users of the application. For example, a legitimate user may forget to attach the key to the computer; your protection scheme should take this into consideration. Clever protection strategies combat attacks on your software, not innocent users.

Use Multiple CallsInsert numerous calls to the hasp( ) routine to exhaust those who attack your protected software. Complex multiple calls create great difficulties in following and attacking your protection scheme.

The more calls and return codes checked, the more difficult it is to trace and remove all of them. The calls should be made from as many different places in your code as possible.

Encode Internal and External DataEncode some of the data your application uses and make decoding dependent on the presence of the HASP key.

Encoding your data greatly enhances your application's security. Use the HASP4 ability to encode strings or binary data which will adversely affect program flow if it is decoded improperly. This creates an association between your application and the HASP that cannot easily be removed. Not only will the application have to be cracked to remove or alter all checks to the HASP but also the data will have to be decoded. It is not necessary to encode all the data handled by your application, but certain key data can be encoded. Good choices are file headers, important constants in calculations, or some small fields in a database. Anything that will affect the



main functions of the application is a potential candidate for encoding. Care should be taken to notify the customer that the HASP key is not present to prevent damage to valuable data. When a hacker removes these checks and dialog boxes, the subtle dependency of your application on this data will be revealed.

For simple data sets, the basic process is outlined below. These basic procedures can be modified to suit your requirements.

1. Connect your HASP4 key

Make sure that the HASP4 key that you want to use to protect your application is attached to the computer.

2. Encode the data

Use the HaspEdit utility to encode your data. The output from this process will be a binary file. Alternatively you can choose to create an include file in either VB or C format. This allows you to access encoded values directly within your application.

3. Incorporate the encoded data in your application.

Replace the original clear text data in your application with the include file or the encoded data.

4. Decode the data on demand in your application

Use service 61 - HaspDecodeData to decode the encoded data via the connected HASP4 key. Now you are ready to perform operations on this data. Remember to provide for error checking to warn users if a HASP4 is not present.

Note that �HASP not found� and similar strings should not be encoded using HASP-dependent encoding keys. As these strings are displayed when the HASP is not connected, their proper decoding should not be dependent upon a response from the HASP key. For these types of strings, use an encoding key of your choice and any available encoding method.



Avoid Repetitive SchemesA scheme that repeats itself throughout your code is easy to learn and track. Once your scheme is understood, it becomes obvious what to look for, making any attack that much easier.

Furthermore, if your application consists of multiple protected executables or DLLs, change the protection scheme from one file to another. Use all the HASP services, calling each of them many times, and implementing a different protection scheme with each call. In addition, use the HASP Envelope to protect your executables. The HASP Envelope uses Multi-Layer Envelope technology, which implements a different protection scheme for each executable file.

Avoiding repetitive schemes makes an attack far more time-consuming. Searching and hacking a HASP call should be a new and difficult task each time an attack is planned.

Separate the Call StepsChecking for a HASP involves three main steps:

� Calling the hasp() routine.

� Evaluating the values returned from the protection routine.

� Responding according to the returned values.

To enhance security, code the three steps in different places throughout your software. Separated steps are much more difficult to trace than sequential steps. The response to an unconnected HASP should be delayed and come as a total surprise, nowhere in the vicinity of the actual HASP check.

For example, you can check for the HASP when the user clicks on a specific menu item. Allow the user to work even though a key is not connected. Issue the �HASP not found� message only after an entirely different operation is executed so that the connection between the original HASP check and the response is not apparent.



Encode the HASP MemoryIn addition to the inherently high level of security provided by the ASIC chip, you can further secure the HASP memory by encoding it.

For example, you can use the unique HASP ID number as a key for encoding the HASP memory. During run time, make sure to decode the memory using the HASP ID number.

Since the encoding key is different for each HASP, the run time decoding process is unique for each key. This process provides yet another obstacle in the copying of the HASP memory contents from one key to another, as the HASP ID number cannot be copied. The memory of the �fake� HASP is decoded using an invalid encoding key, resulting in incorrect memory data.

Checksum Your Code Perform a checksum to find out if your application has been tampered with.

To perform a simple checksum:

1. Calculate the checksum.

2. Compare it with the correct value. Please be sure to separate the steps as outlined in "Separate the Call Steps" on page 151.

3. Continue if the two match, otherwise issue an error message.

Unfortunately, the above technique is vulnerable to several attacks.

� The code can be patched and the check bypassed.

� One can force the checksum to return the correct value.

To do so, one must identify the checksum algorithm and use code-patch and breakpoint techniques to compensate for changed bytes.

You can defend against this type of attack by avoiding simple modulo addition or performing a XOR operation. Use CRC (cyclic redundancy check) or another algorithm sensitive to byte ordering.



Another defense technique is to avoid comparing the result of the checksum with a previously calculated value. Instead, use the checksum result to perform an action that results in an error if the wrong value was calculated.

For example, store the result in a variable and use that variable later on as a key to decode a certain code or data. This approach has the advantage of delayed reaction. In addition, the expected checksum value is not explicitly stored in the application.

Use Program Functionality as Response to a Missing HASP Key

There are a range of possible responses you can include in your code when the correct HASP is not connected. The most simple of responses is to insert a �HASP not found� message. However, this implies that a HASP check was performed.

Instead of issuing a �HASP not found� message, devise an interruption to the natural flow of your program if the correct HASP is not connected. For example, instruct the application to stop responding to user input (i.e. the protected application will not respond to mouse clicks) if the correct HASP is not attached, and to resume normal operations if the key is later connected. Only the functionality of the protected application will be affected. Other programs should continue to function. Illegitimate users may think that the difficulty is caused by a bug in the program. They might not realize that a HASP check was performed and that the problem is due to the lack of a HASP key.

Be sure to use program functionality in this way while taking into consideration the legitimate users who have mistakenly forgotten to connect the HASP.

Hide Passwords Hide passwords in the protected application by:

� Scramble them

� Saving them in different parts of the source code



� Comparing the different places where they are saved as a check for tampering

Generate NoiseCall the hasp( ) routine and pass it parameters that have irrelevant values. These values can be produced by random number generators, time values, intermediate results of calculations and more. Of course, these calls to the hasp( ) routine should not lead to any meaningful results and actions. Generating noise causes distractions and poses additional obstacles for anyone who tries to attack your protected application.

Use HASP-Dependent DataWhen using data stored in the HASP memory, you typically check that the value is valid before proceeding. However, the checking process forces you to include the real value that is checked in your application. The value is then accessible to attacks.

To prevent accessing this data, read it and use it in your application without explicitly checking its validity. If the HASP is connected, the value is valid. Otherwise, the value is invalid and results in an error.

For example, instead of checking data read from the HASP memory, you can use it directly to go to a label and perform an operation as described in the following pseudo-code:

BeginGlobal variable FLAG is assigned an initial value.Call the hasp( ) routine with the ReadWord service.FLAG is assigned the value of the data read from the HASP memory (100 in this example).Goto FLAG.........Label 100:



Perform an operation that is required for the correct program flow.

In the above example, when the HASP is connected and the correct value of 100 is read from its memory, the program continues and performs its intended operation by going to label 100. If the HASP is not connected, the program does not reach the designated label and does not perform the requested operation.

This strategy prevents using an IF statement which translates to an Assembly CMP, and is therefore much more difficult to trace.

Use HASP EnvelopeHASP Envelope adds a protective shield around your application. Envelope protection offers file encoding and advanced anti-debugging features which make attacks much more difficult.

If you are protecting a series of executables, the HASP Envelope, with its Multi-Layer Envelope technology, implements a different protection scheme for every executable file. Varying protection schemes makes it much more difficult to understand and hack an application.

Change Your StrategyTo maintain a high level of software security, you should change your protection scheme often. Vary your methods, implementing different security measures for each version of your application. Upgrade your tools of defense regularly.

Aladdin is committed to supplying you with the best protection technology available on the market, and continually enhances its product line. Check the Aladdin web site periodically for information about new features in the HASP protection system and contact your HASP representative for the latest updates on the HASP software developments.

Stay in step with Aladdin and always keep one step ahead of anyone who tries to attack your software.


Part 3 - Chapter 9

Basic HASP ServicesThis chapter describes the basic HASP API services which are applicable to HASP4 Standard, HASP4 Time HASP4 M1 and HASP4 M4. Each of the services are described in detail.

Table 9.1 on page 158 lists the hasp( ) routine parameters for each service. Each service listed in the following table is assigned two rows:

� The call row, C, lists parameters you pass to the hasp( ) routine.

� The return row, R, lists parameters that the hasp( ) routine returns.

Every call to the HASP routine receives nine input parameters, but not all the parameters are used. Par1, Par2, Par3 and Par 4 are pointers to 32-bit integers in 32-bit systems, and 16-bit integers in 16-bit systems. All other parameters are integers. The values of Par1, Par2, Par3, and Par4 change according to the service.

All parameters are 16 bits in16-bit applications and 32 bits in 32-bit applications..

All unused input parameters are generally ignored. However it is recommended that unused input parameters be set to 0. In 64-bit systems, Par1-4 are pointers to 32-bit integers.


Basic HASP Services Part 3 - Chapter 9

Table 9.1 Basic HASP Services and Parameters

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4

IsHasp (1) C

Port

Num

R

HA

SP

foun

d

Port

Stat

us

HaspStatus (5) C

PortN

um

Pass

word

1

Pass

word

2

RM

emor

y Si

ze

HA

SP T

ype

Act

ual

PortN

um

HA

SP O

bjec

t Ve

rsio

n

CheckHaspGen-eration(8)

C

LptN

um

Pass

word

1

Pass

word

2

R

HA

SP4

foun

d

Stat

us

NetHaspStatus(9) C

LptN

um

Pass

word

1

Pass

word

2

R

Has

p4 N

et

type

Stat

us


Using the HASP API Basic HASP Services

HaspEncodeData (60) C

PortN

um

Pass

word

1

Pass

word

2

0 Buff

er

Size

Buff

er

Segm

ent

Buff

er

Offs

et

R

Stat

us

HaspDecodeData(61) C

PortN

um

Pass

word

1

Pass

word

2

0 Buffe

r Si

ze

Buffe

r Se

gmen

t

Buffe

r O

ffset

R

Stat

us

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4

The Buffer Segment parameter is only relevant for 16-bit applications.



Service 1: IsHaspDescription Check if a HASP is connected to the computer.

Relevant Keys HASP4 Std., HASP4 M1, HASP4 M4, HASP4 Time

Syntax

Parameters Used

Return Values

Comments Service 1, IsHasp, is a service used to check if any HASP is connected to your computer. Always use IsHasp in conjunction with other HASP API services. To verify that the correct HASP (with your developer code) is connected, use Service 61, HaspDecodeData. For a simple presence check, use Service 5, HaspStatus.


Service 1

PortNum Value indicating the ports to search, see �Specifying the Port� on page 133.

Par1

01

A value indicating if a HASP key was found

No HASP is connected to the computer.A HASP is connected to the computer

Par 2 Actual port address, see �Specifying the Port� on page 133.

Par 3 A code indicating the status of the operation. See "HASP API Status Codes" on page 217.



Service 5: HaspStatusDescription Check the type of HASP connected to the computer. Also check

to which port the key is connected.


Syntax

Parameters Used

Return Values


Service 5

PortNum Value indicating the port to search for the HASP.

Password1 First HASP password.

Password2 Second HASP password.

Par1

1 4 0

Memory Size

HASP4 M1HASP4 M4other keys

Par2

0 1 5

HASP Type

HASP4 Std.HASP4 M1 or HASP4 M4HASP4 Time

Par 3 Actual port number, see �Specifying the Port� on page 133.

Par4 HASP Object Version � The current API version.



Comments � To minimize search time, use the value of the Actual PortNum received in Par3, and pass it via the PortNum parameter in subsequent calls to the hasp( ) routine.

� If a HASP4 Net key is connected to a local port, this service identifies it as HASP4 M4. The memory size returned in Par1 is 4, the HASP model returned in Par2 is 1.

� Older TimeHASP-1 keys used to return 3 in Par2. Applications which use such keys should be updated to handle a status of 3 or 5.

� Return values relate to the first key found with the specified passwords.



Service 8: CheckHaspGenerationDescription Checks if connected key is a HASP4 generation key.

Relevant Keys HASP4 Std., HASP4 M1, HASP4 M4, HASP4 Time, HASP4 Net

Syntax

Parameters Used

Return Values

Comments This service only works if reserved input parameters Par1, Par2, Par3, Par4 are set to 0. When Par1 and Par3 returns are 0, a HASP3 with specific passwords is connected.

hasp (Service, SeedCode, LptNum, Password1,Password2,Par1, Par2, Par3, Par4)

Service 8

LptNum Value indicating the port to search for the HASP.



Par1 0 (reserved).

Par2 0 (reserved).

Par3 0 (reserved).

Par4 0 (reserved).

Par1

01

A value indicating whether a HASP4 key was found.

No HASP4 key connected to the computer.HASP4 key is connected to the computer

Par 3 A code indicating the status of the operation.



Service 9: HaspNetStatusDescription Determines what kind of HASP4 Net key is connected.

Relevant Keys HASP4 Net

Syntax

Parameters Used

Return Values

Comments This service only works if reserved input parameters Par1, Par2, Par3, Par4 are set to 0.

hasp (Service, SeedCode, LptNum, Password1,Password2,Par1, Par2, Par3, Par4)

Service 9

LptNum Value indicating the port to search for the HASP.



Par1- Par4 0 (reserved).

Par1 Type of HASP4 Net key connected:

051020501000xffff

No HASP4 Net key attachedHASP4 Net 5 usersHASP4 Net 10 usersHASP4 Net 20 usersHASP4 Net 50 usersHASP4 Net 100 usersHASP4 Net unlimited

Par 3 A code indicating the status of the operation.



Service 60: HaspEncodeDataDescription Encodes data via a connected HASP key.


Syntax

Parameters Used

Return Values

Comments The contents of the program buffer are encoded via the connected HASP and updated in place.

This service can only be used with the HASP4 generation of HASP keys. If a key prior to the HASP4 generation is attached, no data will be encoded and the service will return an error code.


Service 60




Par1 0 (reserved).

Par2 Buffer size. The size in bytes of the buffer to be encoded. The buffer must be at least 8 bytes in size.

Par3 Buffer segment. The segment address of the buffer. Only relevant for 16-bit applications.

Par4 Buffer offset. The offset address of the buffer.

Par 3 Status � A code indicating the status of the operation. See "HASP API Status Codes" on page 217.



Service 61: HaspDecodeDataDescription Decodes data via a connected HASP key.


Syntax

Parameters Used

Return Values

Comments The contents of the program buffer are decoded via the connected HASP and updated in place.

This service can only be used with the HASP4 generation of HASP keys. If a key prior to the HASP4 generation is attached, no data will be decoded and the service will return an error code.


Service 61




Par1 0 (reserved).

Par2 Buffer size. The size in bytes of the buffer to be decoded. The buffer must be at least 8 bytes in size.





Part 3 - Chapter 10

HASP4 MemoryServices

This chapter describes the HASP API services for HASP4 M1, HASP4 M4, and HASP4 Time. Each of the services are described in detail.




Every call to the HASP routine receives nine input parameters, but not all the parameters are used. Par1, Par2, Par3 and Par 4 are pointers to 32-bit integers in 32-bit systems, and 16-bit integers in 16-bit systems. All other parameters are integers. The values of Par1, Par2, Par3, and Par4 change according to the service. A �word� of data contains 8 bytes or 16 bits.


HASP4 Memory Services Part 3 - Chapter 10

Table 10.1 HASP4 Memory Services and Parameter

Due to the fact that Macintosh machines operate in Big Endian and Intel machines in Little Endian, the values of ReadWord and WriteWord are byte-swapped on Macintosh in relation to Intel.Consider this fact when you read and write to a HASP key with these services, or use the services ReadBlock and WriteBlock which operate endian independently.

!

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4

ReadWord (3) C

PortN

um

Pass

word

1

Pass

word

2

Add

ress

R

Dat

a

Stat

us

WriteWord (4) C

Port

Num

Pass

word

1

Pass

word

2

Add

ress

Dat

a

R

Stat

us

HaspID (6) C

Port

Num

Pass

word

1

Pass

word

2

R

IDLo

w

IDH

igh

Stat

us


Using the HASP API HASP4 Memory Services

ReadBlock (50) C

PortN

um

Pass

word

1

Pass

word

2

Star

tA

ddre

ss

Bloc

k Le

ngth

Buff

erSe

gmen

t

Buff

er

Offs

et

R

Stat

us

WriteBlock (51) C

PortN

um

Pass

word

1

Pass

word

2

Star

t A

ddre

ss

Bloc

k Le

ngth

Buffe

rSe

gmen

t

Buffe

r O

ffset

Stat

us

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4


All unused input parameters are generally ignored. However it is recommended that unused input parameters be set to 0.



Service 3: ReadWordDescription Read one word of data from the HASP memory.

Relevant Keys HASP4 M1, HASP4 M4, HASP4 Time

Syntax

Parameters Used

Return Values

hasp (Service, SeedCode, PortNum, Password1, Password2,Par1, Par2, Par3, Par4)

Service 3

PortNum Value indicating the ports to search, see �Specifying the Port� on page 133.



Par1 Address � The HASP memory address you want to read from:

0 to 55 � HASP4 M1 0 to 247 � HASP4 M40 to 247 � HASP4 Time

Par2 Data � One word of data read from HASP memory.




Service 4: WriteWordDescription Write one word of data to the HASP memory.


Syntax

Parameters Used

Return Values


Service 4




Par1 Address � The HASP memory address you want to write to:


Par2 Data � One word of data.




Service 6: HaspIDDescription Determine the HASP ID number.


Syntax

Parameters Used

Return Values

Comments The ID number is a long integer (32 bits). You calculate it as follows, if IDLow and IDHigh are unsigned.

ID number = IDLow + 65536 * IDHigh

If IDLow and IDHigh are signed, you need to compensate a negative value by adding 65536.


Service 6




Par1 IDLow � Low (least significant) word of the ID number.

Par2 IDHigh � High (most significant) word of the ID number.




Service 50: ReadBlockDescription Read one block of data from the HASP memory.


Syntax

Parameters Used

Return Values

Result The HASP memory content is read into the program buffer.


Service 50




Par1 Start Address � Defines the initial HASP memory address for reading the block:

0 to 55 � HASP4 M10 to 247 � HASP4 M40 to 247 � HASP4 Time

Par2 Block Length � The block size, in words.

Par3 Buffer Segment � The segment address of the buffer. Only relevant for 16-bit applications.

Par4 Buffer Offset � Offset address of a program buffer (variable). The buffer size must be at least as large as the block size.




Service 51: WriteBlockDescription Write one block of data to the HASP memory.


Syntax

Parameters Used

Return Values

Comments The contents of the program buffer are written to the HASP memory.


Service 51


Password1 The first HASP password.

Password2 The second HASP password.

Par1 Start Address � Defines the initial HASP memory address for writing the block:


Par2 Block Length � The block size, in words.

Par3 Buffer Segment � The segment dress of the buffer. Only relevant for 16-bit applications.




Part 3 - Chapter 11

HASP4 Time ServicesThis chapter describes the HASP API services which are applicable to HASP4 Time. Each of the services are described in detail.

The HASP4 Time battery has a lifetime of over four years. When implementing the API with HASP4 Time, it is recommended that you incorporate calls which check that the clock is advancing and act accordingly when it stops.




Every call to the HASP routine receives nine input parameters, but not all the parameters are used. Par1, Par2, Par3 and Par 4 are pointers to 32-bit integers in 32-bit systems, and 16-bit integers in 16-bit systems. All other parameters are integers. The values of Par1, Par2, Par3, and Par4 change according to the service.



