Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse Code Engineering (http://www.reteam.org/board/forumdisplay.php?f=23)
-   -   Rockey4 Emulator (http://www.reteam.org/board/showthread.php?t=594)

Softcrk 12-13-2007 06:08 AM

Rockey4 Emulator
 
ROCKEY4 Dongle Shell Emulator

http://rapidshare.de/files/38038038/...12.10.rar.html
http://www.plunder.com/-download-Mrt...WyjBGGHlDA.htm

Msn:Softcrk@hotmail.com

cEnginEEr 12-13-2007 07:42 AM

hmm..dos this R4 shell emul support RY_SEED api in full or just uses table-based method?

Softcrk 12-13-2007 08:20 AM

Quote:

Originally Posted by cEnginEEr (Post 4791)
hmm..dos this R4 shell emul support RY_SEED api in full or just uses table-based method?




i can calculate rockey4 RY_seed...I only need dongle BAs1 and BAS2 AND hardware ID

I write rockey4 emulator can emulator all api:D

cEnginEEr 12-13-2007 08:34 AM

Quote:

Originally Posted by Softcrk (Post 4793)
i can calculate rockey4 RY_seed...I only need dongle BAs1 and BAS2 AND hardware ID..

hmm, good for you; feitin says that their hardware algo depends on both of bas & adv passwords, I do possess RY_seed algo for a sample dongle, can see p1 & p2 explicitly but not p3 or p4; also there is a constant which I guess is calculated from p3 & p4; any idea?

Quote:

Originally Posted by Softcrk (Post 4793)
..I write rockey4 emulator can emulator all api:D

even user algo ? ;)

Softcrk 12-13-2007 09:12 AM

Quote:

Originally Posted by cEnginEEr (Post 4794)
hmm, good for you; feitin says that their hardware algo depends on both of bas & adv passwords, I do possess RY_seed algo for a sample dongle, can see p1 & p2 explicitly but not p3 or p4; also there is a constant which I guess is calculated from p3 & p4; any idea?

Have p1 and p2 always can emulator it,but very disamenity.

even user algo ? ;)

YES..........

Softcrk 12-13-2007 09:14 AM

Quote:

Originally Posted by cEnginEEr (Post 4794)
hmm, good for you; feitin says that their hardware algo depends on both of bas & adv passwords, I do possess RY_seed algo for a sample dongle, can see p1 & p2 explicitly but not p3 or p4; also there is a constant which I guess is calculated from p3 & p4; any idea?



even user algo ? ;)

Have p1 and p2 always can emulator it,but very disamenity.
I can calculated algo

cEnginEEr 12-13-2007 09:19 AM

Quote:

Originally Posted by Softcrk (Post 4797)
Have p1 and p2 always can emulator it,but very disamenity...
I can calculated algo

maybe RY_SEED=f(P1, P2)..I'll have try my algo with another r4 to check it...

PS can you post/PM any tool for dumping user algo zone?

Softcrk 12-13-2007 09:21 AM

Quote:

Originally Posted by cEnginEEr (Post 4798)
very good Softcrk, can you post/PM any tool for dumping user algo zone?

I don,t write any DUMP tools,you can From www.nodongle.biz download dmp tools

cEnginEEr 12-13-2007 09:29 AM

Quote:

Originally Posted by Softcrk (Post 4799)
I don,t write any DUMP tools,you can From www.nodongle.biz download dmp tools

BWAHAHHAHAHA..nodongle.biz..HEHEEE...so you are here just to advertise nodongle...;)

well, my apology for saying this, I don't think you possess r4 hardware algo or anything you just claimed...:p :D

PS I'm 100% sure that www.nodongle.biz team do not have full emul for Rockey4%..contact me if you desire and I can prove;

Softcrk 12-13-2007 09:45 AM

Quote:

Originally Posted by cEnginEEr (Post 4801)
BWAHAHHAHAHA..nodongle.biz..HEHEEE...so you are here just to advertise nodongle...;)

well, my apology for saying this, I don't think you possess r4 hardware algo or anything you just claimed...:p :D

