Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 03-04-2012, 06:30 AM
stuart1974 stuart1974 is offline
Member
 
Join Date: Jul 2010
Posts: 43
Default Sentinel License Seven Secrets

Hi,

I know we can derive the seven secets of a sentinel protected software from the license.

Is there a way to know where are these secrets hidden in the software itself.

The problem is that i have a fully working software with license. They have released a new version that uses the same vender ID and features, however the secrets has changed and i don't have access to any license. What i am thinking of is that if i know where they hide the secrets in the software in the version i have since i have them, i can search for the secrets in the new released version.

Is this possible.

Thanks
Stuart
Reply With Quote
  #2  
Old 03-04-2012, 08:03 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

What license?. Are you talking about SLM ?

Git
Reply With Quote
  #3  
Old 03-04-2012, 09:07 AM
stuart1974 stuart1974 is offline
Member
 
Join Date: Jul 2010
Posts: 43
Default Sentinel License Seven Secrets

Yes, this is what i mean.

Stuart
Reply With Quote
  #4  
Old 03-04-2012, 09:44 AM
crackslab crackslab is offline
Member
 
Join Date: Nov 2010
Posts: 28
Default

You talking about White box AES?
New SRM have new license type and it is White box AES, and this is possible with firmware.

New Sentinel SRM have RSA fucntion 512 this two type secrete using.
Reply With Quote
  #5  
Old 03-04-2012, 10:08 AM
zementmischer zementmischer is offline
Member
 
Join Date: Apr 2011
Location: Europe
Posts: 43
Default

@crackslab: no, he's talking about SafeNet RMS (SRM != RMS).

@stuart1974: In most cases you won't find the plain secrets inside your software - only their MD4 hashes are stored (and compared).
The challenge-response mechanism (aka. secrets) works like that:
  1. During the license request the MD4 hashes of the secrets inside your license file are computed.
  2. These MD4 hashes are compared to the MD4 hashes of your software vendor. Needless to say that these vendor hashes can be pre-computed because there's no need to do these calculations 'on-the-fly'. Only a stupid developer would store plain secrets inside the target!
__________________
Real programmers don't comment their code.
If it was hard to write, it should be hard to read.
Reply With Quote
  #6  
Old 03-04-2012, 11:56 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Yep, and there's plenty of those about. I've seen the idea that it's OK to store an AES key in the exe as long as you apply AES twice. It wouldn't have surprised me if they did the same with a symmetrical algorithm

Git
Reply With Quote
  #7  
Old 03-05-2012, 01:04 PM
stuart1974 stuart1974 is offline
Member
 
Join Date: Jul 2010
Posts: 43
Default

So i understand that this is not possible.
I should try something else then.

Thanks
Stuart
Reply With Quote
  #8  
Old 03-05-2012, 04:37 PM
zementmischer zementmischer is offline
Member
 
Join Date: Apr 2011
Location: Europe
Posts: 43
Default

No, it just means that you need a good amount of luck (eg. lazy developers who don't like to read manuals)

Here's the interesting part: the RMS SDK contains an example which demonstrates the challenge-response mechanism. But it's more likely an example how to NOT use this feature because it stores the plain secrets inside the exe and computes all MD4 hashes 'on-the-fly'.
Only the reference manual contains some notes about pre-computing MD4 hash values.
So, your luck is directly correlated to the laziness of the developer because a lazy one will just do a copy&paste of the example implementation

Another option is to generate MD4 hashes for some arbitary secrets and to replace the original hash values with your computed ones. In this case you would generate a license with your own secrets.
__________________
Real programmers don't comment their code.
If it was hard to write, it should be hard to read.
Reply With Quote
  #9  
Old 06-30-2013, 11:31 AM
stuart1974 stuart1974 is offline
Member
 
Join Date: Jul 2010
Posts: 43
Default

Hi Bfox & Zementmischer,

Below is the link to my Target:

http://www.mediafire.com/?08lrxa5bya44oa4

It seems it uses different secrets for diferent Host ID, so no two licenses have the same seven secrets.

Can you Please Check.

Pass in you PM

Thanks
Stuart
Reply With Quote
  #10  
Old 06-30-2013, 01:17 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,265
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

my PM is empty
__________________
... Either you work well or you work much ....
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.