HASP4 Time Services Part 3 - Chapter 11

Table 11.1 HASP4 Time Services and Parameters

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4

SetTime (70) C

PortN

um

Pass

word

1

Pass

word

2

Seco

nd

Min

ute

Hou

r

R

Stat

us

GetTime (71) C

PortN

um

Pass

word

1

Pass

word

2

RSe

cond

Min

ute

Stat

us

Hou

r

SetDate (72) C

Port

Num

Pass

word

1

Pass

word

2

Day

Mon

th

Year

RSt

atus

GetDate (73) C

Port

Num

Pass

word

1

Pass

word

2

R

Day

Mon

th

Stat

us

Year

WriteByte (74) C

PortN

um

Pass

word

1

Pass

word

2

Add

ress

Dat

a


Using the HASP API HASP4 Time Services

R

Stat

us

ReadByte (75) C

PortN

um

Pass

word

1

Pass

word

2

Add

ress

R

Dat

a

Stat

us

WriteBlock (76)Po

rtNum

Pass

word

1

Pass

word

2

Star

tA

ddre

ss

Bloc

kLe

ngth

Buffe

rSe

gmen

t

Buffe

rO

ffset

Stat

us

ReadBlock (77) C

PortN

um

Pass

word

1

Pass

word

2

Star

tA

ddre

ss

Bloc

kLe

ngth

Buff

erSe

gmen

t

Buff

erO

ffset

RSt

atus

HaspID (78) C

PortN

um

Pass

word

1

Pass

word

2

R

IDLo

w

IDH

igh

Stat

us

Service (no.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4




Service 70: SetTimeDescription Set the time on the HASP4 Time real-time clock.

Relevant Keys HASP4 Time

Syntax

Parameters Used

Return Values

hasp (Service, SeedCode, PortNum,Password1, Password2,Par1, Par2, Par3, Par4)

Service 70

PortNum Value indicating the port to search for the HASP key.

Password1 First HASP4 Time password.

Password2 Second HASP4 Time password.

Par1 Second � Seconds portion of the time you want to set (00 to 59).

Par2 Minute � Minutes portion of the time you want to set (00 to 59).

Par4 Hour � Hour portion of the time you want to set (00 to 23).




Service 71: GetTimeDescription Get the time from the HASP4 Time real-time clock.


Syntax

Parameters Used

Return Values


Service 71




Par1 Second � Seconds read from the HASP4 Time clock.

Par2 Minute � Minutes read from the HASP4 Time clock.


Par4 Hours � Hours read from the HASP4 Time clock.



Service 72: SetDateDescription Set the date on the HASP4 Time real-time clock.


Syntax

Parameters Used

Return Values

Comments Year ranges from 0 to 99, where 92 to 99 refer to 1992-1999, and 00 to 91 refer to 2000-2091.


Service 72




Par1 Day � Day to set on the HASP4 Time clock (1 to 31).

Par2 Month � Month to set on the HASP4 Time clock (1 to 12).

Par4 Year � Year to set on the HASP4 Time clock (0 to 99).




Service 73: GetDateDescription Get the date from the HASP4 Time real-time clock.


Syntax

Parameters Used

Return Values

Comments Year ranges from 0 to 99, where 92 to 99 refer to 1992-1999, and 00 to 91 refer to 2000-2091.


Service 73




Par1 Day � Day read from the HASP4 Time clock (1 to 31).

Par2 Month � Month read from the HASP4 Time clock (1 to 12).


Par4 Year � Year read from the HASP4 Time clock (0 to 99).



Service 74: WriteByteDescription Write one byte of data to the HASP4 Time memory.


Syntax

Parameters Used

Return Values

Comments This service writes to the 16-byte memory of a HASP4 Time. To write to the 248-word memory of a HASP4 Time, use Service 4 (page 171).


Service 74




Par1 Address � The HASP4 Time memory address to which you want to write (0 to 15).

Par2 Data � One byte of data.




Service 75: ReadByteDescription Read one byte of data from the HASP4 Time memory.


Syntax

Parameters Used

Return Values

Comments This service reads from the 16-byte memory of a HASP4 Time. To read from the 248-word memory of a HASP4 Time, use Service 3 (page 170).


Service 75




Par1 Address � The HASP4 Time memory address to which you want to read (0 to 15).

Par2 Data � One byte of data read from the HASP4 Time memory.




Service 76: WriteBlockDescription Write one block of data to the HASP4 Time memory.


Syntax

Parameters Used

Return Values

Comments This service writes a block to the 16-byte memory of a HASP4 Time. To write a block to the 248-word memory, use Service 51 (page 174).


Service 76




Par1 Start Address � Defines the initial HASP4 Time memory address for writing the block (0 to 15).

Par2 Block Length � Size, in bytes, of the data block (the maximum is 16).






Service 77: ReadBlockDescription Read one block of data from the HASP4 Time memory.


Syntax

Parameters Used

Return Values

Comments This service reads a block from the 16-byte memory of a HASP4 Time. To read a block from the 248-word memory of a HASP4 Time, use Service 50 (page 173).


Service 77




Par1 Start Address � Defines the initial HASP4 Time memory address for reading the block (0 to 15).

Par2 Block Length � The size, in bytes, of the data block (maximum 16).






Service 78: HaspIDDescription Determine the HASP4 Time ID number.


Syntax

Parameters Used

Return Values



If IDLow and IDHigh are signed, you need to compensate a negative value by adding 655356


Service 78








Part 3 - Chapter 12

HASP4 Net ServicesThis chapter describes the HASP API services for HASP4 Net. Each of the services are described in detail.

Table 12.1 "HASP4 Net Services and Parameters" on page 189 lists the hasp( ) routine parameters for each service. Each service listed in the following table is assigned two rows:



Every call to the HASP routine receives nine input parameters, but not all the parameters are used. Par1, Par2, Par3 and Par 4 are pointers to 32-bit integers in 32-bit systems, and 16-bit integers in 16-bit systems. All other parameters are integers. The values of Par1, Par2, Par3, and Par4 change according to the service. A �word� of data contains 8 bytes or 16 bits.



HASP4 Net Services Part 3 - Chapter 12

Using HASP4 Net ServicesThe HASP4 Net API requires that some services be called in sequence, as described below:

1. Optionally, call the hasp( ) routine with the SetConfigFilename and then with the LastStatus service.

2. Optionally, call the hasp( ) routine with the SetServerByName and then with the LastStatus service.

3. Call the hasp( ) routine with the Login service and then with the LastStatus service.

4. Once you call the Login service, you are free to call any HASP4 Net service. After each call to a service, call the hasp( ) routine with the LastStatus service.

5. Call the hasp( ) routine with the Logout service and then with the LastStatus service.

When using the ReadWord or WriteWord services to write or read from a HASP key, you should be aware that the byte order of the referred value will be dependant on the system you are using. Intel-based CPUs utilize the little-endian order, whilst Macintosh computers use the big-endian order. Alternatively you can also use ReadBlock and WriteBlock - endian-independent services to read or write to a HASP key.

!


Using the HASP API HASP4 Net Services

Table 12.1 HASP4 Net Services and Parameters

Under the TCP/IP protocol, a Windows 16-bit application calling the hasp( ) routine automatically gains control while the routine is being processed. Control is gained through the application message loop rather than through the instruction following the hasp( ) routine call.Do not call the hasp( ) routine again until control is gained through the instruction following the call. If you do, your application crashes. To avoid this situation, use flags to prevent new calls to the hasp( ) routine while the previous call is being processed.

!

Service (No.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4

LastStatus (40) C

RN

et

Stat

us

Syst

em E

rror

War

ning

Cod

e

Login (42) C

Seed

Cod

e

Prog

Num

Pass

word

1

Pass

word

2

R

Logout (43) C

Prog

Num

Pass

word

1

Pass

word

2

R

ReadWord (44) C

Prog

Num

Pass

word

1

Pass

word

2

Add

ress



R

Dat

a

Stat

us

WriteWord (45) C

Prog

Num

Pass

word

1

Pass

word

2

Add

ress

Dat

a

R

Stat

us

HaspID (46) C

Prog

Num

Pass

word

1

Pass

word

2

RID

Low

IDH

igh

Stat

us

IdleTime (48) C

Idle

Tim

e

Prog

Num

Pass

word

1

Pass

word

2

R

ReadBlock (52) C

Prog

Num

Pass

word

1

Pass

word

2

Star

tA

ddre

ss

Bloc

kLe

ngth

(Buf

fer

Segm

ent)

Buff

er

Off

set

R

Stat

us

WriteBlock (53) C

Prog

Num

Pass

word

1

Pass

word

2

Star

t A

ddre

ss

Bloc

k Le

ngth

(Buf

fer

Segm

ent)

Buff

er

Off

set

Service (No.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4



R

Stat

us

SetConfigFilename (85)

C

Buff

er

Size

(Buf

fer

Segm

ent)

Buff

er

Off

set

R

HaspEncodeData(88) CPr

ogN

um

Pass

word

1

Pass

word

2

Buffe

r Si

ze

(Buf

fer

Segm

ent)

Buffe

r O

ffset

R

Stat

us

HaspDecodeData(89) C

Prog

Num

Pass

word

1

Pass

word

2

Buff

er

Size

(Buf

fer

Segm

ent)

Buff

er

Offs

et

R

Stat

usSetServerByName (96) C

Buff

er

Size

(Buf

fer

Segm

ent)

Buff

er

Offs

etR

HaspQueryLicense (104)

C

Prog

Num

Pass

word

1

Pass

word

2

Service (No.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4



R

Act

ive

Lice

nses

Max

. Li

cens

es

Key

Typ

e

Act

ivat

ions

re

main

ing

LoginProcess (110) C

Prog

Num

Pass

word

1

Pass

word

2

R

Stat

us

GetCurrentServer(230)

C

Buff

er

Size

Buff

er

Offs

et

R

Buff

er si

ze

Stat

us

Service (No.)

Seed

Cod

e

Por

tNu

m

Pas

swor

d1

Pas

swor

d2

Par

1

Par

2

Par

3

Par

4




Service 40: LastStatusDescription Check the status of the previous call to the hasp( ) routine. Call

hasp( ) with the LastStatus service after each call with one of the HASP4 Net services.


Syntax

Parameters Used

Return Values

Comments If an error occurs, your application should display Net Status, System Error and Warning.

hasp (Service, SeedCode, ProgNum, Password1, Password2,Par1, Par2, Par3, Par4)

Service 40

Par1 Net Status � A code indicating the status of the previous call to the hasp( ) routine. If the last call was successful, 0 is returned.

If not an error code is returned. See Table 13.3 "HASP4 Net Status Codes" on page 220.

Par2 System Error � A context-dependent error code. For example:

� A NetBIOS communication error returns the specific NetBIOS error code.

� A HASP4 Net configuration file error returns the configuration file line number where the error occurred

Par3 Warning � A warning code. See Table 13.4 "HASP4 Net Warning Codes" on page 224



Service 42: LoginDescription Perform a HASP4 Net login. The protected application accesses

the HASP License Manager with a request for a license.


Syntax

Parameters Used

Return Values Use Service 40: LastStatus (page 193) to check if the call has been performed successfully.

Comments For a description of the login process, see "How Does HASP4 Net Work?" on page 230.

With the exception of SetConfigFilename, SetServerByName, and LastStatus, call login before any other service.

If you call the hasp( ) routine with the login service more than once from the same station, the HASP License Manager does not add the station and application to the log table a second time. In other words, the HASP License Manager does not grant an additional license to the application.

When you re-activate a protected application after a computer crash, the application is already listed in the log table and the HASP License Manager does not grant the application an additional license.


Service 42

ProgNum The number assigned to the application in HASP4 Net memory, using the HaspEdit utility. See "Accessing Keys with HaspEdit" on page 83.

Password1 First HASP4 Net password.

Password2 Second HASP4 Net password.



Multiple Win32 processes under Windows NT or Windows 95/98/ME take only one license when a single protocol is used, or when NetBIOS and IPX are used in combination. However, such processes under these operating systems take two licenses if TCP/IP is used together with NetBIOS and/or IPX.



Service 43: LogoutDescription Perform a HASP4 Net logout. When you call hasp( ) with the

logout service, the HASP License Manager deletes the station and application from the HASP4 Net log table. As a result, a license is freed.


Syntax

Parameters Used


Comments If you do not perform a HASP4 Net logout, the station and application remain listed in the HASP4 Net log table. In this case the behavior is as follows:

� The number of stations running the application at the same time remains unchanged and a license is not freed. If you have licensed a protected application to run on n stations, and n stations have performed a HASP4 Net login, no other station can run the application until one of these n stations performs a HASP4 Net logout.

� If the same station re-activates the application, the application runs using the license that is already granted.


Service 43






� When the number of stations running a protected application has reached its maximum and there is an attempt to activate the application from another station, the HASP License Manager searches the log table for an idle station. If it finds one, the HASP License Manager deletes the idle station from the HASP log table. As a result, a license is freed and immediately granted to the application that issued the request. The default idle time is 36 hours. You can change the idle time using Service 48: IdleTime (page 201).



Service 44: ReadWordDescription Read one word of data from the HASP4 Net memory.


Syntax

Parameters Used



Service 44




Par1 Address � The HASP4 Net memory address you want to read from (0 to 247).

Par2 Data � Data read from the HASP4 Net memory.




Service 45: WriteWordDescription Write one word of data to the HASP4 Net memory.


Syntax

Parameters Used


Comments Word offsets 24 and higher in the HASP4 Net memory are reserved for the HASP4 Net Program List. If you write to any of these offsets, you may overwrite application protection parameters that you have previously saved in this memory area.


Service 45




Par1 Address � The HASP4 Net memory address you want to write to (0 to 247).

Par2 Data � One word of data.




Service 46: HaspIDDescription Determine the HASP4 Net ID number.


Syntax

Parameters Used




If IDLow and IDHigh are signed, you need to compensate a negative value by adding 65535.


Service 46









Service 48: IdleTimeDescription Controls the stations that no longer use a protected application.

With IdleTime, you specify a time frame. If the station using the protected application does not access the HASP4 Net within this time frame, the HASP License Manager regards the station as idle.


Syntax

Parameters Used


Comments When the number of stations running a protected application has reached its maximum and there is an attempt to activate the application from another station, the HASP License Manager searches the log table for an idle station. If it finds one, the HASP License Manager deletes the idle station from the HASP log table. As a result, a license is freed and immediately granted to the application that issued the request.

hasp (Service, IdleTime, ProgNum, Password1, Password2,Par1, Par2, Par3, Par4)

Service 48

IdleTime The time frame in minutes (0 to 65535).

A station which does not access the key within this time frame is considered idle.






The protected application, running on the station that was deleted from the log table, returns an error code (error 135 or 139) the next time it tries to access the HASP4 Net.

When a station accesses the HASP4 Net during the idle time frame, the idle time counter resets to zero.

To implement IdleTime, call the hasp( ) routine with the IdleTime service after the Login service. If you do not set the idle time, the HASP License Manager uses a default time frame of 36 hours.



Service 52: ReadBlockDescription Read one block of data from the HASP4 Net memory into the

program buffer.


Syntax

Parameters Used


Service 52




Par1 Start Address � Defines the initial HASP4 Net memory address for reading the block (0 to 247).

Par2 Block Size � Data block size in words (maximum 24 words).

Par3 Buffer Segment � Segment address of a program buffer (variable). Only relevant for 16-bit applications.




Service 53: WriteBlockDescription Write one block of data from the program buffer to the HASP4

Net memory.


Syntax

Parameters Used



Service 53




Par1 Start Address � Defines the initial HASP4 Net memory address for writing the block (0 to 247).

Par2 Block Size � Data block size in words (maximum 24 words).

Par3 Buffer Segment � Segment address of a program buffer (variable).

Only relevant for 16-bit applications.




Comments Word offsets 24 and higher in the HASP4 Net memory are reserved for the HASP4 Net program list.

If you write to any of these offsets, you may overwrite application protection parameters that you have previously saved in this memory area.



Service 85: SetConfigFilenameDescription Set the name of the HASP4 Net configuration file. The HASP4

Net configuration file contains parameters and other fine-tuning settings for the protected application.


Syntax

Parameters Used


Comments If you use the SetConfigFilename service, call it before performing a HASP4 Net login. If you do not use SetConfigFilename, the protected application either does not use a HASP4 Net configuration file, or it uses the default file named nethasp.ini if it finds it. For more information about the HASP4 Net configuration file, see "Configuring HASP4 Net Clients" (page 271).


Service 85

Par2 Buffer Size � The byte size of the buffer containing the name of the HASP4 Net configuration file.

Par3 Buffer Segment � The segment address of the buffer containing the name of the HASP4 Net configuration file. Only relevant for 16-bit applications.

Par4 Buffer Offset � The offset address of the buffer containing the name of the HASP4 Net configuration file.



Service 88: HaspEncodeDataDescription Encodes data via the HASP4 Net.


Syntax

Parameters Used


Comments The contents of the program buffer are encoded via the connected HASP and updated in place.


Service 88




Par1 0 (reserved).

Par2 Buffer size. The size in bytes of the buffer to be encoded. The buffer must be at least 8 bytes in size.






This service can only be used with the HASP4 generation of HASP keys. If a key prior to the HASP4 generation is attached, no data will be encoded and the service will return an error code.

This service is not applicable for DOS applications.

If data is encoded with a Win16 application, the maximum buffer size is 64K. Data encoded with a Win32 application which exceeds 64K cannot be decoded by a Win16 API.

Encoding at runtime should be kept to a minimum. Instead, previously encoded files and data which are then decoded at runtime should be sent to users. See "Protection Strategies" on page 147.



Service 89: HaspDecodeDataDescription Decodes data via the HASP4 Net.


Syntax

Parameters Used


Comments The contents of the program buffer are decoded via the connected HASP and updated in place.


Service 89




Par1 0 (reserved).

Par2 Buffer size. The size in bytes of the buffer to be decoded. The buffer must be at least 8 bytes in size.






This service can only be used with the HASP4 generation of HASP keys. If a key prior to the HASP4 generation is attached, no data will be decoded and the service will return an error code.

If data is encoded with a Win16 application, the maximum buffer size is 64K. Data encoded with a Win32 application which exceeds 64K cannot be decoded by a Win16 API.



Service 96: SetServerByNameDescription Specify the name of a HASP License Manager and instruct the

protected application to communicate with the specific HASP License Manager.


Syntax

Parameters Used


Comments If you call the hasp( ) routine with the SetServerByName service, do so before performing a HASP4 Net login.

To name a HASP License Manager, load it with the -srvname switch, see "Switches for the HASP License Manager" (page 258).

When an application calls the hasp( ) routine with SetServerByName, the routine searches for a HASP License Manager loaded with the specified name. If it finds one, the hasp( ) routine stores the HASP License Manager location. When the application performs a HASP4 Net login, the HASP License Manager at the stored location is accessed.


Service 96

Par2 Buffer size. The size in bytes of the buffer to be decoded. The buffer size can be a maximum 7 bytes.

Par3 Buffer segment. The segment address of the buffer containing the name of the HASP LM. Only relevant for 16-bit applications.




Service 104: HaspQueryLicenseDescription Queries the current license attributes from the HASP4 Net.


Syntax

Parameters Used



Service 42




Par1 Number of currently active licenses (concurrent users) for this ProgNum.

Par2 Maximum number of licenses available for this ProgNum.

Par3 Type of HASP4 Net key.

Par4 Number of activations remaining for this ProgNum (-1 = Unlimited).



Service 110: LoginProcessDescription Determines whether activations will be decremented per station or

per process.


Syntax

Parameters Used

Return Values .

Comments When Par1 is set to 0, LoginProcess behaves like Login Service 42. This service only works if reserved input parameters Par2, Par3, Par4 are set to 0.


Service 110

ProgNum The number assigned to the application in HASP4 Net memory, using the HaspEdit utility.



Par1 0 decrement activations per station1 decrement activations per process

Par2 0 (reserved).

Par3 0 (reserved).

Par4 0 (reserved).

Par3 Status - a code indicating the status of the operation.



Service 230: GetCurrentServerDescription Retrieves the currently utilized License Manager address.


Syntax

Parameters Used

Return Values .

Comments The return values are zero-terminated strings containing a representation of the server address which is easy to parse. The application must be successfully logged in before calling this function.


Service 230

Par 1 0 (reserved)

Par 2 Size of data buffer

Par 3 0 (reserved)

Par 4 Pointer to data buffer

Par2 Actual size of data written to data buffer

Par3 Status- a code indicating the status of the operation

You can use Service 40 (see page 193) to check if the call has been performed successfully.


Part 3 - Chapter 13

HASP APIStatus Codes

Status Codes for All HASP KeysWhen you use the API to access HASP, the hasp( ) routine returns a status code in Par3. The following tables list the status codes returned according to the type of HASP you use.