PS I'm 100% sure that www.nodongle.biz team do not have full emul for Rockey4%..contact me if you desire and I can prove;

I emulator r4 shell,only need p1 and p2,and ID..
I can form p1,p2,id find shell algo.....
I know nodongle trem do not emulator r4 all api and not emulator shell....
you want emu r4 shell,nodongle.biz tools always enough
If you want emu r4 shell,I can help you...

ngoksun 12-13-2007 10:28 AM

As I know, softcrk was real Rockey4 expert. He can emu this dongle better than nodongle.biz team.
Actually, RY_seed function just depend on the HID and Basic PW1&PW2. the Advanced PW3&PW4 is used for user algo function.;)

pivasik 12-13-2007 06:02 PM

Quote:

Originally Posted by cEnginEEr (Post 4801)
BWAHAHHAHAHA..nodongle.biz..HEHEEE...so you are here just to advertise nodongle...;)

PS I'm 100% sure that www.nodongle.biz team do not have full emul for Rockey4%..contact me if you desire and I can prove;

I don't think that he want advertise nodongle.
Also, I confirm that nd.biz team never had or proposed universal (full) solution for Rockey 3/4/5/6 dongles. All solutions were software-specific.

Quote:

Originally Posted by ngoksun
He can emu this dongle better than nodongle.biz team.

Don't want to flame here, but LOL... Solution should be so simple as possible, but not simpler. It means if you want solution for specific software - you can make and use it, not depends of it's internals or implementation. It can be bithack, loader, emulation, etc. Universal vs specific solutions like atomic bomb vs gun.

p.s. (special for cEngenEEr) exactly, nd.biz team not exists at all in common sense of "team" word. And... thanks for good releases on the scene.

cEnginEEr 12-14-2007 05:46 AM

well, after a long time an interesting thread has began and hopefully it won't die so soon...:cool:

Quote:

Originally Posted by ngoksun (Post 4805)
As I know, softcrk was real Rockey4 expert....

hmmm....well, the emul itself is totally VMProtected and there is no chance for direct analysis, so I coded a simple filter driver for monitoring R4 api call; I run "E4_NOTEPAD_SHELL_TEST.EXE" 3 times and found the following output in the logger...

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0016EAB3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0016FE3B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001711C3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0017254B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001738D3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00174C5B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00175FE3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0017736B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001786F3 -> Ret:0000 

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00022C36 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00023FCE -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00025356 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000266ED -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00027A75 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00028DFD -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0002A185 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0002B50D -> Ret:0000 

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00040905 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00041C8D -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00043024 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000443BC -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00045744 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00046ACC -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00047E54 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000491DC -> Ret:0000 

Here I can see that each time the first call to RY_SEED returns correct answers, using this value R4SELL calculates a 192-bit DES key and decrypts the software itself; for the rest of RY_SEED calls which are perform for envelope background checks, the emulator simply return the basic passwords which are totally useless; I know that neither envelope nor the software itself doesn't use them and SW successfully starts, what I was saying is that this can't be universal solution but a custom emul;

@Softcrk: if this you really have hardware algo of R4, then why your emul doesn't calculate simply the right answer for all of RY_SEED request?

Quote:

Originally Posted by ngoksun (Post 4805)
...Actually, RY_seed function just depend on the HID and Basic PW1&PW2...

I disagree..you have missed Adv.P3, Adv.P4; ;)

Quote:

Originally Posted by ngoksun (Post 4805)
...the Advanced PW3&PW4 is used for user algo function.;)

user algoes are defined by user and their result\calculation has nothing to do advanced passwords. you need PW3&PW4 just for writing the algoes on dongle...

Quote:

Originally Posted by pivasik (Post 4812)
....Universal vs specific solutions like atomic bomb vs gun....

me thinks exactly the same.

