Trying to use old embroidery software with no dongle
Posted by Ajrakai_Naadjuba@reddit | vintagecomputing | View on Reddit | 40 comments
Was so close to being able to put my own embroidery files on my computerized embroidery machine from 1998, but I've hit another wall to go bang my head against. I've got a Husqvarna 1250 +1, I've finally got a reader/writer for its memory transfer cards that works, I've got a Windows XP VM set up on my macbook air so I can actually interface with it, and I thought I was all set when I found a free downloadable ISO of Husqvarna's embroidery software from the time. Then it turned out that they didn't bother to include the dongle needed to make the software actually functional (you can't read or write files to the card without it, or even save files).
Really not sure how to get out of this one. Every search engine I've tried seems to be conflating the software in question (Professional Embroidery System 5, released in 1998 for the +1 rose and orquidea machines) with the 5D Professional Embroidery System (released in 2010 for the Designer series of machines). So it's really hard to even sift resources related to the correct software out from results for the wrong one. I think the only listing I've been able to find so far that includes this USB dongle is $125 not even including shipping, and that's not an amount I can justify losing right now.
I think what I'm looking for is perhaps to try to find a way to either bypass the software lockout from not having the dongle, imitate or spoof the dongle, or bypass the read/writer software altogether and access the files on the embroidery card directly (couldn't find its directory or folder just from doing a system search like with a regular external storage device). I don't know if any of that is a thing that's possible, hell I don't even know how to code, but I figure it doesn't hurt to ask.
brusaducj@reddit
If you're at all versed in using something like Ghidra or x64dbg, chances are it's probably straightforward to bypass.
Find the Windows API call that displays that message box, and then work back through the program from there.
Ajrakai_Naadjuba@reddit (OP)
Any pointers on how to do that on win xp? I have no background in computer science at all so I don't really know where I'd start
brusaducj@reddit
OP, you any good with a hex editor?
Try changing CustomPro.exe; change
7Eto75at the following hex offsets:0x00002D770x0000633A0x0000650A0x0000C8EF0x0000CA6FSeems to work for me, at least I can save, I don't have an actual embroidery machine to test with so lmk if it works.
Ajrakai_Naadjuba@reddit (OP)
I managed to do this! After a while of trying to figure out what the hell I was doing, I changed the requisite byte values and exported it to my VM to test, and... well, it did let me save, and wasn't giving the "no dongle connected" error when I tried to send the file to the read/writer, but it DID give me a completely different error that I can't figure out how to clear. One problem after another. But. Thank you anyway for taking the time to help with this, I 100% wouldn't have been able to patch it on my own.
Soggy-External7252@reddit
If you are asking this I don't think you have what it takes to defeat a hardware key, even from 1998.
It requires some consolidated knowledge and experience in RCE, assembly, programming, etc. These are not skills that you can acquire in say a week, not even a month. If you don't have this knowledge disregard advice from people telling you to crack it yourself, you will probably waste more than a month frustrating yourself, and fail.
Having a functional dongle actually working with the software would make it much easier to crack or emulate, but still not "automatic" even for someone with the right background.
If you really need to use this software, buying a software copy that includes a matched dongle and is compatible with your embroidery machine seems like the best option.
That said, I think the best advice for you is to simply use other another software like Skatekov suggested, if you find one that is compatible with your machine. Good Luck!
namur17056@reddit
I wonder if you could use a pi or an arduino to bypass this?
Soggy-External7252@reddit
With a memory dump from the original dongle one of these could likely be used to make a physical emulator, but this would be overkill, because with just the dump one could make a software only emulator, these emulators exist already for some Sentinel dongles for example.
brusaducj@reddit
Take the exe to a more modern machine, use the tools on a modern machine, patch the exe and then bring it back to the original computer.
In terms of using Ghidra and other disassembly tools, I don't think there's an easy explanation of how to use the specific tools, Ghidra is probably the easiest for viewing the disassembly, though you'll probably want a different tool to make the changes. but the basics are:
search the disassembled output for either the string in the messagebox, or for calls to MessageBoxA/MessageBoxW.
read what happens before, look for conditional jumps that bring you to that MessageBox call. If it doesn't look like anything in the function is relevant, see what functions call that function until you find something.
depending on how they implemented it, you'll have to find a way to modify the assembly to avoid the program failing the check. In some cases this could be as simple as changing je to jne (jump if equals to jump if not equals) so the program only works without the dongle, in other cases it's a little more involved.
In any case, it's not particularly easy without experience, and sometimes not even easy with experience, but with software of that vintage it tends to be doable.