Table 13.1 Status Codes for All HASP Keys

Code Description

0 Successful operation.

-1 Time-out: unsuccessful write operation.

-2 The address is out of range.

-3 A HASP with the specified password was not found.

-4 A HASP was found but it is not a MemoHASP.

-5 Unsuccessful write operation.

-6 The parallel port is currently unavailable. Another device attached to it, such as a printer, is active. Retry API call after some seconds.


HASP API Status Codes Part 3 - Chapter 13

-7 The size of the buffer is too small. This error only occurs with services that have a minimum buffer size requirement.

-8 The hardware does not support the requested service. This service requires a HASP4 generation key to be connected.

-9 Invalid pointer. The pointer passed to the service is not valid.

-10 Access to key prohibited because the application is running through a remote screen on Citrix Winframe or Windows Terminal Server (the application can only run on the console screen).

-11 Access to key prohibited because the application is running on Citrix Winframe or Windows Terminal Server (service pack 4+ required to detect if this is running on the console screen).

-12 A parameter passed to the service is not valid or is out of range.

-13 Version Mismatch. This error message indicates that the driver is too old to allow the API to function. You should update your driver. Valid only for Win32 and Win64 applications.

-100 Cannot open the HASP device driverApplies to Win32 applications.Install the HASP device driver.

-110 Cannot open the HASP device driverApplies to DOS, DOS extender, and Windows applications attempting to access the HASP device driver.Install the HASP device driver.

-111 Cannot read the HASP device driver Applies to DOS, DOS extender, and Windows applications attempting to access the HASP device driver.

Code Description


Using the HASP API HASP API Status Codes

Status Codes for HASP4 Time KeysTable 13.2 Status Codes for HASP4 Time Keys

-112 Cannot close the HASP device driver.Applies to DOS, DOS extender, and Windows applications attempting to access the HASP device driver.

-120 Cannot allocate DOS memoryApplies to DOS extender and Windows applications protected with stand-alone keysTry freeing DOS memory.

-121 Error freeing DOS memoryApplies to DOS extender and Windows applications protected with stand-alone keys.

-999 Invalid service.

Code Description

Code Description

0 Successful operation.

-20 Invalid day.

-21 Invalid month.

-22 Invalid year.

-23 Invalid seconds.

-24 Invalid minutes.

-25 Invalid hours.

-26 Invalid address: the address is not in the range 0 to 15.

-27 Timeout: unsuccessful write operation.

-28 A HASP with the specified password was not found.

-29 A HASP was found but it is not a HASP4 Time.



Status Codes for HASP4 NetWhen you call the hasp( ) routine with the HASP4 Net LastStatus service, the hasp( ) routine returns a status code in Par1 (NetStatus), specifying the status of the previous call. If a context-dependent error occurs, you receive it in Par2 (System Error) when you call LastStatus. The hasp( ) routine may also return a warning code in Par3.

When the hasp( ) routine returns an error, the execution of the service is stopped and not completed.

LastStatus codes are divided into two groups:

Status codes 1 to 127 - indicate errors in communication between the protected application and the HASP License Manager, or errors in parameters you passed to the hasp( ) routine.

Status codes 129 to 151 - indicate errors that occur after the client-server communication has been established.

The following table shows the possible values of Par1 (NetStatus).

Table 13.3 HASP4 Net Status Codes

Code Description

0 Operation successful.

1 The IPX, NetBIOS, or TCP/IP protocols have not been installed properly � act accordingly.

2 Communication error � unable to get the socket number (applies to IPX and TCP/IP).Verify that the protocol is installed properly.

3 Communication error.NetBIOS � unable to establish the session.IPX � unable to get the immediate address of the HASP License Manager. Verify that the protocol is installed properly.TCP/IP � unable to connect to the server. Verify that the server address is correct.



4 No HASP License Manager was found.Check whether your application has a path to the address file and read permission.

5 Cannot read the HASP License Manager address file.

6 Cannot close the HASP License Manager address file.

7 Communication error � failed to send packet.Verify that the protocol is installed properly.

8 The network is busy.IPX - the network is busy or incorrect address files were found. In the latter case, delete all copies of the haspaddr.dat and newhaddr.dat files.NetBIOS - the network is busy.TCP/IP - when TCP is used, error indicates that the network is busy.

10 You called the hasp( ) routine with one of the services, without first calling the Login service.

11 Communication error � adapter error (applies only to NetBIOS).Verify that the protocol is properly installed.

15 No active HASP License Manager was found.

18 Cannot perform a HASP4 Net login because of an unsuccessful SetServerByName call.

19 Syntax error in the configuration file. The LastStatus service returns the line number in which the error occurred in Par2.If LastStatus returns 0 in Par2, there is an environment variable with an illegal setting.

20 Error handling the HASP4 Net configuration file. A file operation such as "open file" or "read file" failed. One possible reason could be that the system is out of file handles. The LastStatus service returns the OS system error code in Par2.

Code Description



21 HASP4 Net did not succeed in allocating memory. This error is unique to HASP4 Net interfaces under DOS extenders and Windows.Try to free DOS memory.

22 HASP4 Net did not succeed in freeing DOS memory. This error is unique to HASP4 Net interfaces under DOS extenders and Windows.

23 Invalid HASP4 Net memory address.

25 Failed to load winsock.dll (applies only to TCP/IP and IPX).

26 Failed to unload winsock.dll (applies only to TCP/IP and IPX).

28 Winsock.dll startup error (applies only to TCP/IP and IPX).

30 Failed to close socket (applies only to TCP/IP).

33 SetProtocol service requested without performing logout.

34 Access to key prohibited because the application is running on Citrix Winframe or Windows Terminal Server (service pack 4+ required to detect if this is running on the console screen).

129 The correct HASP4 Net is not connected to the HASP License Manager.

130 The program number specified is not in the program list of the HASP4 Net memory.

131 Error reading from HASP4 Net memory.

132 Error writing to HASP4 Net memory.

133 The current Login request exceeds the number of stations which may run the application at the same time.

134 The current login request exceeds the number of authorized activations for the application.

Code Description



135 You called the hasp( ) routine with the Logout service without first calling the Login service. This may occur due to the LM reloading, or after logging out from the LM.

136 The HASP License Manager is busy � this may occur if your HASP4 Net system is not well adapted to the network.

137 There is no space in the HASP4 Net log table.

138 Internal HASP4 Net error � the number of licensed stations is larger than the maximum number allowed by the HASP4 Net model.

139 The computer with the HASP4 Net crashed and was reactivated, or you called the hasp( ) routine with a service (not including 40, 85, or 96) without first calling the login service.

140 The HASP License Manager does not serve the network of your station.

141 Invalid service, or new version of the HASP API is communicating with an older version of the HASP License Manager.

142 The HASP License Manager matching the name specified in the HASP4 Net configuration file was not found.

150 No HASP License Manager with the assigned name was found. This error is returned by the SetServerByName service.

151 Two or more different HASP License Managers with the assigned name were found. This error is returned by the SetServerByName service.

152 The encode operation failed because the hardware does not support the service.

Code Description



The following table lists the possible warning codes returned in Par3 when using the LastStatus service. When Par3 returns a warning, the execution of the service is completed regardless of the warning.

Table 13.4 HASP4 Net Warning Codes

153 The decode operation failed because the hardware does not support the service.

155 An old version of the License Manager has been found. The API used requires a newer version of the License Manager to be installed.

157 NH Buffer is too small. Whenever the buffer equals or is less than 8 bytes during the data encrypting/decrypting process, the error message is returned. Valid only for Win32 and Win64 applications.Applies to Service numbers 88 and 89.

Code Description

1 IPX is enabled via nethasp.ini or via the NETHASPPROTOCOL environment variable, but IPX is not installed. This warning occurs upon HASP4 Net login.

2 NetBIOS is enabled via nethasp.ini or via an environment variable, but NetBIOS is not installed. This warning occurs upon HASP4 Net login.

3 IPX and NetBIOS are enabled via nethasp.ini or via an environment variable, but neither of the protocols are installed. This warning occurs upon HASP4 Net login.

4 TCP/IP is enabled via nethasp.ini or via an environment variable, but TCP/IP is not installed.This warning occurs upon HASP4 Net login.

Code Description



The HASP4 Net LastStatus codes are constantly being updated. For the latest updates, see the HASP License Manager help file.

5 IPX and TCP/IP are enabled via nethasp.ini or via an environment variable, but neither of the protocols are installed. This warning occurs upon HASP4 Net login.

6 TCP/IP and NetBIOS are enabled via nethasp.ini or via an environment variable, but neither of the protocols are not installed. This warning occurs upon HASP4 Net login.

7 IPX, NetBIOS and TCP/IP are enabled via nethasp.ini or via an environment variable, but none of the three protocols are installed. This warning occurs upon HASP4 Net login.

18 The HASP License Manager returned a HASP4 Net logout status of OK, but due to timeout, a HASP4 Net logout might not have been performed. In this case, you should perform an additional HASP4 Net logout. If the HASP4 Net logout returns error 135, then a logout was performed regardless of the error.This warning occurs upon HASP4 Net logout.

19 An invalid keyword or value is defined in nethasp.ini, or a new keyword is not recognized by an older API version. This warning occurs upon HASP4 Net login.

20 TCP or UDP protocols were specified in the nethasp.ini along with another protocol. If the HASP License Manager�s IP address is not specified in the nethasp.ini, the HASP4 Net client will work with the other protocol specified, however a warning is returned to notify you that either TCP or UDP was not employed due to the missing IP address.This warning occurs after using SetProtocol.

22 The HASP API cannot free memory.This warning may occur after any HASP4 Net API service.

Code Description


Part 4Using HASP in a

NetworkThis part describes the HASP4 Net system and relevant tools and procedures.

The chapter "HASP4 Net Basic Concept" (page 229) explains terms and concepts that are important if you are protecting software with HASP4 Net.

The chapter "Protecting Applications with HASP4 Net" (page 241) describes how you can protect your application for HASP4 Net use.

The chapter "Managing HASP4 Net Licenses" (page 247) explains the installation and use of HASP License Manager which provide HASP4 Net licenses in the network.

The chapter "Configuring HASP4 Net Clients" (page 271) describes how an application protected for HASP4 Net - the HASP4 Net client - can be configured with a configuration file.

The chapter "Monitoring HASP4 Net Licenses" (page 281) explains the use of Aladdin Monitor which permits centralized administration of the HASP License Manager applications and the HASP4 Net keys.


Using HASP in a Network Part 4

The chapter "Adapting HASP4 Net to the Network" (page 287) provides information on how to adapt HASP4 Net to a network by defining the range of stations and adapting the time-out.


Part 4 - Chapter 14

HASP4 Net BasicConcept

This chapter explains terms and concepts that are important if you are protecting software with HASP4 Net. Before beginning the chapter, familiarize yourself with general HASP terms and concepts. If you are not using HASP4 Net, you can skip this chapter.

What is HASP4 Net?HASP4 Net is a HASP designed for networks. It lets you effectively license your application in network environments by controlling the number of software copies that can run at the same time. By connecting a single HASP4 Net key to any computer in the network, you can secure your application against unauthorized use, and monitor the number of stations using your application simultaneously.


HASP4 Net Basic Concept Part 4 - Chapter 14

Figure 14.1 HASP4 Net System

How Does HASP4 Net Work?When a protected application is activated from a network station, it accesses the HASP License Manager and requests permission to run by performing a HASP4 Net login. The HASP License Manager then checks that the correct HASP key is connected and accesses the HASP4 Net memory to verify the following:

� The protected application is licensed to run.

� The number of stations allowed to run the protected application at the same time has not been exceeded.

If all results produced by the checks are positive, the HASP License Manager grants the protected application permission to run, and updates the HASP4 Net log table. Otherwise, the HASP License Manager returns an error code.

The following figures illustrate the HASP4 Net mechanism. The network shown in these figures consists of four stations. On one of the stations, a HASP4 Net key is connected and the HASP License Manager is active.

Protected application number 1 is licensed to run simultaneously on five stations. The figures illustrate the process by which station 3 attempts to activate protected application number 1.


Using HASP in a Network HASP4 Net Basic Concept

Figure 14.2 Before a HASP4 Net login...

Stations 1 and 2 are running protected application 1, and are both listed in the log table. Of the five stations that are licensed to run the protected application at the same time, two are already listed in the log table.

Figure 14.3 A HASP4 Net login is performed...

Station 3 loads protected application 1, which accesses the HASP License Manager with a HASP4 Net login. The HASP License Manager determines whether or not station 3 is licensed to activate the application.



Figure 14.4 After a HASP4 Net login...

The checks performed by the HASP License Manager are positive, and application 1 is granted a license to run on station 3. The log table is updated and now includes station 3.

Preparing Protection

Protecting applications with HASP4 NetWhen protecting your application, you can choose between protecting your application for local use, for network use or for both. To enable HASP4 Net, use one of the following methods:

� Enable HASP4 Net when using HASP Envelope

� Use HASP4 Net API services instead of or in addition to other API services

For more information refer to "Protecting Applications with HASP4 Net" (page 235).



Providing Licenses with HASP4 Net Keys

HASP4 Net keys enable you to do the following:

� Limit the number of stations for each protected application

� Limit the number of activations for each protected application

HASP4 Net keys come in several models. The HASP4 Net model number determines the maximum number of licenses available to each application (i.e. the maximum number of stations that can access the application at the same time). For example, HASP4 Net5 can allow from zero to five licenses. Other models allow up to 10, 20, 50 or 100 licenses. With HASP4 NetU, your application can have an unlimited number of licenses.

HASP4 Net keys are available for the parallel port and for the USB port.

Using HASP4 Net

Installing HASP4 NetThe following steps are necessary to install HASP4 Net in a network:

� Install the appropriate HASP device driver and connect the HASP4 Net key.

� Install and start the HASP License Manager on the same machine. For more information refer to "Managing HASP4 Net Licenses" (page 241)

� Customize the HASP License Manager and the HASP4 Net client, if necessary. For more information refer to "Customizing the HASP License Manager" (page 252) and to "Configuring HASP4 Net Clients" (page 263).



Managing Licenses with HASP License ManagerThe HASP License Manager is the application that communicates with the protected application and the HASP4 Net key, functioning as a link between the two. It can communicate with several protected applications running on the network and with multiple HASP4 Net keys connected to the computer.

The HASP License Manager is available for the following environments: Windows 95/98/ME, Windows NT/2000/XP/Server 2003, Mac OS X and Linux

The HASP License Manager maintains a log table which lists all the protected applications that have performed a HASP4 Net login. The list identifies each protected application, and the station that activated the application. An application and its station remain listed in the log table until the application performs a HASP4 Net logout.

For more information refer to "Managing HASP4 Net Licenses" (page 241).

Requesting Licenses with HASP4 Net ClientThe protected application acts as the HASP4 Net client. It requests the HASP4 Net license and communicates with the HASP License Manager. When you activate the protected application, it performs a HASP4 Net login to access the HASP License Manager with a request to run. When the protected application is terminated, it informs the HASP License Manager by performing a HASP4 Net logout.

The HASP4 Net client is available for the following environments: Windows 3.1, Windows 95/98/ME, Windows NT/2000/XP/Server 2003, Mac OS 8.6, Mac OS 9.x and Mac OS X.

Do not confuse the HASP4 Net login and logout with the standard network login and logout.



HASP4 Net clients can be configured individually. For more information refer to "Configuring HASP4 Net Clients" (page 263).

Monitoring Licenses with Aladdin MonitorAladdin Monitor permits centralized administration of the HASP License Manager applications and the HASP4 Net keys.

The following options are available:

� Checking the properties of the HASP License Manager.

� Checking HASP4 Net keys.

� Starting and stopping the HASP License Manager service.

Aladdin Monitor is available for the following environments: Windows 98/ME, Windows NT/2000/XP/Server 2003. It can communicate via TCP/IP and IPX.

For more information refer to "Monitoring HASP4 Net Licenses" (page 273).

Distributing HASP4 Net

Distributing HASP4 NetAlong with the protected application, you should supply your customer with the following:

� HASP4 Net key

� HASP device driver

� HASP License Managers (with configuration file Nhserv.ini)

� Aladdin Monitor

� Configuration file for HASP4 Net client Nethasp.ini



Assisting the End-UserEnd User and Vendor Utilities are available to maintain and troubleshoot deployed HASP4 Net keys.

Your customers can use the Aladdin DiagnostiX utility:

� To check for a HASP key.

� To create a report file that contains data for Aladdin devices and other relevant system information.

In addition, the Aladdin DiagnostiX Memory Beamer is provided to:

� prepare customized DLLs for your customers.

� access reports generated by the Aladdin DiagnostiX utility.

� Decrypt the HASP memory of deployed keys.

The two utilities are available for the following environments: Windows 95/98/ME and Windows NT/2000/XP/Server 2003. For more information on both utilities refer to "Assisting End-Users & Vendors" (page 113).



Supported Protocols, Platforms and Operating Systems

HASP4 Net is a cross-platform solution which supports the following operating systems.

Table 14.1 HASP4 Net Supported Platforms

The following protocols can be used for communication between the HASP4 Net client and the HASP License Manager.

Table 14.2 HASP4 Net Protocols

Windows 3.x

Windows 95/98/ME

NT/2000/XP/Server 2003

Mac OS 8.6

Mac OS 9.x

Mac OS X

Linux

HASP4 Net client

available available available available available available

HASP License Manager

available available available available

Aladdin Monitor

available

Aladdin DiagnostiX

available available

Windows Apple Macintosh

Linux

IPX supported

TCP/IP (UDP/IP) supported supported supported

NetBIOS supported

TCP/IP is used to refer to both TCP/IP and UDP/IP. NetBIOS support discontinued in API version 8.0.




Question Do I need to install HASP4 Net on the network file server?

Answer No. You can install the HASP4 Net key and the HASP License Manager on any station in the network. The designated station must be active and the HASP License Manager loaded for as long as any application protected with HASP4 Net is running.

Question Can I see which stations are accessing a HASP4 Net key?

Answer Yes. The Aladdin Monitor utility shows you all the stations activating an application that has performed a HASP4 Net login to the HASP License Manager. See "Monitoring HASP4 Net Licenses" (page 273) for details.

Question If I connect two HASP4 Net5 keys of the same developer code to a single station, will I receive 10 licenses?

Answer No. When two HASP4 Net keys with the same developer code are connected to the same computer, only one HASP4 Net key responds. To enable ten licenses with two HASP4 Net5 keys, connect each key to a separate station and run the correct HASP License Manager. Alternatively, use a HASP4 Net10.

Question My customer already has a HASP4 Net from another software vendor connected to a station on the network and a HASP License Manager loaded. What must be done to install my HASP4 Net key?

Answer All your customer needs to do is connect your HASP4 Net key to the same computer. The already loaded HASP License Manager serves both HASP4 Net keys.



Question Will HASP4 Net work over the Internet?

Answer Yes. HASP4 Net works over the Internet with TCP/IP.

Question If, for example, I have a HASP4 Net20 can I grant access to just 17 users?

Answer Yes, using HaspEdit you can specify any number of users up to 20.

Question When using HASP4 Net, on which station do I need to install the HASP device driver?

Answer Only on the station with the HASP4 Net key.

The HASP device driver serves as a link between the HASP and the protected application. Since the application protected by HASP4 Net communicates with the HASP License Manager, which in turn accesses the HASP4 Net key, install the HASP device driver on the station which is running the HASP License Manager.


Part 4 - Chapter 15

ProtectingApplications with

HASP4 NetThis chapter describes how you can protect your application with HASP4 Net.

When protecting your application, you can choose between protecting your application for local use, for network use or for both. To enable HASP4 Net, use one of the following methods:

� Enable HASP4 Net when using HASP Envelope

� Use HASP4 Net API services instead of or in addition to other API services


Protecting Applications with HASP4 Net Part 4 - Chapter 15

HASP Envelope Options for HASP4 NetHASP Envelope enables you to protect your application without having to alter the source code. For information on the basic procedures refer to "Protecting with HASP Envelope" (page 51).

HASP Envelope for Win32In addition to the usual procedure, perform the following steps:

� Enter the HASP4 Net passwords.

� Specify a number for the program.

