Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-30-2010, 08:07 AM
asch75 asch75 is offline
Member
 
Join Date: Sep 2010
Posts: 12
Default Old Sentemul .REG to Multikey

Hi; first sorry about my poor english. Second; I readed and readed this forum and tested a lot of utils without results; that's why I'm asking for help.

I have an old sentemu emulator (older than the 2007 one) with a .reg file I generated by me old time ago using a sentinel monitor and some dumper. In the process I breaked my Sentinel dongle; but the emulator was running ok.

Now I'm trying to convert this REG file to MULTIKEY REG file; and seems possible but I need help on how to manually translate the "Queries" part.

Anyone can tell me how to do that? Can multikey use queries?
Of course I try to dump the emulator using PVA and any dumper I found; without results.

This is a small sample of the REG file:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Emulator\Sentinel\3971]
"Memory"=hex:5C,01,71,39,00,00,4C,CE,F8,BD,00,00,0 0,00,08,00,\
FF,07,00,00,53,E7,A9,01,74,F2,90,52,93,9D,87,6B,\
30,AE,4B,ED,3A,88,43,FF,8F,1A,57,7D,80,FA,10,2A,\
48,EB,39,2A,89,D7,12,A2,8C,FF,26,2B,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,5F,F0,70,\
01,01,00,00,01,01,00,00,01,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
"MemoryAccess"=hex:01,01,03,03,03,01,03,01,\
00,00,07,03,07,03,07,03,\
07,03,07,03,07,03,03,03,\
03,03,07,03,03,03,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,
"Status"=hex:01,01
"Security"=hex:BB,AA,D0,07,BB,AA,D0,07,5C,01,71,39 ,B5,FF,51,BE

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Emulator\Sentinel\3971\Queries]
"Int"=hex:0A,04,8D,C0,97,0F,3A,B2,C9,18

"PGp"=hex:10,04,3F,B3,5E,5F,40,7C,75,37

"PGc"=hex:12,04,FE,82,DB,04,A3,57,E7,19


Link to the sentinel emulator: http://www.megaupload.com/?d=I1904R8H
Thanks!

Last edited by asch75 : 09-30-2010 at 09:52 AM. Reason: attach a file
Reply With Quote
  #2  
Old 09-30-2010, 09:06 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,265
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

show the emulator for this reg
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 09-30-2010, 09:26 AM
asch75 asch75 is offline
Member
 
Join Date: Sep 2010
Posts: 12
Default

Attached a link in the first post. Thanks Bfox.
Reply With Quote
  #4  
Old 10-01-2010, 04:03 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

as from ur reg...

Code:
"Status"=hex:01,01
don't know what it is for

Code:
"Security"=hex:BB,AA,D0,07,BB,AA,D0,07,5C,01,71,39 ,B5,FF,51,BE
first 4 bytes "BB,AA,D0,07" are end of trial period
"BB" is date
"AA" is month
"D0,07" is year
I guess emulator end year was 2000 but cannot guess date and month

second 4 bytes "BB,AA,D0,07" is same but for start of trial period

third double word "5C,01" is the dongle serial no.

fourth double word "71,39" is the developer's id

last 4 bytes are algorithm needed for the emulator to work...algo is as below
Code:
dword4=(((dword2+0x459af96c)^(dword1+0x12345678))* (dword3+0x549CDFED))^0x19F65901
operators
+ operator = binary OR
* operator = binary AND
^ operator = binary NAND

regarding queries
Code:
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Emulator\Sentinel\3971\Queries]
"Int"=hex:0A,04,8D,C0,97,0F,3A,B2,C9,18
first byte "0A" refers to cell will be queried.
second byte "04" is the length of query.
next 4 bytes "8D,C0,97,0F" is the query and next 4 bytes "0F,3A,B2,C9,18" are answers

everything else is same as mkey....
now my question is can mk 18.2.4 or others be used with queries for superpro (not XM or ultrapro) and also what is status

@asch75 can I have software for this if it is not too big along with working emulator...for test purpose?

Last edited by yogi_saw : 10-01-2010 at 04:23 AM.
Reply With Quote
  #5  
Old 10-03-2010, 07:04 PM
asch75 asch75 is offline
Member
 
Join Date: Sep 2010
Posts: 12
Default

yogi_saw:
I think I can rip one module in less than 1mb.
It uses the first query:
"Int"=hex:0A,04,8D,C0,97,0F,3A,B2,C9,18

Will be this enough? Do you need more?

Also;
- Maybe the "Status" refers to dongle type.
- And about "security"; can be "AesKey"?

Can someone explain this from the mkey manual?:

...MultiKey\Dumps\0000xxxx\cell_yy] - yy - cell, ,
"12345678"=hex:22,33,44,55
"1122334455667788"=hex:11,12,13,14,15,16,17,18
"11223344556677888877665544332211"=hex:88,77,66,55 ,44,33,22,11,11,22,33,44,55,66,77,88
Reply With Quote
  #6  
Old 10-03-2010, 09:20 PM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Code:
yogi_saw:
I think I can rip one module in less than 1mb. 
It uses the first query:
"Int"=hex:0A,04,8D,C0,97,0F,3A,B2,C9,18
i didn't understand u...
Code:
Also;
- Maybe the "Status" refers to dongle type.
Maybe
Code:
- And about "security"; can be "AesKey"?
I have explained what is security

.
Code:
..MultiKey\Dumps\0000xxxx\cell_yy] - yy - 060208 cell, 010507 060608060006 050204, 010507 0301060006 09020505 090906 050204
"12345678"=hex:22,33,44,55
"1122334455667788"=hex:11,12,13,14,15,16,17,18
"11223344556677888877665544332211"=hex:88,77,66,55,44,33,22,11,11,22,33,44,55,66,77,88
this is nothing more than q/a table

mk can handle q/a table but that is for keys with secure tunnel and dont know if it can handle q/a for superpro with known algorithm...
My friend u missed last line of my post in reading would u share soft and emul for testing?

Last edited by yogi_saw : 10-06-2010 at 01:26 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.