I'd offer to give it a look over myself if I wasn't behind already on a number of projects
Key_Sign_5572@reddit
You need a turnkey solution it seems and if that’s the case you’d need to find a pre-cracked copy. If it’s old enough software might have an easy exploit and if you reach out to a forum on your device/use side (ie digital sewing or « brand » forum) as opposed to this one you’ll get better replies.
Security dongles were pretty good a bit later on in time, but yours should be easily crack-able from 98.
BazuzuDear@reddit
HASP hardware protection is sligtly more than a dialog, in fact.
andynzor@reddit
Most companies cannot be arsed to do it right.
For example, A certain Danish automation vendor sends a hardcoded challenge string to their license dongle. The response string is compared against a list of four hardcoded strings which determines the license level. If none of those match, the program quits.
The most painful part in cracking that software is patching the thirty or so individual .exe files.
brusaducj@reddit
Well I don't have further hardware to test, but I think I got it figured out, only took 5 bytes. Changed JLE to JNZ on the conditional that displayed the MessageBox and prematurely returned from the functions if the hardware protection failed. I can now save files without the dialog, and trying to "Send" things now gives a com port error, probably expected since I don't have an embroidery machine
Ouptut of:
cmp -l CustomPro.original CustomPro.exeafter the patch:11640 176 16525403 176 16525867 176 16551440 176 16551824 176 165Soggy-External7252@reddit
Curious to see if your patch will work, sounds like it could. If it is the case, whatever dongle they were using was totally useless, lol.
Normally Sentinel and HASP from this era worked by encrypting parts of the binary (small parts), so that they could never be cracked with jump condition changes or nops only. Maybe it was not one of these two dongles, or Husqvarna devs didn't know what they were doing when they implemented it in their code, happens a lot too.
Great effort you did here!
brusaducj@reddit
From what I found in the disassembly, it looks like the dongle is called the DS1410D, which according to the sheets does purport to have some kind of "High Security Storage Vault" and the software does some routines to interact with the hardware in some meaningful way. It's definitely doing more than just checking for its presence.
I think where the implementation falls short is that the dongle checks are abstracted away to a single function call which handles everything: the function initializes the driver if not already, then does all its magic and returns a variable which is checked to display the message box (or not); it does not appear to be used thereafter.
My best guess is it's a static library they used with an developer-friendly API for running the checks, it seems to be an attempt to abstract away the OS-specific stuff for Win3x, Win9x and NT, so that the application developers don't have to worry about that stuff. On Win3x it loads a library called swa32.dll (must require Win32s i guess) which exports functions to facilitate communication with the device, on 9x it uses a driver named VSAUTHD.VXD, and on NT it communicates with the service called "DS1410D"
Soggy-External7252@reddit
If it does meaningful stuff but can be bypassed it with only flow control, then the meaningful stuff becomes useless.
When such hardware protections work correctly you have instructions that are simply missing/encrypted from the binaries, the dongle is needed to decrypt them, and only then the binary becomes "complete", so changing flow will do nothing useful because instructions are missing, it will just throw errors.
You did a great job reversing, you gathered a whole lot of information. I hope Ajrakai_Naadjuba tests this and lets us know if it worked!
patg84@reddit
Pretty sure there's a HASP emulator floating around from a long time ago. Iirc it mimmics the burned in values of the dongle.
AnotherCableGuy@reddit
Dude .. the memories you've just unlocked 😄
brusaducj@reddit
Nice username, cable guy! You still pulling wires or did you manage to get out? I'm a residential AV guy by day and I'm dying to find something with more substance
AnotherCableGuy@reddit
Not anymore, made my way into the CCTV field and then networking. Now working remotely most of the time which is nice. But yeah, great memories when I was up all night cracking software and coding keygens
NightmareJoker2@reddit
What virtualization software are you using?
You can probably just emulate the USB device and pretend a USB gadget that matches the device descriptor of what the software expects is attached.
You can google a bit chances are someone did this already like 20+ years ago.
Ajrakai_Naadjuba@reddit (OP)
I use UTM for virtualization, I'd actually been looking into how to emulate a USB device on there but I have no idea how to find out what this particular software is looking for.
NightmareJoker2@reddit
UTM is just qemu under the hood.
In your virtual machine configuration file, you can add a virtual USB device to a virtual USB port.
Soggy-External7252@reddit
If it really is a USB dongle and not a LPT one, according to google Gemini Flash AI Husqvarna used almost exclusively USB solutions from Rainbow Technologies (Sentinel) and later Aladdin (HASP).