� Specify how many licenses and activations you want to provide for this program file. If you do not want to limit the number, activate the Unlimited option. This information is only relevant if you want to write it to the connected HASP4 Net key following the protection process.

� Enter the name of the HASP4 Net configuration file, or browse for it. For more information on the configuration file, refer to "Configuring HASP4 Net Clients" (page 271).

If you want to protect your application for both local and network use, you can specify the HASP4 Net parameters in addition to the parameters for local use. Make sure you update the FAS memory of each key using HaspEdit.


Using HASP in a Network Protecting Applications with HASP4 Net

HASP Envelope Command Line Tool

If you are using the HASP Envelope command line tool, the following switches are relevant to enable HASP4 Net:

Table 15.1 HASP Envelope Switches for HASP4 Net

HASP4 Net API ServicesWhen protecting your application for network use by adding API calls to your source code, you need to use the HASP4 Net services. For a detailed description of every service refer to "HASP4 Net Services" (page 187).

This tracking mechanism is especially useful when multiple instances of the same protected application are running on a single terminal. Using LoginProcess Service 110, you are able to log out of one logged-in process without any adverse affects on the other instances.

Switch Function

-nhpass <password1> <password 2> Specify the HASP4 Net passwords.

-prgnum <program number> Specify a unique program number from 1 to 112.

-netcfg <filename> Specify a HASP4 Net configuration file.

On Mac OS 9 there is no terminal counter, therefore you should use Service 110.

If you want to protect your application for both local and network use, you need to implement both HASP4 Net services and basic and/or memory services.

!



Table 15.2 HASP4 Net API Services


40 LastStatus Check the status of the last call. Use this service after each call to the hasp( ) routine.

42 Login Request permission from the HASP License Manager to activate the application.Unless you use services 85 or 96, login must be your first call to the hasp( ) routine.

43 Logout Request HASP4 Net session termination from the HASP License Manager.

44 ReadWord Read one word of data from the HASP4 Net memory.

45 WriteWord Write one word of data to the HASP4 Net memory.

46 HaspID Get the HASP4 Net ID number.

48 IdleTime Set a maximum time frame for idle stations.

52 ReadBlock Read a block of data from the HASP4 Net memory.

53 WriteBlock Write a block of data to the HASP4 Net memory.

85 SetConfigFilename Set name of HASP4 Net configuration file.


Using HASP in a Network Protecting Applications with HASP4 Net

88 HaspEncodeData Encode data sent to the connected HASP4 Net key. Use in conjunction with HaspDecodeData to verify that a specific HASP4 Net key is present on the network.

89 HaspDecodeData Decode data sent to the connected HASP4 Net key. Use in conjunction with HaspEncodeData to verify that a specific HASP4 Net key is present on the network.

96 SetServerByName Set the name of the HASP License Manager to which the protected application will perform a HASP4 Net login.

110 LoginProcess Determines whether activations will be decremented per station or per process.

230 GetCurrentServer Retrieves the address of the currently used HASP License Manager.




LoginProcess Functionality

LoginProcess Service 110 offers a more efficient approach to managing HASP4 Net licenses. This service activates a tracking mechanism that counts number of �process� logins to an application via a HASP4 Net key.

This tracking mechanism is especially useful when multiple instances of the same protected application are running on a single terminal. Using LoginProcess Service 110, you are able to log out of one logged-in process without any adverse affects on the other instances.

LoginProcess Service 110 tracks the number of �process� logins while Login Service 42 tracks the number of terminal logins. Service 110 efficiently debits a license to each login into a protected application even if multiple logins originate from the same terminal.

On Mac OS 9 there is no terminal counter, therefore you should use Service 110.!


Part 4 - Chapter 16

ManagingHASP4 Net Licenses

This chapter describes how to manage HASP4 Net licenses with the HASP License Manager.

The HASP License Manager is the application that communicates with the protected application and the HASP4 Net key, functioning as a link between the two. It can communicate with several protected applications running on the network and with multiple HASP4 Net keys connected to the computer.

The HASP License Manager is available for the following environments: Windows 95/98/ME, Windows NT/2000/XP/Server 2003, Mac OSX and Linux.


Managing HASP4 Net Licenses Part 4 - Chapter 16

How does the HASP License Manager Work?

The HASP License Manager maintains a log table which lists all the protected applications that have performed a HASP4 Net login. The list identifies each protected application, and the station that activated the application. An application and its station remain listed in the log table until the application performs a HASP4 Net logout.

The HASP License Manager uses the log table to keep track of the number of stations running a protected application at the same time. It ensures that the number of stations does not exceed the maximum number licensed by the software developer. By default the login table can track logins for up to 250 applications.


Using HASP in a Network Managing HASP4 Net Licenses

HASP License Manager for WindowsThe HASP License Manager for Windows is available as an executable for Windows 95/98/ME/NT/2000/XP/Server 2003 and as a service for Windows NT/2000/XP/Server 2003.

The HASP License Manager for Windows can communicate via TCP/IP, IPX and NetBIOS. The protocols can be loaded and unloaded using the HASP License Manager graphical user interface or command-line switches.

Installing HASP License Manager under WindowsBoth types of HASP License Managers can be installed with the setup file lmsetup.exe.

Install the appropriate HASP License Manager on the station the HASP4 Net key is connected to.

The installation can be customized using the following methods:

� Start the HASP License Manager with switches, see "Switches for the HASP License Manager" (page 258).

� Use the configuration file nhsrvw32.ini, see "Settings in nhsrv.ini Configuration File" (page 259).

� Use the License Manager Installation API (only Win32 service), see "Settings for the IPX Protocol (Win32 only)" (page 263).

On a Windows 95/98/ME Station

The HASP License Manager for Windows is nhsrv.ini. Use the setup file lmsetup.exe to install the License Manager.

1. Install the HASP device driver and connect the HASP4 Net key to a station.

NetBIOS support discontinued in API Version 8.0.



2. Install the HASP License Manager by running lmsetup.exe from your HASP CD and following the instructions of the installation wizard.

On a Windows NT/2000/XP/Server 2003 Station

The HASP License Manager for Windows NT/2000/XP/Server 2003 is nhsrvice.exe. Use the setup file lmsetup.exe to install it.

It is recommended that you install the HASP License Manager as an NT service, so there is no need to log in to the station to provide the functionality.

1. Install the HASP device driver and connect the HASP4 Net key to a station.

2. Install the License Manager by running lmsetup.exe from your HASP CD and following the instructions of the installation wizard. As installation type, select Service.

Activating and Deactivating HASP License Manager

HASP License Manager Application

To activate the HASP License Manager application, start it from the Start menu or Windows Explorer. The HASP License Manager application is always active when any protocol is loaded and a HASP4 Net key is connected.

To deactivate it, select Exit from the main menu.

HASP License Manager Service

To activate the HASP License Manager service, start it from the Start menu or Windows Explorer.

You can also integrate the HASP License Manager service installation into your application by using the HASP License Manager Install API, which can be found in the utility\servers \win32\service\lmapi directory.



To deactivate the HASP License Manager service, use the standard Windows Service administration in the Control Panel.

You can also use Aladdin Monitor to start and stop the HASP License Manager service.

Operating the HASP License ManagerYou can operate the HASP License Manager by using the graphical user interface. Alternatively you can operate it as a command-line tool.

To open the main window of the graphical user interface, double-click the icon of the red HASP4 Net key in the system tray.

The HASP License Manager main window displays the following information:

� HASP License Manager version number

� Status of each protocol (loaded, unloaded, or failed to load) and the date and time of the last change of status

� Status of the HASP License Manager (active or not active)

You can close the HASP License Manager main window by clicking the close button at the right corner of the title bar. However, the HASP License Manager will continue to run, and its icon will remain in the system tray.

To exit the program, choose Exit from the menu bar. If the HASP License Manager is installed as a Windows NT service, you cannot exit using this menu option.

Loading Protocols

To enable a protocol, select it in the Load menu. You can only enable protocols which have been installed on the machine.

Unloading Protocols

To disable a protocol, select it in the Remove menu.



Viewing the Activity Log

To view a log of the HASP License Manager activity, select Activity Log from the menu bar. The Activity Log window is opened.

To view the log for a specific protocol, select the protocol from the drop-down list.

Multiple Network Adapters

HASP LM always binds to the first available network adapter. To allow the LM to serve requests arriving at other network adapters on a multi-homed system, IP Forwarding must be enabled within the Windows networking configuration.

The HASP LM binds itself to the default Windows network adapter.

When using the HASP LM on Windows operating systems, please note that the default network adapter can vary from one Windows version to another.

!



HASP License Manager for MacThe HASP License Manager for Mac is available for Mac OS X. It can communicate via TCP/IP.

The HASP License Manager for Mac consists of a daemon and a graphical user interface. The HASP License Manager for Mac can be operated by using the graphical user interface. Alternatively you can operate the daemon as a command-line tool.

Installing HASP License ManagerTo install HASP License Manager under MAC OS X use the HASP License Manager Install installation utility.

1. Double-click the HASP License Manager Install file in the HASP License Manager directory on the HASP CD.

2. Enter your administrator password.

3. Choose a location.

4. Select Install to perform installation.

Activating and Deactivating HASP License Manager To activate the HASP License Manager, start the application from the applications menu and start the daemon by choosing Start Daemon in the application window. Alternatively you can start the daemon using the installation script.

To install HASP License Manager you need to log on as administrator.

To load the HASP License Manager automatically, activate the Activate in system startup option.



Operating HASP License ManagerYou can operate the HASP License Manager by using the graphical user interface. Alternatively you can operate it as a command-line tool, see "Switches for the HASP License Manager" (page 258).

The HASP License Manager for Mac displays the following information:

� Server name and IP address of the server

� Available switches

� If the daemon is started during system startup

� The daemon status


� Setting switches (only when the daemon process is not running)

� Starting and stopping the daemon

� Activating the daemon at start up

Setting a Server Name

You can assign up to six server names to the HASP License Manager.

To assign a server name, stop the daemon if it has already been started. Activate the SRVNAMES option and enter up to six names. Separate the names with semicolons, colons, or spaces. The names will be assigned when the daemon is started.

You cannot assign server names to a running daemon, because the names are assigned when the daemon is started.

Avoid using non-ASCII characters in server names, since their codes differ form system to system. Server names are not case-sensitive.



Setting a Configuration File

You can configure the HASP License Manager for Mac using a configuration file. To set name and path of the configuration file, activate the CFGFILE option and enter path and name. For information about the configuration file refer to "Settings in nhsrv.ini Configuration File" (page 259).

Starting and Stopping the Daemon

To start and stop the daemon, use the buttons in the application window.

Activating the Daemon Automatically

You have the option to activate the daemon automatically at system start up. To do this, activate the Activate in system startup option.



HASP License Manager for LinuxThe HASP License Manager (LM) for Linux is available for all distributions of Linux. RPM packages are however only available for the following Linux distributions:

� Red Hat 7.2 and RedHat 7.3

� SuSE7.3 and SuSE 8.0.

The HASP LM for Linux consists of a daemon. It communicates with the TCP/IP protocol and serves Linux, Win32, Win64 and Mac Clients.

Installing HASP License ManagerYou can automatically install the HASP LM for Linux using RPM packages for the distributions listed above.

To install HASP LM on SuSE7.3 or 8.0

Use the following SuSe RPM package:

rpm -i hasplm-suse-8.08-1.i386.rpm

To install HASP LM on RedHat 7.2 or 7.0

Use the following RedHat RPM package:

rpm -i hasplm-redhat-8.08-1.i386.rpm

To install HASP LM on other Linux Distribution

You must install the HASP LM manually.

1. Unpack the archive using:tar-xzf [path/]linuxlm_8_08.tar.gzThe �linux-hasplm_8_08� directory is created.

Before installing the LM on Linux, you must first install the HASP driver and aksusbd daemon. !



2. Change into this directory and execute as root:./dinstThis will install the HASP LM and configure the system to automatically start the daemon at system boot.

Activating and Deactivating the HASP License Manager

If properly installed, the HASP LM should automatically be activated once the system is rebooted.

To deactivate the HASP LM, you must uninstall the daemon. For example, to uninstall the HASP LM running on RedHat 7.3 enter the following:

rpm -e hasplm-redhat



Customizing the HASP License ManagerWhen installing and operating the HASP License Manager you may want to adapt it to the network environment. You can use one the following methods:

� Operate the HASP License Manager with switches.

� Use the configuration file nhsrv.ini.

� Use the License Manager Installation API (Win32 only).

Switches for the HASP License ManagerThe HASP License Manager can be activated with various switches that instruct the HASP4 Net system which protocols to use and how to serve the HASP4 Net clients.

Table 16.1 HASP License Manager Switches

Switch Explanation

Lin

ux

Win

dow

s

Mac

-c Specify the location of the configuration file for the HASP License Manager.

yes no yes

-help Display a list of available switches. yes no yes



Settings in nhsrv.ini Configuration File

To configure the HASP License Manager you can use the configuration file nhsrv.ini. A copy of nhsrv.ini is included with the HASP utilities.

Search Order

You can place nhsrv.ini and the executable of the HASP License Manager in the same directory or in any other location in accordance with the nhsrv.ini search order described in the table below.

Table 16.2 Search Order for nhsrv.ini

Operating System Search Order

Windows 95/98/ME Executable file directory Current directoryWindows system directoryWindows directoryPath

Windows NT4/2000/XP/Server 2003

Executable file directory Current directoryWindows 32-bit system directoryWindows 16-bit system directoryWindows directoryPath

Linux To use a configuration file, you must set the name and the path for the configuration file using the -c switch.

Mac To use a configuration file, you must set the name and the path for the configuration file using the -c switch.



Server settings

Server parameters are specified in the nhsrv.ini.file and not on the command line. This way, parameter specification for the License Manager service is made easier, and configuration is simplified and consolidated within a single file.

For Win32 platforms, the nhsrv.ini. should reside in the same directory from where the program executable is deployed. For Linux and Mac platforms there is no default storage place for the file; you must specify which configuration file to use. For example:

./hasplm -c /etc/nhsrv.ini

nhsrv.ini. Settings

The Win32 NetHASP License Manager configuration file requires HASP LM version 8.2 or higher to function. Boolean switches may have the following values:

Global LM Settings

You can fine tune settings for the HASP License Manager in its configuration file. The HASP License Manager configuration file, nhsrv.ini, contains the [NHS_SERVER] section which is used to set global License Manager settings. The following is a list of keywords in the [NHS_SERVER] section:

Keyword NHS_IP_USERLIST

Description Maximum number of concurrent logins to LM. Maximum number is 65520.

Default 1000

Example NHS_IP_USERLIST =1000

Table 16.3 Boolean Values for HASP LM nhsrv.ini.

1 yes true enabled

0 no false disabled



Keyword NHS_IP_SERVERNAMES

Description Server name to match the name a client requests. Maximum of 6 names. Maximum 7 characters per name. Multiple names separated by comma.

Default none

Example NHS_IP_SERVERNAMES= cad, 3242e3

Keyword NHS_HIGHPRIORITY

Description Runs LM at high priority. Default runs the LM on normal priority. Switch applies only to Win32. When this switch is set to yes, check to see how performance of other services (file server, web server, etc.) running on the same machine is affected.

Default no � runs at normal priority.

Example NHS_IP_HIGHPRIORITY= no

Settings for the IP Protocol

You can fine tune settings for the HASP License Manager in its configuration file. The HASP License Manager configuration file, nhsrv.ini, contains the [NHS_IP] section which is used to define settings for the IP protocol. The following is a list of keywords in the [NHS_IP] section:

Keyword NHS_USE_UDP

Description Setting can be either enabled or disabled.

Default enabled

Example NHS_USE_UDP=enabled



Keyword NHS_USE_TCP


Default enabled

Example NHS_USE_TCP=enabled

Keyword NHS_IP_PORTNUM

Description IP port number. This switch applies only to Win32. Port number 475 is the exclusively registered IANA number for Aladdin LM.

Default 475

Example NHS_IP_PORTNUM=475

Keyword NHS_IP_LIMIT

Description Specifies the range stations which are allowed to access the currently activated HASP LM. The last byte may be a range. Multiple entries should be separated by commas.The list may be split through several lines. The following wildcard (asterisk) byte combinations are possible:4th,4th,3rd or 4th,3rd,2nd. An additional bitmask can be specified as the number of one-bits (e.g. 10.0.0.0/8).

Default none

Example NHS_IP_LIMIT = 10.242.18-99,10.1.1.9/16 10.25.0.0/ 24192.0.0*,194.0*,*,11.*,*,*10.24.7.8-12/30, 10.24.2.17

Clients must use the same port!!



Settings for the IPX Protocol (Win32 only)

You can fine tune settings for the HASP License Manager in its configuration file. The HASP License Manager configuration file, nhsrv.ini, contains the [NHS_IPX] section which is used to define settings for the IPX protocol. The following is a list of keywords in the [NHS_IPX] section:

Keyword NHS_USE_IPX


Default enabled

Example NHS_USE_IPX= yesKeyword

Keyword NHS_ADDRPATH

Description Path to haspaddr.dat file. The IPX address of the current LM will be written to haspaddr.dat in the specified directory. Clients can specify this file in their nethasp.ini file.

Default current directory

Example NHS_ADDRPATH=c:\temp

Keyword NHS_APPENDADDR

Description Appends address data to the hapaddr.dat. If enabled, the current LM�s address is added to an existing haspaddr.dat. This is particularly useful when multiple HASP License Managers exist. All the LMs can be searched by the client. The LM does not search for duplicates when adding an address.

Default replace

Example NHS_APPENDADDR=no



Keyword NHS_USESAP

Description Setting can be enabled or disabled to allow the HASP LM to announce itself to the network via the Service Advertising Protocol (SAP). SAP enables clients to find the LM for different subnets. IPX is normally configured to run a virtual subnet on Win NT/2000/XP/Server 2003 machines, therefore SAP is essential in enabling clients to find the LM.

Default enabled

Example NHS_USESAP=enabled

Keyword NHS_IPX_SOCKETNUM

Description The IPX socket number. All clients must use the same default socket number. The number should not be altered. Note: clients must use the same port!

Default 0x7483

Example NHS_IPX_SOCKETNUM= 0x7483

Settings for the NetBIOS ProtocoL

You can fine tune settings for the HASP License Manager in its configuration file. The HASP License Manager configuration file, nhsrv.ini, contains the [NHS_NETBIOS] section which is used to define settings for the NetBIOS protocol. The following is a list of keywords in the [NHS_NETBIOS] section:

Keyword NHS_USE_NETBIOS

Description Setting can be enabled or disabled. If you are certain that you do not need NetBIOS for LM communication, disable the switch to save network and memory resources.

Default enabled

Example NHS_USE_NETBIOS=enabled



Keyword NHS_NBNAME

Description Use switch to alter name. Note: Clients must use the same name which must be unused in your NetBIOS name space. Names must follow NetBIOS naming conventions.

Default enabled

Example NHS_NBNAME=MyNBName

Keyword NHS_USE_LUNA_NUMS

Description Included only for the sake of compatibility with older versions.

Default all (automatic)

Example NHS_USE_LUNA_NUMS=3,0,7,2

Do not use this switch unless you are certain you need to specify a new NetBIOS name!



HASP License Manager Installation APIThe custom API provides a set of functions with which you can install and remove the HASP License Manager service.

Installing with HaspLMInstall()

Purpose Installs and/or enters the correct registry settings for the HASP License Manager Windows NT service.

Structure DWORD HaspLMInstall(

);

Parameters

DWORD InstallMode //Installation mode

LPSTR LMPath //Path to HASP License Manager

LPSTR CmdLineSwitches //Command-line switches

InstallMode Sets the characteristics of the installation process.

LMPath Full path to the location where the HASP License Manager program file nhsrvice.exe resides. It is used by the Service Control Manager to locate the HASP License Manager.

If you pass a Null string, then the function uses the path to the DLL, appending the default name of the HASP License Manager executable, "nhservw32.exe".

It is recommended that the path be to the file which on the HASP CD is found at: Utilities\Servers\Win32\Service\nhsrvice.exe.

CmdLineSwitches Empty string or other string containing command-line switches used in loading the HASP License Manager. See "Switches for the HASP License Manager" (page 258).