Regards
___________
cEnginEEr

Softcrk 12-14-2007 08:16 AM

Quote:

Originally Posted by cEnginEEr (Post 4816)
well, after a long time an interesting thread has began and hopefully it won't die so soon...:cool:


hmmm....well, the emul itself is totally VMProtected and there is no chance for direct analysis, so I coded a simple filter driver for monitoring R4 api call; I run "E4_NOTEPAD_SHELL_TEST.EXE" 3 times and found the following output in the logger...

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0016EAB3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0016FE3B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001711C3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0017254B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001738D3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00174C5B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00175FE3 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0017736B -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:001786F3 -> Ret:0000 

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00022C36 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00023FCE -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00025356 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000266ED -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00027A75 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00028DFD -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0002A185 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:0002B50D -> Ret:0000 

PHP Code:

RY_Find  |  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:9ACC,P2:139A,P3:2FD7,P4:DFA0 LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00040905 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00041C8D -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00043024 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000443BC -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00045744 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00046ACC -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:00047E54 -> Ret:0000
RY_Seed  
|  P1:1111,P2:2222,P3:0000,P4:0000 LP2:000491DC -> Ret:0000 

Here I can see that each time the first call to RY_SEED returns correct answers, using this value R4SELL calculates a 192-bit DES key and decrypts the software itself; for the rest of RY_SEED calls which are perform for envelope background checks, the emulator simply return the basic passwords which are totally useless; I know that neither envelope nor the software itself doesn't use them and SW successfully starts, what I was saying is that this can't be universal solution but a custom emul;

@Softcrk: if this you really have hardware algo of R4, then why your emul doesn't calculate simply the right answer for all of RY_SEED request?


I disagree..you have missed Adv.P3, Adv.P4; ;)


user algoes are defined by user and their result\calculation has nothing to do advanced passwords. you need PW3&PW4 just for writing the algoes on dongle...


me thinks exactly the same.

Regards
___________
cEnginEEr


You are the master:) ..................
You too were formidable.............

cEnginEEr 12-14-2007 08:27 AM

Quote:

Originally Posted by Softcrk (Post 4818)
You are the master:) ..................
You too were formidable.............

Don't get me wrong Softcrk, I'm not trying to prove anything about myself at all...your work is very good and no one can deny, I just ask some questions to clarify state of the emulator.

Softcrk 12-14-2007 09:35 AM

Quote:

Originally Posted by cEnginEEr (Post 4819)
Don't get me wrong Softcrk, I'm not trying to prove anything about myself at all...your work is very good and no one can deny, I just ask some questions to clarify state of the emulator.



you are the best one that i have ever seen about analysis debug.
my driver is made myself.
this is a DEMO.publish.
i can emul all of api .
the driver , i can do the univeral publish ,but i do not want to do the univeral publish .
there is something is personal,so i do not talk on internet.
for the results , wong or right , i just know
and i think that you know,too
all of dongle shell is the most difficult : algo or uses table-based method
i can do anything to approach the right result .
i come from Taiwan.
i am not good at ENGLISH.
this paper is someone writen for me.
give me your e-lmail address , i want to talk you more.
:D

BfoX 12-15-2007 04:50 AM

RY_seed function depend on the Basic PW1&PW2 ONLY.

Old shell can be removed without dongle. New shell used 3DES cipher and need knowledge algo or make table for removing it.

Softcrk 12-15-2007 05:10 AM

Quote:

Originally Posted by BfoX (Post 4838)
RY_seed function depend on the Basic PW1&PW2 ONLY.

Old shell can be removed without dongle. New shell used 3DES cipher and need knowledge algo or make table for removing it.



New shell always success

:D

BfoX 12-15-2007 05:15 AM

Quote:

Originally Posted by Softcrk (Post 4839)
New shell always success :D

Show it here :P

Softcrk 12-15-2007 05:21 AM

Quote:

Originally Posted by BfoX (Post 4840)
Show it here :P


Can you emulator new shell ?
Give me you shell software and monitoring data or debug dongle data.....I make it

please mail to softcrk@gmail.com or softcrk@hotmail.com

BfoX 12-15-2007 06:06 AM

Quote:

Originally Posted by Softcrk (Post 4841)
Can you emulator new shell ?


yes, sure. my table emule is passed old and new shell.