None of these USB solutions were crackable with the method you specify, but without one we can't really know for sure.
AliBello@reddit
I think there was a post about someone who made their own dongle (?), I’ll try to find it
AdventurousTime@reddit
There’s no guarantee that the software could be easy to bypass. I would sell something you have for the eBay dongle.
glassmanjones@reddit
Link to the ISO?
mrspelunx@reddit
It’s a USB stick according to the eBay listing. Considering this software retailed for something around $2,000 US, I think it’s probably a good bargain. I’d take it.
TheCh0rt@reddit
Hey! This here is the right answer!
Get a USB dongle for as cheap as possible!
I have bought over $100,000+ in software, only protected by a poorly insured iLok dongle. It suuuucks! Hacking it would be misery.
Get the authentic physical hardware license if you can!
probably_platypus@reddit
Install Claude Code (might have to pay a $20 subscription for a month. Ask it how to install Ghidra Headless ('analyzeHeadless') and describe what you have (your dongle is broken, btw, and the company is out of business). It'll coach you on getting the relevant files onto your modern machine, and it will do the decompile and jump over the dongle check code.
Note: Modern dongles decrypt source code, so there's not really a way to do this without having the dongle, if it can be done at all.
Tall-Introduction414@reddit
I agree with using Ghidra to find the dongle check code, and bypass it. It could be as simple as finding the dialog code, finding the code that calls that, and writing NOP bytes over the check, or writing a JMP code to the "found dongle" code. Ghidra can turn the code into C (easier than assembly, for most people), and match up the lines of code to the machine code bytes in the binary EXE or DLL file. A hex editor can let you overwrite those bytes. Write a program that overwrite the bytes the same way a hex editor would, and you have a crack.
But I just want to say, I hate when they do this. You already have the hardware (embroidery machine), and the software is required to use the hardware. Why require an additional USB stick? Just to sell software updates piece-meal?
earthman34@reddit
Having done some IT work for an embroidery shop years ago, I can tell you why. Because it was the business model. Same as a activation code for Windows or Office. If you didn't require it, businesses (especially small businesses), would simply install it on 100 machines. The place I did work for had multiple embroidery setups. The manufacturer clearly didn't want customers duplicating software setups for multiple machines or worse yet sharing the software out among all their buddies, which is exactly what would happen if they didn't prevent it. I watched small business owners jump through insane hoops to avoid paying for something. Like the guy who ordered his new computers with XP Home instead of Pro to save money on the belief they could be "hacked" to join a domain (which XP Home can't do). His face was red when he found out he had to go back down to Best Buy and get full retail boxed versions of XP Pro and ended up spending twice as much as he thought he "saved".
Tall-Introduction414@reddit
Ah, so it acts as a "per head" license. Makes sense. I've worked in shops where this was done using a FlexLM license server.
earthman34@reddit
I don't remember what the brand was, if it was Husqvarna or not, but the idea was that you would have a dedicated PC for each embroidery machine. I dealt with software for large industrial label printing machines that worked the same way. You could only run it on the one machine with a hardware key.
DohRayMe@reddit
Been a while, All I can offer is we used Vector based graphics as re scaling worked best, no idea anymore the software was.
geekywarrior@reddit
The bypass might not be too bad. It's along the same lines as a NO-CD bypass from way back when. Not sure how much I can talk about it here, but looking into how No CD bypasses work would be the first road to go down.
Damaniel2@reddit
I imagine the dongle wouldn't be hard to reverse engineer for someone suitably motivated. A niche piece of software from the 90s probably wasn't using something sophisticated; it could just be a passive parallel port device.
The easiest way to remove it though would be to crack the dongle check code. 'Easist' is relative though, since you still need the appropriate skill set.
Bipogram@reddit
Unknown logic inside the dongle, mind.
Might be a handful of dumb resistors.
Might be an EPROM.
Skatekov@reddit
Try using / finding a free version of OESD Artsizer. I have a Bernina embroidery machine in the same situation (old software is locked ) and I use it in conjunction with inkscape w/ ink stitch plugin to get the job done.
Illustrious-Peak3822@reddit
Time to fire up Ghidra, set some break points and poke around.
EsoTechTrix@reddit
You would need to find a working dongle to start, at which point, well, you would not need the hack.
I can see this as a passion project, but honestly, I would think at this point you would want to just replace the app and have it work with something like Inkscape.
Again, if you had a working version, you could likely reverse engineer the thing at this point. But it's going to be a passion project unless your TAM is a population that would pay for the effort.