InstallMode Options

Return Values If successful, the function returns the value LM_SUCCESS. If it failed, the function returns the value LM_FAIL. You can retrieve the error details by calling HaspLMLastError().

Special Considerations

This function does not copy HASP License Manager files.

Removing with HaspLMRemove()

Purpose Removes the registry settings for the HASP License Manager service or uninstalls the service.

Structure DWORD HaspLMRemove(

);

Parameters

LM_SERVICE_INSTALL Installs the HASP License Manager as a Windows NT service.

LM_SERVICE_START While LM_SERVICE_INSTALL installs the HASP License Manager as a Windows NT service, this option enables you to run the HASP License Manager without reboot. Call HaspLMInstall() with this parameter after you first call with LM_SERVICE_INSTALL, or call this parameter ORED LM_SERVICE_INSTALL.

DWORD RemoveMode //Removal mode

LPSTR LMPath //For future use

RemoveMode Sets the characteristic of removal process.

LMPath For future use. Currently, the value is NULL.



RemoveMode Options

Return Values If successful, the function returns the value LM_SUCCESS. If it failed, the function returns the value: LM_FAIL. You can retrieve the error details by calling HILastErrorEx().

Special Considerations

Removing the HASP License Manager Windows NT service sends a command to the HASP License Manager to close if it is running.

Displaying Information with HaspLMInfo()

Purpose Receives information related to the installed HASP License Manager Windows NT service and other general information.

Structure DWORD HaspLMInfo(

);

Parameters

Return Values If successful the function returns the value LM_SUCCESS. If failed the function returns the value: LM_FAIL. You can retrieve the error details by calling HILastErrorEx().

LM_REMOVE_SERVICE

Removes the HASP License Manager Windows NT service.

LM_REMOVE_SERVICE_UNLOAD

Removes the HASP License Manager Windows NT service from memory. The service remains installed and will run again upon the next restart.

LPLMINFO lpLMInfo, //Address of structure of information

lpLMInfo Points to a LMINFO structure that receives information relating to the installed HASP License Manager service.



Requesting Status with HaspLMLastError()

Purpose Retrieves information about the last call to one of the HASP License Manager API functions.

Structure DWORD HaspLMLastError(

);

Parameters

Return Values If successful, the function returns the value LM_SUCCESS. If it failed, the function returns the value LM_FAIL.

Error Messages

The HASP LM Installation functions return the following error messages:

Table 16.4 HASP LM Installation API Error Codes

DWORD *System Error //Address of location of system error

LPSTR ErrorStr //Address of error description buffer

DWORD ErrorStrSize //Size of error description buffer

*System Error Points to a variable containing the system error number.

ErrorStr Points to a buffer to receive the last error description of the HASP License Manager Windows NT service.

ErrorStrSize Size of ErrorStr buffer (in bytes).

Error Description

CLOSE_KEY_FAIL Failed to close the key.

CLOSE_SERVICE_FAIL Failed to close the service.

CLOSE_SERVICE_MANAGER_FAIL Failed to close the service database manager.



CONTROL_SERVICE_FAIL Failed to control the service

CREATE_SERVICE_FAIL Failed to create the service.

DELETE_SERVICE_FAIL Failed to delete the service

FREE_LIB_FAIL Failed to free the DLL.

GET_DATE_FAIL Failed to get date.

GET_PROC_ADDR_FAIL Failed to get an address from the DLL.

INVALID_PARAM Invalid parameter.

LOAD_LIB_FAIL Failed to load the DLL.

OPEN_KEY_FAIL Failed to open the key.

OPEN_SERVICE_FAIL Failed to open the service.

OPEN_SERVICE_MANAGER_FAIL Failed to open the service database manager.

SERVICE_NOT_SUPPORTED This service is not supported.

SET_VALUE_FAIL Failed to set a value.

START_SERVICE_FAIL Failed to start the service.

Error Description


Part 4 - Chapter 17

ConfiguringHASP4 Net Clients

This chapter describes how an application protected for HASP4 Net - the HASP4 Net client - can be configured with a configuration file.

If the client finds its respective configuration file, it reads the file and uses the information. If not, default values are used.

In the HASP4 Net client configuration file you can fine-tune how the HASP4 Net client searches for the HASP License Manager.

The default filename of the HASP4 Net configuration file is nethasp.ini. A copy of nethasp.ini is included with the HASP utilities and also with each HASP API. If you want to change the name, you need to implement the new name when protecting the application with HASP Envelope or the HASP API.

Search Sequence for Configuration FileThe search sequence for the file depends on the operating system and the type of application.

The protected application searches for the configuration file when the first HASP4 Net service is accessed. It searches for the HASP4 Net client configuration file in the following locations:


Configuring HASP4 Net Clients Part 4 - Chapter 17

Table 17.1 nethasp.ini Configuration File Search Order

Sections in the Configuration FileThe HASP4 Net client configuration file consists of four sections, each of which is optional:

� [NH_COMMON] for general settings

� [NH_IPX] for the IPX protocol

� [NH_NETBIOS] for the NetBios protocol

� [NH_TCPIP] for the TCP/IP protocol

The [NH_COMMON] section contains global settings for all configuration file sections. Each of the other sections contains settings which fine-tune operations for the specific protocol.

Application Type/Operating System

Search Sequence

Win16 Current directory → Windows directory → Windows system directory → Executable file directory → Path

Win32 Executable file directory → Current directory → Windows system directory → Windows directory → Path

Mac OS 8.6, 9.1,Mac OS X (only Carbon applications)

Current directory

Mac OS X Current directory → Home directory of the current user → /etc. directory

Under Mac OS X, nethasp.ini is searched without a leading dot. If you are using a case-sensitive system on Mac OS X, make sure the filename nethasp.ini is in lowercase.


Using HASP in a Network Configuring HASP4 Net Clients

Specifying KeywordsIn each section, you can specify either general or section-specific keywords. If you set a general keyword in one of the three protocol sections, you override the setting in the [NH_COMMON] section (for that protocol only).

Use the section-specific keywords to adjust additional settings for a particular protocol.

API and Envelope settings override configuration file settings.

Every line of the HASP configuration file you receive with the HASP software is preceded by a semicolon (;). To use a line, remove the semicolon. If you want to add comments, precede them with a semicolon.

The following sections describe each section in the HASP4 Net client configuration file. For each keyword, the possible values and a short description are included. When a default value exists, it is listed.

Names of HASP4 Net configuration files and their keywords are not case-sensitive (except for the filename under Mac OS X if a case-sensitive file system is used).



[NH_COMMON]

Section-Specific Keywords for [NH_COMMON]

nh_ipx

nh_netbios

nh_tcpip

General Keywords for [NH_COMMON]

nh_session

Possible values enabled, disabled

Description Use the IPX protocol.


Description Use the NetBIOS protocol.

Possible value enabled, disabled

Description Use the TCP/IP protocol.

Possible values <number>

Description Set the maximum length of time during which the protected application tries to establish communication with the HASP License Manager.

Default 2 seconds



nh_send_rcv

[NH_IPX]

Section-Specific Keywords for [NH_IPX]

nh_use_bindery

nh_use_broadcast

nh_bc_socket_num


Description Set the maximum length of time for the HASP License Manager to send or receive a packet.

Default 1 second


Description: Use IPX with bindery. Ignored under Win32 API. This switch replaces the older switch named NH_USE_SAP.

Default: disabled


Description Use the IPX Broadcast mechanism.

Default enabled


Description Set the socket number for the broadcast mechanism. The number is hexadecimal.

Default 7483H



nh_use_int

nh_server_name

nh_search_method

nh_datfile_path

General Keywords for [NH_IPX]

Possible values 2F_NEW, 7A_OLD

Description 2F_NEW means that the IPX protocol will use interrupt 2Fh ONLY. 7F_OLD means that the IPX protocol will use interrupt 7Ah ONLY. disabled

Default 2F_NEW

Possible values <name1>, <name2>,...

Description Communicate with the HASP License Manager with the specified name. Maximum: 6 names, up to 7 case insensitive characters each.

Possible values localnet, internet

Description Determine whether the protected application communicates with only HASP License Managers on the local network, or with any HASP License Manager on the internetwork.

Default internet

Possible values <path>

Description Specify the location of the HASP License Manager�s address file.



nh_session

nh_send_rcv



Default 2 seconds



Default 1 second



[NH_NETBIOS]

Section-Specific Keywords for [NH_NETBIOS]

nh_nbname

nh_uselananum

General Keywords for [NH_NETBIOS]

nh_session

nh_send_rcv

Possible values <name>

Description Assign a name to the HASP License Manager.Maximum: 1 name, up to 8 characters (not case-sensitive).


Description Assign a lana number to be used as a communication channel.



Default 2 seconds



Default 1 second



[NH_TCPIP]

Section-Specific Keywords for [NH_TCPIP]

nh_server_addr

nh_server_name

nh_port_number

nh_tcpip_method

Possible values <address1>, <address2>

Description Set IP addresses of all the HASP License Managers you want to search. Unlimited addresses and multiple lines are possible.

Possible address format examples include:

IP address: 192.114.176.65Local hostname: ftp.aladdin.co.il

Possible values <name1>, <name2>,...

Description Communicate with the HASP License Manager with the specified name(s). Maximum: 6 names, up to 7 characters each (not case-sensitive).


Description Set the TCP/IP port number (optional).

Default 475

Possible values TCP, UDP

Description Send a TCP packet or a UDP packet.

Default UDP



nh_use_broadcast

General Keywords for [NH_TCPIP]

nh_session

nh_send_rcv


Description Use the UDP Broadcast mechanism.

Default enabled



Default 2 seconds



Default 1 second


Part 4 - Chapter 18

MonitoringHASP4 Net Licenses

Aladdin Monitor permits centralized administration of the HASP License Manager applications and the HASP4 Net keys.


� Checking the properties of the HASP License Manager.

� Checking HASP4 Net keys.

� Starting and stopping the HASP License Manager service.

Aladdin Monitor is available for the following environments: Windows 98/ME, Windows NT/2000/XP/Server 2003. It can communicate via TCP/IP and IPX.

Distributing Aladdin MonitorSupply your customers with Aladdin Monitor. The Aladdin Monitor comes with a online help file.

You can configure Aladdin Monitor with a HASP4 Net client configuration file, see "Configuring HASP4 Net Clients" (page 271)


Monitoring HASP4 Net Licenses Part 4 - Chapter 18

Installing Aladdin MonitorYou can install Aladdin Monitor on any station in the network. It is not necessary to install a HASP License Manager on the same station.

To install Aladdin Monitor use the installation utility aksmon.exe. and follow the instructions of the installation wizard.

Settings for Aladdin MonitorYou can adapt the following program settings to meet your requirements:

� The language used (German or English).

� The refresh frequency for the dialog box (default setting every 2 seconds).

� The frequency of network queries (default setting every 3 minutes).

� If you want to use the Hardlock mode, the HASP mode or both.

� If you want to use the nethasp.ini configuration file.

To change the settings, select Settings from the File menu. The changes become active after the program is restarted.


Using HASP in a Network Monitoring HASP4 Net Licenses

Checking the Properties of HASP License Manager

In the left-hand part of the window, click the HASP License Manager for which you want to check the login information.

The HASP License Manager information is displayed in the right-hand part of the window.

The following information about the selected HASP License Manager is displayed:

� General information about the selected HASP License Manager (Table 18.1).

� Information about the HASP4 Net keys being managed (Table 18.2).

Table 18.1 HASP License Manager Information

If HASP License Manager is not displayed, first double-click the HASP LM folder or refresh the view by selecting File/Rescan.

HASP License Managers listening to NetBIOS only are currently not recognized by Aladdin Monitor.

Box Meaning

Name Name of the computer on which HASP License Manager is running.

Version Version of the HASP License Manager.

IP IP address of the computer



Table 18.2 HASP Key Information

Checking HASP KeysIn the left-hand part of the window, click the HASP key for which you want to check the login information. The HASP key can only be checked, if a login has been performed.

The HASP information is displayed in the right-hand part of the window.

The following information about the selected HASP key is displayed:

� General information about the HASP key (Table 18.3).

� An overview of the programs (Table 18.4).

� An overview of logins for the individual programs (Table 18.5).

IPX IPX address of the computer

LM Type Version of HASP License Manager

TCP/IP, IPX

Here, you can see which protocols are used.

Box Meaning

HASP # Cumulative number of the HASP key.

HASP Model

Maximum possible number of licenses.

Current Stations

Stations currently logged in.

Box Meaning

If the key is not displayed, first double-click the HASP License Manager which is making the key available, or refresh the view by selecting File/Rescan.


Using HASP in a Network Monitoring HASP4 Net Licenses

Table 18.3 HASP Information

Table 18.4 Program Table

Table 18.5 Login Table

Box Meaning

HASP # Cumulative number of the HASP key.

Box Meaning

Program No. Number representing the protected program.

Current Stations Stations currently logged in.

Maximum Stations Maximum possible number of stations.

Activations Maximum number of program activations.

Box Meaning

No. Cumulative number of the login.

Login ID Address under which the station logged in.

Protocol Protocol used.

Timeout Time which must elapse without activity until the login entry is deleted or cancelled (in seconds).



Starting and Stopping HASP License Manager as a Service

The HASP License Manager service enables you to administer HASP4 Net keys on an NT workstation.

You can use the Aladdin Monitor to start and stop the HASP License Manager service on the local computer.

Starting the ServiceSelect Start HASP LM Service in the HASP LM Service menu or the Services/HASP menu. Alternatively, you can use the traffic light symbol. The service is started and can now make available locally connected HASP4 Net keys within the network.

Alternatively, you can start the service using the context-sensitive menu. To do this, right-click the HASP LM folder and select Start HASP LM.

Stopping the ServiceSelect Stop HASP LM Service in the HASP LM Service menu or the Services/HASP menu. Alternatively, you can use the traffic light symbol.

The service is stopped. The view is then refreshed. This may take some time since it involves searching through the entire network.

Alternatively, you can stop the service using the context-sensitive menu. To do this, right-click the HASP LM folder and select Stop HASP LM.


Part 5 - Chapter 19

Adapting HASP4 Netto the NetworkThis section describes additional HASP License Manager switches and nethasp.ini keywords you can use to further adjust the HASP4 Net system to your network environment.

Defining the Range of Stations under IPX

With IPX, you can allow specific stations on a different segment to access the HASP License Manager.

To allow access from a different segment:

1. Load the HASP License Manager with the -ipxnosap switch.

This ensures that the address of the HASP License Manager is not advertised using the SAP mechanism, and is advertised in the HASP4 Net address file newhaddr.dat.

2. Edit the nethasp.ini file as follows:

� In the [NH_COMMON] section, set NH_IPX = Enabled

� In the [NH_IPX] section, set NH_USE_BROADCAST = Disabled


Adapting HASP4 Net to the Network Part 5 - Chapter 19

� In the [NH_IPX] section, set NH_USE_BINDERY = Disabled

These settings instruct the protected application running on stations in the range to search for the address file and read the address of the HASP License Manager.

3. Copy the protected application and the nethasp.ini file to the same directory. Make sure that each station in the range, and only stations in the range, load the application from this directory.

Defining the Range of Stations under TCP/IP

There are two methods to define the range of stations under TCP/IP. You can either specify the range of stations that the HASP License Manager serves, or you can specify that the range of stations search for a particular HASP License Manager.

Specifying the Range Using nhsrv.iniThe HASP License Managers for Windows, Win32 and Mac can read a configuration file - nhsrv.ini. You can edit this file to specify the range of stations the HASP License Manager serves under TCP/IP.

To specify the range of stations, edit the nhsrv.ini file as follows:

� In the [NHS_SERVER] section, NHS_IP_LIMIT = <ipaddr> [,<ipaddr....]

Sample Formats for <ipaddr>

When you specify the range of stations using nhsrv.ini, you can use any of the following formats:

� 10.1.2.3


Using HASP in a Network Adapting HASP4 Net to the Network

The HASP License Manager serves only the station with the specified IP address.

� 10.1.2.*

The HASP License Manager serves only stations that match the specified IP address mask, i.e. 10.1.2.0 through 10.1.2.255.

� 10.1.*.*

The HASP License Manager serves only stations that match the specified IP address mask, i.e. 10.1.0.0 through 10.1.255.255.

To allow only some of the stations to access the HASP4 Net in a TCP/IP-based network:

1. Edit nhsrv.ini and set the range of stations.

2. Copy nhsrv.ini to a location accessible by the HASP License Manager.

Specifying the Range Using nethasp.iniYou can edit the HASP4 Net configuration file to specify the HASP License Manager (according to address) for which a range of stations searches.

To specify the HASP License Manager for which a range of stations searches:

1. Edit the nethasp.ini file: In the [NH_TCPIP] section, set NH_SERVER_ADDRESS= <address of HASP License Manager>

2. Copy the nethasp.ini to a location accessible only to the desired range of stations.


Adapting HASP4 Net to the Network Part 5 - Chapter 19

Defining the Range of Stations under NetBIOS

To allow only some of the stations to access the key in a NetBIOS-based network:

1. Load the HASP License Manager with the -nbname switch set to a name of your choice (up to 8 characters, not case-sensitive). This defines the NetBIOS name of the HASP License Manager.

For example, to load haspserv.exe and define the NetBIOS name of the station as firstsrv, enter:

haspserv -nbname = firstsrv

2. Edit the nethasp.ini file:

� In the [NH_COMMON] section, set NH_NETBIOS = Enabled

� In the [NH_NETBIOS] section, set NH_NBNAME = firstsrv

This links the stations to the NetBIOS name.

3. Copy the protected application and the nethasp.ini file to the same directory. Make sure that each station in the range, and only stations in the range, load the application from this directory.

You cannot have two stations with the same NetBIOS name. If you want to load the HASP License Manager on more than one station, you must define a different NetBIOS name for each HASP License Manager.


Using HASP in a Network Adapting HASP4 Net to the Network

Adapting the Timeout LengthThe HASP License Manager cannot serve more than one request at a time. The timeout length determines how long a protected application repeatedly tries to access the HASP License Manager before giving up.

In almost all networks, the default timeout values are sufficient, so you only need to change the default values in networks that have a HASP4 Net connected to a slow or busy station.

To define the timeout length:

In the appropriate section of the nethasp.ini file, set:

NH_SESSION = <m>

NH_SEND_RCV = <n>

where m and n are measured in seconds. By default, m is 2 seconds and n is 1 second.

Defining the Number of Protected Applications Served

With the HASP License Manager, you can change the default number of protected applications served. By default the HASP License Manager can serve a maximum of 250 (NLM) or 1000 (Win32, Mac) protected applications.

The HASP License Manager allocates memory space for the maximum number of protected applications. If necessary, you can save memory space by changing this default value.

To change the default memory space allocation:

Load the HASP License Manager with the switch:

nhsrvw32 -userlist = n

where n is the number of protected applications it serves.

The -userlist switch is only available for Win32.


Part 5Using the Remote

Update SystemThis part provides you with information on the Remote Update System, which enables you to update the memory of HASP keys already in your customers� possession.

The chapter "Remote Update System" (page 295) describes the RUS concept and relevant tools.

The chapter "Remote Update System API" (page 315) contains information on the API which can be used to update keys remotely.


Part 5 - Chapter 20

Remote UpdateSystem

The HASP Remote Update System (RUS) is an advanced utility for secure, remote updating of a customer�s HASP key(s).

RUS enables you to update the memory of HASP keys already in your customers� possession. You encrypt the additions and changes you make to the memory and then send them to your customer via telephone, fax or e-mail.

Your revisions to the memory enable or modify the execution of software modules. For example, with the new parameters you set, the customers can upgrade a demo application to a fully licensed version.

With RUS, you are able to update the memory of the HASP4 M1, HASP4 M4, HASP4 Time and HASP4 Net models.


Remote Update System Part 5 - Chapter 20

Implementing RUSImplementation of RUS involves the two following stages:

� Creating the RUS Utilities

� Updating your customer�s HASP

RUS UtilitiesWith RUS, you create two utilities:

� Vendor utility

� Customer utility

Keep the Vendor utility for use at your site and supply the Customer utility to your customer.

To update the HASP, you and your customer each use your respective RUS utilities to update the HASP memory.