Softcrk 12-15-2007 12:31 PM

Quote:

Originally Posted by BfoX (Post 4842)
yes, sure. my table emule is passed old and new shell.



p1:BB39 P2:B4B4 Rockey 1.0 emulator:D


http://rapidshare.de/files/38055963/...-emul.rar.html

BfoX 12-16-2007 06:00 AM

Yes, work. Only for ONE seed=0x00001000. Universal has work with 2^32.

cEnginEEr 12-16-2007 06:09 AM

Quote:

Originally Posted by Softcrk (Post 4849)
p1:BB39 P2:B4B4 Rockey 1.0 emulator:D

a custom solution like the previous one....

Quote:

Originally Posted by BfoX (Post 4853)
... Universal has work with 2^32.

..and I think you don't have it ;)

Softcrk 12-16-2007 11:25 AM

[quote=cEnginEEr;4854]a custom solution like the previous one....



PW1 BB39 BW2 B4B4

Seed Handle:0000 LP2:00000000 P1:77E8 P2:0857 P3:2BB3 P4:2273 Ret:0000
Seed Handle:0000 LP2:00000100 P1:FE1C P2:7B40 P3:03F1 P4:59AC Ret:0000
Seed Handle:0000 LP2:00000200 P1:D84E P2:E82D P3:AA04 P4:8B0A Ret:0000
Seed Handle:0000 LP2:00000300 P1:2576 P2:E380 P3:4D84 P4:9BD0 Ret:0000


Seed Handle:0000 LP2:00000011 P1:BA02 P2:FDFC P3:3C1A P4:74C1 Ret:0000
Seed Handle:0000 LP2:00000012 P1:12C5 P2:30FE P3:6E43 P4:E61E Ret:0000
Seed Handle:0000 LP2:00000013 P1:D910 P2:5B14 P3:A496 P4:7567 Ret:0000
Seed Handle:0000 LP2:00000014 P1:BC3A P2:5E8B P3:3757 P4:7607 Ret:0000


Seed Handle:0000 LP2:00001001 P1:EE0E P2:7546 P3:8D93 P4:8601 Ret:0000
Seed Handle:0000 LP2:00001002 P1:F2E4 P2:FB20 P3:849C P4:09D6 Ret:0000
Seed Handle:0000 LP2:00001003 P1:DD33 P2:D5D2 P3:1C06 P4:61A2 Ret:0000
Seed Handle:0000 LP2:00001004 P1:B4A1 P2:289F P3:A77A P4:1461 Ret:0000

cEnginEEr 12-17-2007 08:03 AM

Softcrk, do you think that adding some more entries to RY_SEED emulation table makes it universal? ;) see my log output:

PHP Code:

RY_Find  |  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:2EC6,P2:3546,P3:499B,P4:BB0E LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00018269 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:000195F1 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0001A979 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0001BD01 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0001D089 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0001E411 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0001F799 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00020B21 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00021EA9 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00023231 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:000245B9 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00025941 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00026CC9 -> Ret:0000 

PHP Code:

RY_Find  |  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP1:00000001 -> Ret:0000
RY_Open  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP1:00000001,LP2:00000001,Handle:0000 -> Ret:0000
RY_Seed  
|  P1:2EC6,P2:3546,P3:499B,P4:BB0E LP2:00001000 -> Ret:0000
RY_Close 
|  Handle:0000 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0002ED92 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003011A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:000314A2 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003282A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00033BB2 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00034F4A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:000362D2 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003764A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:000389D2 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00039D5A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003B0E2 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003C46A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003D802 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003EB7A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0003FF12 -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:0004128A -> Ret:0000
RY_Seed  
|  P1:BB39,P2:B4B4,P3:0000,P4:0000 LP2:00042622 -> Ret:0000 