Update Procedure

To update the HASP memory:

1. The customer uses the Customer utility to retrieve the ID number of the key which requires updating and informs you of the number.

2. Enter the ID number and the updated data in the Vendor utility.

3. Generate the RUS passwords in the Vendor utility, and supply them to your customer.

4. Your customer enters the RUS passwords into the Customer utility and updates the memory of the HASP key.


Using the Remote Update System Remote Update System

.

Stages of the Remote Update SystemThe illustrations that follow display the two stages involved in the remote updating of HASP keys:

Figure 20.1 Stage 1: Creating the RUS Utilities

The process of updating a customer's HASP key is completely secure. All data passed between you and your customer is randomly encrypted. In addition, RUS passwords are specific to the key for which they were generated, and cannot update any other key but that one.



Figure 20.2 Updating the HASP Memory



Creating the RUS UtilitiesWhen you generate the two separate utilities - one for you and one for your customer - you use two RUS installation programs: vendinst.exe and custinst.exe.

Specifically, vendinst.exe generates the Vendor utility, vendor.exe, and the custinst.exe generates the Customer utility, customer.exe.

Both vendinst.exe and custinst.exe are located in the RUS directory. The RUS directory also contains two subdirectories. The IBM subdirectory contains BIN files needed to generate the RUS utilities for IBM computers and compatibles. The NEC subdirectory contains BIN files needed to generate the RUS utilities for Japanese NEC computers. When you generate the utilities, you copy the contents of the appropriate subdirectory to the RUS directory.

Generating the RUS UtilitiesWhen you generate the RUS utilities, make sure that the files vendinst.exe, vendor.bin, custinst.exe and customer.bin are located in the same directory:

� If you intend to run the RUS utilities on an IBM, copy the contents of the IBM subdirectory to the RUS root directory.

� If you intend to run the RUS utilities on an NEC computers, copy the contents of the NEC subdirectory to the RUS root directory.

To generate the RUS utilities:

1. Connect your application�s HASP key to your computer.

2. Enter the following from the DOS command line to generate the Vendor utility:

vendinst <password1> <password2> [target pc]

You should supply your customers with customer.exe and customer.hlp.



3. Enter the following from the DOS command line to generate the Customer utility:

custinst <password1> <password2> [target pc]

You have now generated the RUS utilities

RUS Installation ParametersWhen you generate the RUS utilities from the DOS command line, specify the following parameters:

password1, password2

The passwords of the required HASP key.

target pc

An optional switch which specifies the type of computer on which the RUS utility is to run:

As the Vendor and Customer utilities are generated with passwords belonging to a specific HASP key (or a batch of keys with the same developer code), they are customized to update only this particular HASP key (or batch of keys).

Switch Function

-ibm The target computer is an IBM PC or compatible. It is the default.

-nec The target computer is a Japanese NEC computer.



The Vendor UtilityYou use the Vendor utility to specify the new data for your customer�s HASP key.

This new data is transferred in the form of RUS passwords which you generate and supply to your customer.

Refer to "The Customer Utility" (page 310) to see how your customer later uses these RUS passwords to update the HASP key.

Generating RUS Passwords

To generate RUS passwords:

1. Type the following DOS command line to activate vendor.exe:

vendor

The Vendor main screen appears:

2. Click the arrow to the right of the HASP Type field and select your customer�s HASP model from the drop-down list.

3. Enter the HASP ID number of your customer�s key in the ID Number field.



This number is supplied to you by your customer, who uses the Customer utility to retrieve it. For more details, see "The Customer Utility" on page 310.

4. Enter the data with which you want to update your customer�s key. There are two ways to enter data, FAS mode and Direct mode.

� Click FAS to enter new Full Authorization System (FAS) protection parameters. The screen displays the FAS parameters for the HASP model you selected. See the section below, "Entering Data in FAS Mode"for further instructions.

� Click Direct to edit the HASP memory. See the section below, "Entering Data in Direct Mode"for further instructions.

During a single RUS session you can either enter FAS parameters or edit the key�s memory, but you cannot do both.

5. Click Config if you want to use a configuration file. In the window that opens, you can:

� Save the parameters you have set to a configuration file.

Type the filename, or choose a file by clicking Browse, and then click Save.

� Load previously saved parameters from a configuration file.

Type the filename, or choose a file by clicking Browse, and then click Load.

6. Click Generate to generate the RUS passwords and then OK to display the RUS passwords. There can be as many as 11 RUS passwords.

You can save the RUS passwords to a file by checking Save RUS passwords to a File, entering the name of a file, and then clicking OK. This file can then be used with the Customer utility to load the RUS passwords automatically.



Now supply the RUS passwords to your customer, who can then update the HASP key by using them with the Customer utility.

Entering Data in FAS ModeWith settings for the Full Authorization System (FAS), you can set the protection parameters of your program(s). See page 22 and page 112 for details on FAS.

The following are the FAS parameters you can set in RUS:

Program Number

Each program is assigned its own number. If you are updating the protection parameters of a program, specify the number you previously assigned it. If you are adding a new program, give it a new number.

Do not assign a value greater than the maximum number of programs which can be saved in the HASP key. The following is the range of numbers you can assign the different keys:

� 1-16 for HASP4 M1

� 1-112 for HASP4 M4

� 1-8 for HASP4 Time

� 1-112 for HASP4 Net

Number of Authorized Activations

This value is the maximum number of activations you allow a protected application. Enter a number of your choice in this field. Alternatively, enter U to authorize an unlimited number of activations. You can specify this parameter when using HASP4 M1, M4 and HASP4 Net.

You can set FAS parameters for only one program during a single RUS session. You generate RUS passwords separately for each program you update.



Expiry Date

This parameter, which is relevant only for the HASP4 Time keys, indicates the date after which the protected program cannot run. Enter two-digit numbers for the day, month and year of the application�s expiry date. Type �00-00-00� if you want to set an unlimited expiry date.

Number of Authorized Stations

This parameter, which is relevant only for the HASP4 Net keys, indicates the number of stations authorized to run the protected application at the same time.

Assign a value no greater than the maximum number of stations supported by your customer�s HASP4 Net model (i.e., 5 for HASP4 Net5, and 10 for HASP4 Net10 etc.). If you have a HASP4 NetU, you can enter U to authorize an unlimited number of stations.

Entering Data in Direct ModeWhen you enter data in Direct mode, you can edit up to 16 consecutive memory cells.

The Edit Memory in Direct Mode screen appears as follows:

Note: It is recommended that the number of stations used for HASP4 NetU not exceed 200.



Enter data in the following fields:

Start Address

At this address, you begin updating the HASP memory. Enter a decimal value. Do not leave this field empty.

Data Cells

The 16 data cells are displayed in three modes (Characters, Decimal, and Hexadecimal), each in a separate pane. Enter data in any one of the three panes in the format of that pane.

Entering data in one pane updates simultaneously the corresponding cells in the other panes with analogous values.

To move between panes, click the mouse on any one of the cells in the desired pane.

You can enter data in fewer than 16 cells. However, do not leave an empty memory cell between any two cells containing values.



Activating the Vendor Utility with Switches

Using DOS command line switches can save you time and keystrokes. Switches also enable you to execute the Vendor utility from batch files or from within your own applications without going through the utility screens.

Vendor Utility Command-Line Switches

The following table lists the command-line switches and a brief description of each. You can use the full string of a switch or its brief notation represented by the upper-case characters contained within the string. For example, you can enter either -HT or -HaspType.

Table 20.1 Vendor Utility Command Line Switches

Switch Function

-Help Displays a list of all switches and a brief explanation of each.

-HaspType <HASP type> Enter the type of HASP key your customer uses. Possible values are:memo For HASP4 M1, M4 keystime For HASP4 TimenetFor HASP4 Net keys

-IDnum <HASP ID number>

The hexadecimal value of the customer's HASP ID number.

-CfgFile <configuration filename>

The full path and name of a configuration file in which some or all of the parameters set in the Vendor utility were previously saved.

-DiRect Indicate that the data is entered in Direct mode.

-Fas The data with which you set FAS parameters.

-GenPassFile <filename> The name of the file to which you save the RUS passwords.

-PrgNum <program number>

The number you assign the program.



Sample Use of Command Line Switches

The following examples demonstrate the activation of the Vendor utility from the command line:

vendor -bh -ht memo -id 7a37381e -f -pn 5 -ac u -gpf ruspass.txt

Run the Vendor utility (vendor) in batch mode (-bh) without entering the utility screen. The customer�s key which requires updating is a HASP4 M1, M4 (-ht memo), whose ID number is 7a37381e (-id 7a37381e). Update it using FAS (-f), setting for program number 5 (-pn 5) an unlimited number of authorized activations (-ac u). Generate the RUS passwords, saving them to a file named ruspass.txt (-gpf ruspass.txt)

-STations <number of stations>

The number of stations authorized to activate a program. This FAS parameter is relevant to HASP4 Net keys only.

-ACtivations <number of activations>

The maximum number of activations for a program. Enter U to allow an unlimited number of activations. This FAS parameter is applicable to HASP4 M1, M4 and HASP4 Net keys.

-ExpDate <mm-dd-yy> The program�s expiry date. Enter 00-00-00 to set an unlimited expiry date. This FAS parameter is relevant only to HASP4 Time.

-StartAddr <start address> The start address for editing memory in Direct mode.

-DataD <dataD1>.<dataD16>

Up to 16 decimal values with which you edit the HASP memory.

-DataH <dataH1>.<dataH16>

Up to 16 hexadecimal values with which to edit the HASP memory.

-DataS <"string" > The number of characters (up to 32 for HASP4 M1, M4 and HASP4 Net keys, and up to 16 for HASP4 Time) with which to update the HASP memory. Enter the string using quotation marks.

-BatcH Runs the Vendor utility in batch mode without entering the utility screens.

Switch Function



vendor -ht net -dr -dd 12 15 25

Run the Vendor utility (vendor) to update a HASP4 Net (-ht net). Edit the memory (-dr) so that the first three memory cells (-dd) receive 12, 15, and 25 as decimal values. (The character and hexadecimal data fields receive the corresponding values automatically.)

Vendor Utility Error Codes

The Vendor utility returns the DOS error level codes listed in the table below:

Table 20.2 Vendor Utility Error Codes

The file ruspass.txt can be used in conjunction with the Customer utility to load the RUS passwords automatically.

Code Description

2, 5 Invalid/missing ID number

3, 4 Invalid/missing Hasp key type

7, 8 Invalid/missing program number for FAS

9, 10 Invalid/missing number of authorized activations for FAS

11, 12 Invalid/missing number of authorized stations

13, 14, 16 Invalid/missing start address

15, 20 Invalid/missing data arguments

17, 18 Data argument is out of range

22 Missing data string

23, 24 Data string is too long

25 Only one data switch may be entered (DataD, DataH, or DataS)



26, 27 Invalid/missing expiry date for FAS

29 Impossible to use CfgFile switch from within a configuration file

30 Missing configuration file name

31, 35 Error opening/reading configuration file

32, 39 Cannot create/missing RUS passwords file

33 Out of memory when reading file

34 This is not a Vendor utility configuration file

36 Missing data entry mode (FAS/Direct)

40 Too many data words

41 Invalid switch

52 Invalid ID number

55, 56 Cannot use FAS switches for direct mode and vice versa

59 The range for activations is 0-65534, or U for unlimited

60 The range for stations is 1-65534, or U for unlimited

Code Description



The Customer UtilityIn order for your customers to be able to update the HASP key, you must supply them with the Customer utility, customer.exe. The following instructions explain how customers should install the utility at their work sites.

You should supply these instructions to your customers together with the help file customer.hlp.

Using the Customer UtilityWhen you or your customer use the Customer utility, there are two main steps:

� Retrieving the HASP ID number

� Updating the HASP key

Retrieving your HASP ID Number

In this step, you check the ID number of your HASP key, and supply that number to your vendor.

To retrieve the HASP ID number:

1. Connect your HASP key to the computer.

2. From the DOS command line enter:

customer

The customer utility main screen appears.

3. Click Get ID to retrieve the HASP ID number (and to see the HASP type).

The HASP ID number screen appears, displaying the HASP ID number and HASP type:



4. If you want to save these two parameters to a configuration file, click Save and enter the name of the file, or click Browse and choose a file from your directories, and then click OK.

Supply your vendor with your key�s ID number and HASP type either by reporting them directly or by sending the configuration file. With this data, the vendor can generate the RUS passwords you need to update your HASP key.

Updating your HASP Key with RUS Passwords

In this step, you get the RUS passwords from your vendor. These passwords contain the data which will be saved to the HASP key�s memory.

To update your HASP key with RUS passwords:

1. Connect the HASP key to the computer.

2. From the DOS command line enter:

customer

The Customer utility main screen appears.

3. Enter the RUS passwords you received from your vendor into the Customer utility either:



� By clicking Manual and typing the passwords in the following screen:

� By clicking Config, typing the name of the configuration file containing the RUS passwords (or clicking Browse to find it) and clicking OK. This procedure loads the passwords automatically from a configuration file supplied by your vendor.

The RUS passwords are displayed.

4. Click Update after the passwords have been entered or loaded from the configuration file in order to update your HASP key.

Activating the Customer Utility with SwitchesUsing DOS command line switches can save you time and keystrokes. Switches also enable you to execute the Customer utility from batch files or from within your own applications without going through the utility screens.

Customer Utility Command-Line Switches

The following is a list of the command line switches and a brief description of each. You can use the full string of a switch or its brief notation represented by the upper-case characters contained within the string. For example, you can enter -UP or -UPdate.



Table 20.3 Customer Utility Command Line Switches

Sample Use of Command Line Switches

The following examples demonstrate the activation of the Customer utility from the command line:

customer -bh -cf ruspass.txt

Run the Customer utility (customer) in batch mode (-bh) without entering the utility screen. Update the HASP key by retrieving the RUS passwords from a configuration file named ruspass.txt (-cf ruspass.txt).

customer -cf ruspass.txt -nb

Run the Customer utility (customer). Enter the utility screen (-nb) and update the HASP by retrieving the RUS passwords from a configuration file named ruspass.txt (-cf ruspass.txt).

Switch Function

-Help Displays a list of all the switches with a brief explanation of each.

-GetId Displays the HASP ID Number.

-VenFile <filename> Name of a file to which the HASP ID number will be saved.

-UPdate <pass1>.<pass11> Updates the HASP key by means of the specified RUS passwords. There can be up to 11 passwords.

-CfgFile <configuration filename>

Name of the configuration file containing the RUS passwords.

-BatcH Runs the Customer utility in batch mode without entering the utility screens.

-NoBatch Disables batch mode (for instance, when loading the RUS passwords from a configuration file).



Customer Utility Error Codes

The Customer utility returns the DOS error level codes listed in the table below:

Table 20.4 Customer Utility Error Codes

Code Description

1, 2 Invalid/missing RUS passwords

4 Missing configuration file name

6 Error opening configuration file

7 Not a legal configuration file

8 Out of memory reading configuration file

12 Incorrect HASP key is connected

13 Impossible to generate file without ID number

14 Missing filename for saving the ID number

18 Error opening/creating file for saving ID number

19 Invalid switch

101 HASP key not found

104 Wrong HASP ID number

106 Invalid start address

107 Too many data words

108 Incorrect RUS passwords

109 Error reading from HASP memory


Part 5 - Chapter 21

Remote UpdateSystem API

Win32 Remote Update System API With RUS Win32 API you can remotely update the memory of HASP4 M1, M4, HASP4 Time and HASP4 Net keys. The update generates a secure set of strings which can be sent to the user, to be interpreted in conjunction with a specified key. The following components are relevant when updating HASP keys using this interface. The RUS API directory on the HASP CD contains the following files:

haspdev.dll

Dynamic Link Library for the vendor. This library offers two different functions to create update strings for HASP keys: one for a general memory update, the second for a FAS memory update.

RUS Win32 is not compatible with RUS for DOS!!


Remote Update System API Part 5 - Chapter 21

haspclnt.dll

Dynamic Link Library for the customer. This library offers two different functions that are relevant for updating HASP keys: one for integrating memory updates into the customer's HASP keys, the second for retrieving the IDs of HASP keys.

Customization Utility

The customization utility (confdll.exe) is a command line application for integrating HASP passwords into the customer DLL, haspclnt.dll, and spawning the HASP Envelope.

Sample Applications

The Win32 API is released with sample applications to help you implement the Win32 RUS into your application.

The following sections describe how to implement the Win32 API into your application and how to perform updates using the Win32 API.

Implementing RUSBefore updating HASP keys using the Win32 RUS API, you should familiarize with the RUS concepts. To do this, take a closer look at the sample applications provided.

Implementation of Win32 RUS involves the following stages:

Stage 1: Preparing Your Application for RUS

1. Customize the haspclnt.dll with your HASP passwords. The customized DLL can be shipped together with your application. See page 324, Customization Utility.

2. Implement the RUS update client routines into your application. See sample applications.

Stage 2: Performing Updates

1. Use the haspclnt.dll (customer DLL) to retrieve the ID number of the key to be updated.


Using the Remote Update System Remote Update System API

2. Use the haspdev.dll from your production environment to create the necessary update strings.

Send the update data to your customer to enter it into the application.



Functions Provided in Vendor DLLThe Dynamic Link Library hasdev.dll is the Win32 API for vendors. It provides the following two functions:

� signed int RUS_CreateUpdateDirect for general memory updates, and

� signed int RUS_CreateUpdateFAS for FAS memory updates.

Both functions generate update strings, which is then sent to the customer for updating their HASP key memory.

RUS_CreateUpdateDirect

Description When using this function, no HASP key has to be connected. This function creates a string for general memory updates using a memory image.

Syntax signed int RUS_CreateUpdateDirect (DWORD IdNum,int Password1,

int Password2,int KeyType,int Address,int NumOfBytesToUpdate,char *MemoryImage, int CodeBufferSize,char *Code, void *sKey)

Parameters UsedIdNum ID number of the customer's HASP key. Enter the unique 32-

bit ID number of your customer's HASP key. If you want to generate data for keys without checking the ID number during the update process, enter 0. This will update all keys with the passwords specified below.

Password1,Password2

Passwords of the HASP keys to be updated.



KeyType Type of HASP key. Possible key types are HASP4 M1, M4, HASP4 Net or HASP4 Time.

Address Start address of HASP memory at which you begin updating the HASP memory.

NumOfBytesToUpdate Number of bytes to be updated in the HASP memory.

MemoryImage Pointer to the data you want to write to the HASP memory.

CodeBufferSize Length of buffer provided.

Code Pointer to the data area which is to hold the ASCIIZ (ASCII zero terminated string) string of generated codes.

sKey Parameter (pointer) reserved for future use. Currently must be set to NULL.

Return Values Please refer to the chapter �Return Values� below.



RUS_CreateUpdateFAS

Description When using this function, no HASP key has to be connected. The function is available for HASP4 Net, HASP4 Time and HASP4 M1, M4 keys. This function creates a string for general memory updates using FAS licensing parameters.

Syntax signed int RUS_CreateUpdateFAS (DWORD Idnum,int Password1,int Password2,int KeyType,int ProgramNumber, int Activations, int Year,int Month,int Day,int Stations,int CodeBufferSize,char *Code,void *sKey)

Parameters Used

IdNum ID number of the customer's HASP key. Enter the unique 32-bit ID number of your customer's HASP key. If you want to generate data for keys without checking the ID number during the update process, enter 0. This will update all keys with the passwords specified below.

Password1,Password2

Passwords of the HASP keys to be updated.

KeyType Type of HASP key. Possible key types are HASP4 M1, M4, HASP4 Net or HASP4 Time.

ProgramNumber Each program is assigned its own number. If you are updating the protection parameters of a program, specify the number you previously assigned it. If you are adding a new program, give it a new number.



Activations Number of authorized activations you allow a protected application. Relevant for updates of HASP4 Net and HASP4 M1, M4 only. Set to 65535 to authorize an unlimited number of activations.

Year, Month, Day Expiration date. Relevant for HASP4 Time only. Note that the year must be given in the range 1992 - 2091. Set all values to 0 for unlimited date.

Stations Number of authorized stations. Relevant for HASP4 Net only. This parameter indicates the number of stations authorized to run the protected application at the same time. Set to 0 to authorize an unlimited number of stations.

CodeBufferSize Length of buffer provided.

Code Pointer to the data area which is to hold the ASCIIZ string of generated codes.

sKey Parameter (pointer) reserved for future use. Currently must be set to NULL.




Functions Provided in Client DLLThe Dynamic Link Library HASPCLNT.DLL provides the following functions which are to be called on the PC with the corresponding key connected:

� signed int RUS_PerformUpdate to update the memory of the customer's HASP.

� signed int Get_KeyID to retrieve the ID of the connected HASP key.

Before calling one of the above functions, the DLL must have been customized. See "Customization Utility" on page 326.

RUS_PerformUpdate

Description This function updates the memory of one or more HASP keys. In case the update is ID-number dependent, the ID number, the key type and the passwords are checked for correctness. Otherwise, only the key type and the passwords are checked.

Syntax signed int RUS_PerformUpdate (char *Code)

Parameters Used

Code ASCIIZ data string for update (generated using the corresponding function of the vendor DLL).




Get_KeyIDDescription

This function retrieves the ID number of the connected key. This function is similar to the corresponding HASP API function, but is provided in the DLL for completeness.

Syntaxsigned int Get_KeyID (unsigned int *KeyID)

Parameters UsedKeyID Returns the ID of the key currently connected.




Return Values

Generall

RUS ID

SUCCESS The function was executed successfully.

HASP_ERROR_IN_LOW_WORD Unexpected error occurred during a HASP call. The HASP API error code is returned in the low word.

OPERATION_FAILED The operation isn�t performed successfully.

DLL_NOT_CUSTOMIZED The Dynamic Link Library has not been customized.

HASP_NOT_FOUND The key could not be found.

UNDEFINED_HASP The HASP key could not be identified.

HASP_3_DETECTED A HASP 3 key has been detected.

BATTERY_DEAD_OR_MEMORY_CORRUPT

The battery of the key doesn�t work or the memory is corrupt.



RUS Update

Memory Update

INVALID_CODE The string specified in the Code parameter is not valid.

INVALID_KEY_ID The update is ID-number dependent; the ID of the connected key does not match.

KEY_NOT_FOUND No HASP key found with this password.

KEY_TYPE_MISMATCH The connected HASP key does not match the specified key type.

BUFFER_TOO_SMALL The length of the buffer specified in the CodeBufferSize parameter is too small.

ILLEGAL_MODULE_NUMBER The program number is out of range for the specified key type.

INVALID_PARAMETER At least one input parameter is invalid, e.g. passwords not specified.

ILLEGAL_KEYTYPE The type of key specified in the KeyType parameter is unknown.

DETECTED_TAMPERING A manipulation of the license information has been detected.

HASH_MEMORY_OVERFLOW The buffer which holds the hash is too small.



Customization UtilityEach vendor generates a unique DLL with the necessary functions for remote key updates. This DLL contains the HASP passwords and is protected with the HASP Win32 Envelope against reverse engineering. To customize the DLL, a simple command line utility (confdll.exe) must used:

Syntaxconfdll <DLL name> <Password 1> <Password2> <Envelope>

Exampleconfdll.exe C:\demo\haspclnt.dll 15417 9632 D:\demo\instw32.exe

In the above example, the DLL will be customized with the HASP Demo passwords and secured using the win32 HASP Envelope engine, instw32.exe from the CD. Another option is to edit the convert.bat batch file with your key�s passwords and run it from the command line.



RUS API for Mac ApplicationsWith the Remote Update System (RUS) API for Mac, you can remotely update the memory of HASP4 M1, M4, HASP4 Time and HASP4 Net keys. A complete listing of all API functions is provided in the Win32 Remote Update System API section starting on page 315.

The update generates a secure set of strings which can be sent to the user, to be later interpreted by a specified key. The following components are relevant when updating HASP keys using this interface. The RUS directory for Mac applications on the HASP CD contains the following files.

haspdev shared library

Shared library for the vendor. This library offers two different functions to create update strings for HASP keys: one for a general memory update, the second for a FAS memory update.

haspclnt shared library

Shared library for the customer. This library offers two different functions that are relevant for updating HASP keys: one for integrating memory updates into the customer's HASP keys, the second for retrieving the IDs of HASP keys.

Customization Utility

The customization utility (confdll) is a command line application for integrating HASP passwords into the customer shared library.



The table below reviews the names of components as they are used the three Mac systems supported by the RUS API.

Component OS X (Native) Carbon Classic

Customer shared library

haspclnt.dylib haspclnt_carbon.shlib

haspclnt_classic.shlib

Vendor shared library

haspdev.dylib haspdev_carbon.shlib

haspdev_classic.shlib

Customization utility

confdll confdll confdll

The confdll component is a Mac OS X native application, but it can be used to customize the carbon and classic shared libraries.


Appendix A

TroubleshootingThe first part of this appendix offers a check-list that can help you solve some of the most common problems you might encounter when using HASP. The second part helps you by listing specific problems you or your customers may experience, along with the solutions.

The HASP product line conforms to the highest standards of quality assurance. However, like any other PC peripheral device, it might not operate on certain PC configurations due to faulty equipment or improper installation. This appendix on troubleshooting can assist you if you encounter such a situation.

In addition to the information contained in this chapter, customers can access the Aladdin Knowledge Base at:

http://www.hasp.com/kb2

The Knowledge Base contains a comprehensive listing of solutions to general and specific problems. Please contact your local HASP representative for access passwords and further details. To avoid difficulties, make sure you are using current HASP software versions. Contact your local HASP representative for the latest updates or refer to Aladdin�s international downloads page at:

http://www.hasp.com/download

If problems persist, check if the HASP sample, test and DiagnostiX applications work. Then, communicate the results to your local HASP representative.


Appendix A: Troubleshooting

Check ListIf one of your customers reports a problem, check the following list:.

� When applicable, note the returned error code or message. For more information see "Status Codes for All HASP Keys" on page 217.

� Does the same problem occur with another HASP?

If not, then replace the faulty key with a new one.

� Is the HASP key connected properly to the parallel port?

� Is a printer connected to the HASP?

If yes, and it works properly, disconnect the printer and check whether the HASP works without it.

If it does, check the quality of the cable, and ensure it conforms to IEEE standards. This is often printed on to the cable itself.

If the cable conforms to standards, but the HASP does not work properly, try to use or install a second parallel port for the HASP to circumvent any problem the printer may be causing.

If the problem still occurs, try to replace the original printer card or use another parallel port.

� Is there a printing problem? If so, test with another printer on the same computer to determine whether the problem is printer-specific. Run hinstall with the switches -i -cnt=yes.

� Is your customer�s PC or system experiencing technical difficulties such as device manager collisions, system events, bootlog failures, etc.?

� Can Aladdin DiagnostiX access the HASP key? Try to create a diagnostic report. See "Assisting End-Users & Vendors" on page 117.

� Does the problem occur when the protected application runs on another PC of the same model?


Appendix A Troubleshooting

Problems and Solutions

Problem HASP is connected but the protected application cannot find it.

Solution Although every effort has been made to ensure the highest level of communication, on rare occasions a call to the hasp( ) routine might not be activated or transmitted well. We recommend that you call the hasp( ) routine with a service several times before assuming the HASP is not connected.

Problem You get printer errors when trying to print from a protected Windows application.

Solution This situation is due to a conflict between printer access and HASP access. To avoid conflicts between HASP and other parallel devices (such as printers), install the HASP device driver.

Problem A HASP is connected to the printer and Windows 3.x warns that the printer is inaccessible or that there is a device conflict.

Solution 1. Select Main from the Program Manager.

2. Select Control Panel.

3. Select 386 Enhanced.

4. Select LPT1 in the Device Contention frame and click Never Warn.

5. Repeat step 4 for LPT2 and LPT3.

6. Click OK.



Problem You try to use hinstall.exe to install the HASP device driver under Windows NT/2000/XP/2003 but receive error 9121.

Solution If you try to activate the Hinstall utility under Windows NT/2000/XP/2003 without administrator privileges, you receive this error. Make sure you have administrator privileges.

Problem You try to activate a HASP4 M1/M4-protected application under Windows NT/2000/XP/2003 and Windows 95/98/ME, but the application cannot find the key.

Solution Make sure the HASP device driver is installed. If the problem persists when the HASP device driver is installed, run:

hinstall -info

The Hinstall utility displays the version number, installation date, and computer type. Contact your local HASP representative with the details of these parameters.

Problem Your 16-bit application is protected with HASP4 Net and the Envelope. Although the number of stations activating the application is less than the number of licenses issued, when an additional station tries to activate it, you receive a �too many users� error.

Solution A 16-bit application, protected only with HASP4 Net and the Envelope, does not perform a HASP4 Net logout. When such an application terminates, it remains listed in the log table, and therefore the license is not released.

Protect your application again using either the HASP API alone or together with HASP Envelope to perform a HASP4 Net logout. This removes the application from the log table and frees the license.



Problem You protected an application for both stand-alone PCs and network environments by using HASP4 M1/M4 and HASP4 Net. Now you discover that one more station than the number you have licensed can activate the application.

Solution This situation occurs because an application first tries to access the local port to find a HASP4 M1/M4. If the developer codes of your HASP4 M1/M4 and HASP4 Net are the same, an application activated from the station with the HASP4 Net connected finds the local HASP4 Net. The application treats the local HASP4 Net as if it were a stand-alone key and does not record the activation in the HASP4 Net log table. Therefore, the application does not use a license.

To avoid this situation, make sure the HASP4 M1/M4 and HASP4 Net have different developer codes.

Problem Your HASP4 Net-protected Windows application returns HASP4 Net LastStatus Error 21.

Solution DOS extender and Windows applications require an average of 8 KB of DOS memory. The HASP4 Net API requires 1 KB of DOS memory.

HASP4 Net LastStatus Error 21 is issued when the amount of DOS memory is less than 1 KB and therefore insufficient for the HASP4 Net system. In such cases, not only HASP4 Net-protected applications, but other Windows applications are disabled.

To solve this problem, either remove some TSRs or exit some open Windows applications. You would use the same solution with any application that complains about insufficient DOS memory.



Problem Your application is running on a station that does not have network drivers loaded. The station stops responding when the application performs a HASP4 Net login.

Solution This happens when the HASP4 Net configuration file enables a specific protocol. The HASP4 Net system tries to use the specified protocol without checking if it is actually present. If the station does not have the protocol drivers installed, it stops responding.

The solution is to delete the HASP4 Net configuration file. Or, if you need the HASP4 Net configuration file, load the network drivers.

Problem Accessing the parallel port causes the computer to hang.

Solution Parallel ports of IBM PCs and compatibles are assigned to one of the following I/O ports: 3BCh, 378h, or 278h.

Network cards usually take up 10h or 20h I/O ports consecutively from their base address.

When the I/O port of a network card overlaps that of a parallel card, accessing the parallel port can cause the computer to stop responding. For example: printing, accessing software protection keys, and accessing peripherals connected to the parallel port may all cause the computer to hang.

It is therefore essential to avoid overlapping the I/O ports by changing the I/O base of the network card.

There are two ways to change a network card I/O base:

� Some network cards let you assign the I/O base with jumpers. See the documentation supplied with the card for a description of the jumper positions for a given I/O base.

� With newer cards, you can change the I/O base using the software supplied with the cards.



Problem Your application takes a long time to find the HASP4 Net on a large TCPIP network.

Solution In this case, it is recommended to customize the search mechanism. Use the HASP4 Net configuration file to specify the UDP or TCP search method and to set the IP address of the HASP License Manager. By doing so, the HASP4 Net client searches for the HASP License Manager with the specified IP address, which is much faster.

Problem You receive error 8 with HASP4 Net.

Solution Error 8 means that query reached the HASP License Manager, but that the HASP4 Net client did not receive an answer back. To solve this, try increasing the time frame in which the HASP4 Net client waits for the answer. Do so by increasing the time-out length in the HASP4 Net configuration file.

Problem You receive error 15 with HASP4 Net under TCPIP or IPX?

Solution Error 15 under TCPIP/IPX occurs only when you use the broadcast search mechanism. Error 15 means that a broadcast was made by the HASP4 Net client, but no HASP License Manager was found.

Increase the timeout length in the nethasp.ini file to 8 seconds. If after doing so, Error 15 still returns, it is due to one of the following:

� A HASP License Manager was not loaded.

� If the TCPIP protocol was used, then the HASP License Manager is in a different subnetwork.

� If the IPX protocol was used, then SAP is not supported.

If you repeatedly receive Error 15, try using another search mechanism.



Problem You are using a HASP4 Net5 and authorized your application five licenses, but only three users can activate the application.

Solution First use HaspEdit and make sure that your application is programmed for five licenses in the HASP4 Net. If it is, it is possible that it escaped your notice that all five licenses are being used. Use the Aladdin Monitor to confirm which stations are actually using licenses.


Appendix B

HASP DemoPasswords

When you order HASP keys, you are assigned a unique developer code and unique HASP passwords. You receive the passwords together with your HASP keys.

The following tables list the passwords you use with the HASP demo key you receive in your HASP Developer�s Kit.

Table B.1 Passwords of HASP Demo Memory Keys

Table B.2 Passwords of HASP4 Std Demo Keys

Developer Code First Password Second Password

DEMOMA 15417 9632

DEMOMB 29875 28774

DEMOMC 29313 23912

Developer Code First Password Second Password

DEMO3A 5932 25657

DEMO3B 20580 22012

DEMO3C 10038 15697


Appendix C

TechnicalSpecifications

Table C.1 General Specifications for All HASP keys

Plastic case material ABS

Operating temperature 0° - 55° C (32° - 131° F)

Storage temperature -25° - 70° C (-13° - 158° F)

Humidity rating 0 - 100% without condensation

UL-6C61 1950 standard 94-V0

ASIC operating voltage range* 1.8 - 5.5V

Daisy chaining (not applicable to HASP4 USB) up to 10 units

Number of times a HASP memory cell can be rewritten

at least 1,000,000

HASP memory data retention at least 10 years


Appendix C: Technical Specifications

Table C.2 Specifications for HASP4 Std, HASP4 M1, HASP4 M4, HASP4 Net

Table C.3 Specifications for HASP4 Time

Dimensions 39 x 53 x 17 mm

Weight ~33 g

Connectors DB25

Lines used D0-D7, INIT, ATFDXT, PE

Read/write memory

HASP4 without memory none

HASP4 M1 112 bytes

HASP4 M4 496 bytes

HASP4 Net 496 bytes

Batteries/external power none


Weight ~50 g

Connectors DB25

Lines used D0-D7, INIT, ATFDXT, PE

Read/write memory 512 bytes

HASP4 Time clock counts hour, minute, second, year, month, day

HASP4 Time clock accuracy 2 hours per year

Battery lifetime 4+ years


Appendix C Technical Specifications

Table C.4 Specification for USB models

Table C.5 HASP PC-Card


Weight ~7 g

Connectors USB Type A

Lines used Power, ground, two data lines

Read/write memory

HASP4 USB none

HASP4 USB M1 112 bytes

HASP4 USB M4 496 bytes

HASP4 USB Net 496 bytes

Batteries / external power none

Dimensions Type II

Weight ~25g

Operating temperature 0° - 70° C (32° - 158° F)

Humidity rating 20 - 80% relative humidity

Power consumption < 100 mA (typically 50 mA)

Operating voltage 5 V

Batteries / external power none

ASIC technology CMOS 2µA with E2 cells

Number of programming cycles > 100 000

Data retention > 10 years


Appendix C: Technical Specifications

Table C.6 AladdinCARD ISA

Table C.7 AladdinCARD PCI

Dimensions 113 mm x 100 mm

Weight ~105g (including adapter cables)

Connector ISA Bus 8-bit slotinternal DB25 female

IO addresses 278h, 378h, 3BCh

IRQ None, IRQ5, IRQ7

Operating voltage 4.5 V. 5.5 V

Dimensions 180 mm x 124 mm

Weight 105 g (including adapter cables)

Connector PCI connector 32-bit /33 MHz /5 V internal DB25 female

IO addresses dynamically assigned

IRQ dynamically assigned

Operating voltage 5 V


GlossaryActivations The number of times a HASP-protected application can be

started.

Address File Search Mechanism

A search mechanism in which the HASP4 Net client accesses a file to retrieve the address of the HASP Net License Manager.

Aladdin DiagnostiX

A tool used to check and report all information in your system related to HASP.

ASIC The Application Specific Integrated Circuit (ASIC) of the HASP is a propriety, full-custom chip containing a unique algorithm.

Background HASP Checks

Ongoing checks for the presence of the HASP key performed by the HASP Envelope during application run time.

Bindery Search Mechanism

A search mechanism in which the HASP4 Net client searches the Novell bindery to find the HASP Net License Manager.

Broadcast A method of communicating across a network by sending (broadcasting) messages to every workstation..

Broadcast Search Mechanism

A search mechanism in which the HASP4 Net client uses a SAP broadcast to find the HASP Net License Manager.

Daisy-chaining The connecting of HASP keys one after the other. Only applicable to parallel-port HASP keys that have different passwords.


Glossary

DataHASP A feature of the HASP Envelope utility that you use to protect data files.

DemoMA One of the developer codes used by demo keys.

Developer Code A unique code assigned to each software developer and burnt into the ASIC component of the HASP.

Expiration Date The date after which the protected application can no longer run.

Full Authorization System (FAS)

A powerful feature that allows you to protect multiple applications with a single key, and to specify the conditions under which each application can be used.

HASP Hardware against software piracy (HASP) is a hardware-based system for software protection.

HASP3 Generation 3 of the HASP system. Within HASP documentation you may encounter HASP3 names that are compatible with newer HASP4 types as described in the table below:

HASP3 to HASP4 Compatibility

HASP4 Generation 4 of the HASP system that supports hardware encoding of data.

HaspEdit A utility used to access the HASP and edit the memory of HASP memory keys.

HASP Application Programming Interface (API)

An interface to a HASP object file or DLL that you link to your application, allowing you to insert calls to the HASP throughout your code.

HASP3 HASP4 Std.

MemoHASP-1 HASP4 M1

MemoHASP-4 HASP4 M4

TimeHASP-4 HASP4 Time

NetHASP HASP4 Net


Glossary

HASP Demo Key A HASP key with demo passwords (15147 and 9632 for DemoMA keys) and developer code DemoMA that you use to evaluate the HASP protection system.

HASP Developer’s Kit

A package that contains everything needed to evaluate the HASP protection system.

HASP Device Driver

A driver that interfaces between HASP-protected applications and the HASP, commonly referred to as HDD.

HASP Device Driver Dynamic Load

A property of the HASP Device Driver which enables it to load without the need to reboot your system.

HASP Envelope A HASP a patcher utility that injects code into a compiled executable file. The HASP Envelope wraps an application in a protective shield and ensures that the protected application cannot run unless the correct HASP is connected to the computer.

HASP Envelope Wizard

A step-by-step guide through the protection process using the HASP Envelope.

HASP ID Number

A unique number assigned to each HASP memory key during the manufacturing process.

HASP Memory Internal read/write memory contained in the HASP, the amount of which depends upon the particular HASP model.

HASP Memory Key

HASP memory keys have internal read/write memory, the size of which varies depending on the model. The following HASP models contain a memory: HASP4 M1 (112 bytes), HASP4 M4 (496 bytes), HASP4 Time (496 + 16 bytes), HASP4 Net (496 bytes)

HASP Passwords Two unique passwords assigned to each developer code, enabling access to the HASP key. A software developer would normally require a single developer code, but more codes can be ordered if required.

hasp( ) Routine The HASP API routine that accesses the HASP key.


Glossary

HASP Stand-Alone Key

HASP keys, sometimes referred to as local keys, designed for stand-alone computers.

HASP Starter’s Kit

A package containing everything needed to evaluate and immediately protect your software.

HASP Test Utilities

Utilities for testing the HASP API and HASP4 Net operations.

HASP4 Time A HASP stand-alone key containing an ASIC chip, an internal real-time clock, and depending on the model, up to 512 bytes of internal/write memory.

Hinstall A Windows-based command line application that installs the HASP Device Driver.

Idle Time The period after which a station is considered inactive in accessing a HASP4 Net.

HASP4 Net Automatic Search

The default method by which the HASP4 Net protected application searches for the HASP Net License Manager.