not a good trick, you R4Guru :D :D :D

TORO 12-17-2007 12:25 PM

hi all
user algo of a rockey4 dongle can be emulate via a well defined neural netwrok, just see input/output values and count ,and note that rockey4 chip is a famouse 8 bit cypress chip, so all operations must be done via 8 bit operators ,mostly add and xor, i did such exam long time ago successfully on my rockey4 dongle.
btw, trojan algo is a good idea and i know one of my friends successfully implimented on a rockey5.
and one more important info is rockey is a good dongle, its design logic is better than hasp and sentinel, but becuase of its bad interface which is hard to work, i do not like it. may of developers so not use in same reason. so we ca not see many sofwtares which protected with rockey,so as a reverser i prefer to work on more famouse dongles.:D

alisa 01-07-2008 10:14 AM

rockey4 expert Softcrk,please emulate one which,the data is available at http://reteam.ys168.com
thanks

tale 02-21-2008 12:09 PM

Rockey4 Emulator how to make?
 
Hi Softcrk,
I've read your post in RCE board about R4 emulator.
You can make R4 Shell emuator.I've a problem and want our advice from you how to make R4 emulator.
I 've dump Rockey4 dongle in file 12FB4.txt by R4Monitor.exe.But i don't know how to make and R4 shell emulator ( sys file)?
Can you help me or advice me what tools to make it?
I upload dumpfile in R4Monitor&dongledump.rar and Software Easy Pro for you to test.
I'waitting for your help.
Link of this ....
http://rapidshare.com/files/90833608/EasyPro.rar
http://rapidshare.com/files/93708904...edump.rar.html
TIA
tale

BfoX 02-21-2008 12:34 PM

@tale: all in you .txt file... :D

tale 02-21-2008 11:19 PM

Quote:

Originally Posted by BfoX (Post 5835)
@tale: all in you .txt file... :D

I can't make from .txt file.
Can you help me? Sir.
TIA
tale

Pan88168 02-22-2008 04:32 AM

Quote:

Originally Posted by tale (Post 5834)
Hi Softcrk,
I've read your post in RCE board about R4 emulator.
You can make R4 Shell emuator.I've a problem and want our advice from you how to make R4 emulator.
I 've dump Rockey4 dongle in file 12FB4.txt by R4Monitor.exe.But i don't know how to make and R4 shell emulator ( sys file)?
Can you help me or advice me what tools to make it?
I upload dumpfile in R4Monitor&dongledump.rar and Software Easy Pro for you to test.
I'waitting for your help.
Link of this ....
http://rapidshare.com/files/90833608/EasyPro.rar
http://rapidshare.com/files/93708904...edump.rar.html
TIA
tale


Trojan/win32.agent.abj kill

benito 02-22-2008 10:25 AM

Quote:

Originally Posted by Pan88168 (Post 5846)
Trojan/win32.agent.abj kill


i dont think so...maybe stupid nod32 :))

kiki 02-22-2008 11:27 AM

Quote:

Originally Posted by benito (Post 5854)
i dont think so...maybe stupid nod32 :))

bit defender detect it as trojan.agent.pw :D

uel888 02-22-2008 04:45 PM

It is also detected as a trojan using kaspersky 6.0.

benito 02-22-2008 05:01 PM

many antivirus say about almost all cracking tools that it is trojan :) , but who knows :)

dee 02-23-2008 08:11 AM

many tools witch do hooking gets detected as trojans by antivirus.

BfoX 02-24-2008 01:18 AM

It simply OLD Rockey4 Shell...

@tale: check PM pls. :D

tale 02-24-2008 12:36 PM

R4
 
Hi Bfox,
Thanks very much for help.
I esteem you.
tale.

zonta 02-03-2009 03:44 PM

Hello guys sorry to bump this old tread but when i try to exexute : E4_NOTEPAD_SHELL_TEST.EXE . Its said No dongle please contact softcrk@hotmail.com


All times are GMT -4. The time now is 11:47 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.