HASP4 Net Client

The station activating a HASP4 Net-protected application.

HASP4 Net Configuration Files

Files that contain settings for the fine-tuning of HASP4 Net client and HASP Net License Manager behavior on the network.

HASP4 Net Custom Search

A customized method by which the HASP4 Net client searches for the HASP Net License Manager.

HASP Net License Manager

Commonly referred to as LM, this application communicates between the protected application and the HASP4 Net key, functioning as a link between the two.

HASP4 Net Log Table

A list of all protected applications that have performed a HASP4 Net Login and the stations from which they were activated.


Glossary

HASP4 Net Login

The process by which a HASP4 Net-protected application requests permission to run from the HASP Net License Manager.

HASP4 Net Logout

The process by which a HASP4 Net-protected application informs the HASP Net License Manager that it is no longer using its license.

HASP4 Net Models

The series of HASP4 Net keys which allow different maximum numbers of licenses for a protected application.

HASP4 Net Monitor

A tool used to track the use of HASP4 Net-protected applications on a network. (monitor.exe)

Memory Beamer The Memory Beamer is a vendor utility that serves as a channel for transferring secured data between vendors and their customers. The utility is used to prepare customized DLLs for end users, and to decrypt the memory of deployed HASP keys.

nethasp.ini The HASP4 Net configuration file for the protected application. It contains settings for fine-tuning HASP4 Net behavior on the network.

nhsrv.ini The configuration file for the HASP Net License Manager. It contains settings for fine-tuning the HASP Net License Manager.

Number of Activations

The number of times a protected application can run.

Number of Licenses

The number of stations that can run the protected application at the same time.

PC-CardHASP An advanced software protection card that is inserted to PC-Card (PCMCIA) slots found on most notebook PCs.


Index
AAccess to HASP key.......................... 37 - 38Activations ................................................ 112Adapt timeout length............................... 291AKS Monitor. See Aladdin Monitoraksparlnx.o .................................................. 40aksusbd ........................................... 37, 40, 46Aladdin DiagnostiX................................. 117
Checking for a HASP Key .............. 119Configuring nethasp INI files......... 121

instructions................................. 121Creating reports ................................ 122

Create Report Settings.............. 122Diagnosing HASP Keys .................. 119Checking for a HASP key ............... 119Key Access History Panel ............... 120

Table............................................ 120Aladdin Monitor... 235, 238, 281 - 286, 336Anti debug modules................................... 73Anti-debugging ........................................... 80API ....................................................... 21 - 22Application activations, limit........... 23, 303Application programming interface ...... 129Application protection, prepare............... 83ASCIIZ ...................................................... 322ASIC........................................................ 5, 19

BBackground HASP checks....................... 80Basic services............................................ 157Batch code. See Developer CodeBattery in HASP4 Time............................ 25Big Endian................................................ 168

C-c .................................................................. 73Cascading. See Daisy-chaining-cfgfile ......................................................... 73Chaining. See Daisy-chainingCheck

clock date .......................................... 181clock time .......................................... 179for HASP presence.......................... 160HASP ID number..... 98, 172, 186, 200HASP type ........................................ 161port..................................................... 161status of call to HASP4 Net ........... 193

Checksumming ........................................ 152Clearing the memory............................... 107Clock

check date.......................................... 181check time ......................................... 179setting date ........................................ 180setting time........................................ 178


Index

Compilers, support .................................. 145Configuration file ....................................... 73Conflicts with parallel devices, avoid .... 331Crash, reactivating after........................... 194Create templates ....................................... 111custinst.exe. See Customer utilityCustomer utility .. 296 - 297, 300, 310 - 314

Status codes ....................................... 314

DDaemon ....................................................... 37Daisy-chaining ............................................ 26Data

decode ....................................... 166, 210encode .............................. 149, 165, 208

Data files, protecting. See DataHASPDataHASP............................................ 26, 68Dates. See ClockDecode data ..................................... 166, 210DecodeData service................................... 17Defining range of stations ........... 287 - 290Demo applications ................................... 129Demo key passwords............................... 337Demo keys ................................................ 337Determine HASP ID........................ 89, 108Determining HASP ID ........................... 130Developer code .......... 17, 19, 238, 333, 337Device conflict, avoiding ........................ 331Device driver. See HASP device driver-dhfilter ........................................................ 73-dhfilterx ...................................................... 74-dhkey .......................................................... 74dinst.............................................................. 37Disk space requirements ........................... 52Distribution

preparing for........................................ 83DLLs

protecting........................................... 145

DOS extender ............................................ 76DOS, memory requirements.................. 333Driver .......................................................... 38-drvwait ....................................................... 74

EEditing HASP memory........................... 130Editing memory ......................................... 98

HASP4 M1/M4.................................. 99HASP4 Net ....................................... 101Remote Update System.......... 302, 304

-enc .............................................................. 74-enclevel ...................................................... 74Encode ...................................................... 152Encode data.................... 130, 149, 165, 208

with HASP Edit.......................... 87, 108Encode of HASP memory ..................... 152Encryption key........................................... 74endian ........................................................ 168Envelope. See HASP EnvelopeError codes. See Status codesError messages

HASP Envelope ................................. 72Errors

error 15 .............................................. 335error 21 .............................................. 333error 8 ................................................ 335error 9121 .......................................... 332HASP not found .............................. 332

Expiration dates ....................................... 112Expiry date................................................ 304-exsecnum................................................... 74

FFAS ............................................................ 112

HASP Envelope ................................. 54-fas................................................................ 74FAS area.................................................... 113


Index

-fasprgnum.................................................. 74File pattern.................................................. 73Full Authorization System....... 22 - 24, 112

program list ................................. 91 - 97Remote Update System ......... 302 - 303

GGetDate..................................................... 181GetHaspID............................................... 186GetTime .................................................... 179Getting started.............................................. 1

H-h3pass......................................................... 74Hard disk space .......................................... 88Hardware....................................................... 9HASP

in a network......................................... 26interfaces............................................ 129problems ............................................ 329software updates............................... 329

HASP API ................. 21 - 22, 31, 129 - 146basic services ..................................... 157HASP4 Net services ........................ 187HASP4 Time services............ 175 - 186Memory services..................... 167 - 174status codes ............................. 217 - 225

HASP basic concept.................................. 15HASP daemon .................................. 37, 130HASP Demo .............................................. 31HASP demo keys..................................... 107HASP Developer Kit ................................ 12HASP Device Driver ..................... 235, 332

for Windows NT.............................. 332removing.............................................. 34

HASP device driver ................................... 30HASP driver .............................. 37 - 38, 130

for Mac OS 8.6, 9 ............................... 38

for Mac OS X..................................... 37HASP Edit........................................ 83 - 114

configuration file................................ 85prepare for application protection 108retrieve HASP ID ...................... 89, 108setting preferences ........................... 107template files..................................... 110

HASP Envelope ......... 21 - 22, 51 - 82, 155and API protection............................ 51error messages .................................... 72for Linux ............................................. 79for Mac Applications......................... 78Instw16.exe ......................................... 73Instw32.exe ......................................... 73protecting Linux applications .......... 79Protecting Mac Applications............ 78switches ............................................... 73

? ..................................................... 74c..................................................... 73cfgfile............................................ 73createcfg....................................... 73dhfilter.......................................... 73dhfilterx........................................ 74dhkey ............................................ 74drvwait ......................................... 74enc................................................. 74enclevel......................................... 74exsecnum ..................................... 74fas.................................................. 74fasprgnum.................................... 74h3pass........................................... 74hasp4 ............................................ 74help ............................................... 74highsecoff .................................... 74highsecon..................................... 75interval.......................................... 75loader............................................ 75loginprocess................................. 75loginx............................................ 75


Index

mhid .............................................. 75mhpass .......................................... 75netcfg............................................. 75nhpass ........................................... 75nodbgcheck .................................. 75noenc............................................. 75nofas.............................................. 75nohasp4......................................... 75norandomsize .............................. 75nores.............................................. 76nospecial ....................................... 76novir .............................................. 76out.................................................. 76ovl .................................................. 76pcs.................................................. 76prg.................................................. 76prgnum.......................................... 76quiz ................................................ 76randomsize ................................... 76special............................................ 76special1.......................................... 76vir................................................... 76

window................................................. 53with HASP4 Net............................... 332

HASP hardware............................................ 9HASP ID number. 19, 25, 86, 89, 108, 296

and HASP API protection .............. 130and HASP Envelope protection ...... 66calculating .......................................... 146check........................... 98, 172, 186, 200entering in Vendor utility ................ 301retrieving with Customer utility...... 310

HASP keycheck presence of ............................... 17

HASP keysdemo................................................... 337

HASP License Manager 194, 212, 220, 235, 287

Linux................................................... 256

Mac..................................................... 253switches..................................... 258, 287Windows............................................ 249

HASP License Manager configuration file .. 288

HASP memory........................................... 23options ................................................. 20

HASP memory, encode of ..................... 152HASP passwords ................ 19, 25, 300, 337

changing............................................... 25hiding ................................................. 153

HASP protection keys ................................ 9HASP software, overview ................ 29 - 31HASP Starter Kit ....................................... 13HASP test utilities...................................... 31HASP Tools

Aladdin DiagnostiX ......................... 117End User Utilities

Aladdin Diagnostix MemoryBeamer......................... 125

HASP EnvelopeWin32 Envelope ......................... 79

hasp( ) routine ....... 131, 144, 147, 157, 167, 175, 187, 217, 331

and TCP/IP ...................................... 189time required to call ......................... 144

-hasp4 .......................................................... 74HASP4 key models.................................... 11HASP4 key types ....................................... 10HASP4 M1 ............................................. 9, 11

services..................................... 167 - 174HASP4 M1/M4 ......................................... 27

editing memory................................... 99HASP Envelope ................................. 54update................................................... 27

HASP4 M4 ...................................... 9, 11, 99services..................................... 167 - 174

HASP4 Net.......................... 12, 63, 229, 239and the HASP Envelope................. 332


Index

client configuration file.......... 271 - 280editing memory................................. 101error 21 .............................................. 333HASP Envelope ................................. 54Internet .............................................. 239key........................................................... 9LastStatus codes ..................... 220 - 225LastStatus service ............................. 193License Manager............................... 235log table............ 194, 196, 202, 234, 248login........................................... 194, 334logout .................................. 77, 196, 332program list ........................ 96, 199, 206services............................................... 187

HASP4 Net configuration files.............. 287client ......................................... 271 - 280setting the name................................ 207

HASP4 Standard........................................ 11HASP4 Std.............................................. 9, 11HASP4 Time ................................... 9, 11, 25

clock ................................................... 101HASP Envelope ................................. 54setting clock....................................... 107

HASP4 Time services ................... 175 - 186HASP4 without memory .......................... 91HaspDecodeData ........................... 166, 210HaspDemo Utility ................................... 143haspdemo.exe................................................ 143HaspEdit. See HASP EditHaspEncodeData..................................... 208haspenv.exe................................................. 53HaspID............................................. 172, 200HaspQueryLicense .................................. 213HaspStatus ................................................ 161HDD16.EXE ............................................. 33HDD32.EXE ............................................. 33-highsecoff .................................................. 74-highsecon................................................... 75Hinstall utility .................................... 34, 332

II/O base, changing ................................. 334IBM ..................................................... 62, 300ID number............................................ 19, 25Identify key................................................. 17Idle time...................................................... 77IdleTime.................................................... 201Implementing API .................................. 131Installation.................................................. 29

customize under Linux ......... 42, 44, 47customize under Mac OS X............. 37customize under Windows ............... 34Linux.................................................... 40Mac............................................... 37 - 39Windows ..................................... 33 - 35

Installingdriver.................................................... 38

Installing HASP DriversAutomatic Installation of HASP for

Linux on Itanium................ 45HASP on IA64 Platforms ................ 35HASP Win64 for Itanium................. 34Manual Installation of HASP for Linux

on Itanium............................ 46Installing HASP Drivers HASP for Linux

on Itanium................................... 45Instdos.exe.................................................. 73Instw16.exe................................................. 73Instw32.exe................................................. 73


Index

Interfaces ................................................... 129-interval ........................................................ 75IPX protocol................................................... .

defining range of stations ................ 287IsHasp........................................................ 160

Kkernel mode driver..................................... 40

LLanguages

support ............................................... 145LastStatus .................................................. 193

codes........................................ 220 - 225error 21............................................... 333

Licensing.......................... 63, 238, 332 - 333Limit

application activations........................ 23Limiting

applications served ........................... 291licenses.................................................. 63number of licences ............................. 63

Linux ............................................................ 40Little Endian ............................................. 168-loader .......................................................... 75Loading time ............................................... 80Log table......... 194, 196, 202, 234, 248, 332Login ........................................ 194, 234, 334LoginProcess Service 110 ....................... 214-loginx .......................................................... 75Logout................................ 77, 196, 234, 332LptNum..................................................... 133

MMac 9.x......................................................... 38Mac OS 8.6.................................................. 38Mac OS X.................................................... 37Memory ....................................................... 23

editing................................................... 98HASP4 Net reserved ...... 114, 199, 206reading..... 170, 173, 183, 185, 198, 203remote update ..................................... 27update................................................... 27writing to 171, 174, 182, 184, 199, 205

Memory Beamer ...................................... 125reading report files ........................... 126Sending Passwords to Your Customers

125sending Passwords to Your Customers

125Memory services ............................ 167 - 174-mhid ........................................................... 75-mhpass ....................................................... 75Micro ............................................................. 5Micro-controller........................................... 5Multi key programming tool .................. 111

NNEC

as target computer............................ 300NetBIOS protocol

defining range of stations................ 290station name...................................... 290

-netcfg.......................................................... 75NetHASP

login.................................................... 234logout ................................................. 234

NetHASP Monitor. See Aladdin MonitorNetwork cards.......................................... 334Networks and HASP4 Net ........... 229, 239New Envelope Configuration ................. 53NH_COMMON............................. 272, 274NH_IPX ................................................... 275NH_NETBIOS ....................................... 278NH_TCPIP .............................................. 279-nhpass ........................................................ 75


Index

-nodbgcheck ............................................... 75-noenc.......................................................... 75-nofas ........................................................... 75-nohasp4...................................................... 75-norandomsize............................................ 75-nores ........................................................... 76-nospecial .................................................... 76-novir ........................................................... 76Number of Licenses field

HASP4 Net ......................................... 63

OOpen Envelope Configuration ................ 53-out............................................................... 76Overlay File field........................................ 62Overlay handling........................................ 76-ovl ............................................................... 76

PParallel keys................................................. 10Parallel port...................................... 133, 334Parameters

hasp( ) routine. 132, 157, 167, 175, 187Passwords. See HASP passwordsPC-Cards ..................................................... 10PCMCIA ..................................................... 10-pcs............................................................... 76Port, check ................................................ 161Prepare for application protection ........ 108Preparing HASP keys.............................. 109-prg............................................................... 76-prgnum....................................................... 76Printing problems .......................... 330 - 331Problems ................................................... 329Program list........................ 91 - 97, 199, 206Program number............. 59, 74, 76, 93 - 98

Remote Update System ................... 303Programming HASP keys....................... 109

Programming multiple keys ........... 104, 111Programming single HASP keys . 110 - 111Protect Application ............................. 54, 58Protect icon ................................................ 54Protection

for networks and stand-alone keys 142for networks and stand-alones....... 333HASP API .......................... 21, 31 - 146HASP Envelope................................. 21main stages.......................................... 32maximizing...................... 147 - 155, 241methods............................................... 21of data files.......................................... 26of DLLs............................................. 145quick reference ................................... 32

Protection parameters............................. 112

Q-quiz............................................................. 76

RRAM............................................................ 88-randomsize................................................ 76Reactivating, after crash ......................... 194Read/write memory.................................. 11ReadBlock................................ 173, 185, 203ReadByte................................................... 183Reading memory... 170, 173, 183, 185, 198,

203ReadWord......................................... 170, 198Real-time clock .......................................... 11Remote Update System . 27, 293, 295 - 315

client DLL......................................... 322Customer utility.. 296 - 297, 300, 310 -

314customization utility ..... 316, 324, 326 -

327DLL for customer ................... 316, 327


Index

DLL for vendor ....................... 315, 327editing memory ........................ 302, 304Full Authorization System.... 302 - 303passwords......................... 296, 301, 311performing updates .......................... 316preparing your application .............. 316sample applications .......................... 316switches .............................................. 312vendor DLL....................................... 318Vendor utility ....... 296 - 297, 301 - 309

Retrieve HASP ID ............................ 89, 108Return codes

hiding.................................................. 153Rmote Update System

preparing your application .............. 316RUS API

for Mac ............................................... 327haspclnt shared libary ............... 327haspdev shared library .............. 327

RUS API for Mac ApplicationsCustomization Utility ....................... 327haspdev shared library ..................... 327

RUS. See Remote Update System

SSample applications ................................. 129Scanning for connected keys.................. 108Searching, parallel port ............................ 133Security, enhancing ....................... 147 - 155Serial number.See HASP IDServices

basic .................................................... 157HASP Memory....................... 167 - 174HASP4 Net........................................ 187HASP4 Time .......................... 175 - 186LoginProcess functionality.............. 246Service 1 ............................................. 160Service 104......................................... 213

Service 230 ........................................ 215Service 3............................................. 170Service 4............................................. 171Service 40 .......................................... 193Service 42 .......................................... 194Service 43 .......................................... 196Service 44 .......................................... 198Service 45 .......................................... 199Service 46 .......................................... 200Service 48 .......................................... 201Service 5............................................. 161Service 50 .......................................... 173Service 51 .......................................... 174Service 52 .......................................... 203Service 53 .......................................... 205Service 6............................................. 172Service 60 .......................................... 165Service 61 .......................................... 166Service 70 .......................................... 178Service 71 .......................................... 179Service 72 .......................................... 180Service 73 .......................................... 181Service 74 .......................................... 182Service 75 .......................................... 183Service 76 .......................................... 184Service 77 .......................................... 185Service 78 .......................................... 186Service 8............................................. 163Service 85 .......................................... 207Service 88 .......................................... 208Service 89 .......................................... 210Service 9............................................. 164Service 96 .......................................... 212

SetConfigFilename .................................. 207SetDate ...................................................... 180SetServerByName.................................... 212SetTime ..................................................... 178Setting

clock date........................................... 180


Index

clock time .......................................... 178FAS Program List for HASP4 M1/M4

92FAS Program List for HASP4 Time 94HASP License Manager name........ 212HASP4 Net configuration file........ 207HASP4 Time clock .......................... 101number of licences ............................. 63

Setup utility ................................................. 33setup.exe. See Setup utilitySoftware

HASP, overview ......................... 29 - 31updates ............................................... 329

-special ......................................................... 76-special1....................................................... 76Specifying the port................................... 133Specifying USB port number ................. 134Stand-alone HASP keys in a network..... 26Start HASP Wizard.................................... 53Status codes

Customer utility ................................ 314HASP API............................... 217 - 225HASP4 Net LastStatus .......... 220 - 225Vendor utility .................................... 308

SwitchesCustomer utility ................................ 312HASP Envelope ................................. 73HASP License Manager ......... 258, 287Remote Update System ................... 312Vendor utility .......................... 306 - 308

TTCP/IP protocol

and hasp( ) routine ........................... 189defining range of stations................ 288

Technical support .................................... 122Template files ........................................... 110Time. See Clock

Timeout length ........................................ 291Troubleshooting ...................................... 329

UUnprotected File.................................. 54, 56Update HASP keys.......................... 293, 315Update System ................................. 293, 315USB enumeration .................................... 134USB HASP.................................................... 5USB keys..................................................... 10USB port number.................................... 134Use HASP4 Security Features field ........ 62Using API................................................. 131Using Full Authorization System.......... 112

Vvendinst.exe. See Vendor utilityVendor utility .............. 296 - 297, 301 - 309

status codes....................................... 308switches ................................... 306 - 308

Verifypresence of HASP ............................. 17

-vir................................................................ 76

WWin32 data files

protecting ............................................ 55Working with templates ......................... 110WriteBlock............................... 174, 184, 205WriteByte.................................................. 182WriteWord........................................ 171, 199Writing to HASP keys ............................ 109Writing to memory 171, 174, 182, 184, 199,

205


securing the global village

Documents