Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 12-01-2011, 05:35 AM
Landogar Landogar is offline
Member
 
Join Date: Dec 2007
Posts: 28
Default

Thanks Git
Reply With Quote
  #12  
Old 12-01-2011, 11:58 AM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

GIT, in multikey sentinel example 18.2.3 and above reg should be like this
Code:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\00006CC1]
dmp2mkey2.5.7.9 out put 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\6CC10000]
this need to change....
Reply With Quote
  #13  
Old 12-01-2011, 12:15 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

For multikey? has he changed it again because I specifically changed it TO that way round to accomodate MultiKey?!.

MK 0.19.1.9 manual shows it as 0000xxxx . A quick search shows every example on this forum except one as xxxx0000. I know MK changed in the past so maybe both are right depending on which version of MK you use. My own emulator uses the 0000xxxx format. Maybe I should make it a command line parameter then folk can please themselves. If I use an INI file it could have an entry for the whole of the first line path plus a template for the devid, and also entries for the name of the cell data and access code entries. That should cover most emulators.

Git

Last edited by Git : 12-01-2011 at 01:15 PM.
Reply With Quote
  #14  
Old 12-01-2011, 02:09 PM
Lomex Lomex is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Default

Hi Git,

tried your tool, and for the first time, a converted dump does not work. I mean its not the foult of your tool. Got almost the same result with f1 nodongle.

Here the result with your tool. F1 tells me that it solved the 3 algos, but it gives me the SAME RESULT for all 3 algos, which cant be.

Code:
Dmp2Mkey V2.5.7.9  Git 29NOV2011

Number of Query Cells = 3
0x08 0x0A 0x0E

DevID = 0xXXXX
Serial = 0xXXXX
WP = 0x0000

Cell 0x08 : standard, sig=351
-***************-*******************************-***************
Cell 0x08 not solved

Cell 0x0A : standard, sig=251
-***************-*******************************-***************
Cell 0x0A not solved

Cell 0x0E : standard, sig=257
-*******************************-*******************************
Cell 0x0E not solved

Processing time   51.625 seconds

Writing MultiKey Registry file...
Any reason why your tool cant solve the needed algos. Or why F1 tool gives out the same results for all 3 algos.

Output of F1 tool:

Code:
3 algo:
08 0a 0e
 cell 08 std. algo  Cell_08 = 0100 Cell_09 = 0000 WP = 0008
 cell 0a std. algo  Cell_0a = 0100 Cell_0b = 0000 WP = 0008
 cell 0e std. algo  Cell_0e = 0100 Cell_0f = 0000 WP = 0008
Sorry cant post the dump, since it includes private data from a friend (dongle number) and I dont want that he get in trouble.

cu

Lomex
Reply With Quote
  #15  
Old 12-01-2011, 02:48 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Yeah, the problem is that they are all Standard algo which relies on the correct WP. That value of 0008 is a dummy and not correct. Any solver will fail because you cannot solve a Standard algo without the WP. That said, SafeDump will try to calculate the WP if the dongle has Standard Algos. Try to dump it with SafeDump. Your dongle will not be locked and you will probably get the WP. I believe one of the dumpers incorrectly puts an 8 there when it is told to not brute force the WP.

That "sig = xxx" that you see is a statistical analysis of the data. If the sig is greater than 700 it is an Enhanced algo, else it is a Standard algo.

If you can PM me the devid I may have a dump/regfile.


Later that same week...

@kjms - I have implemented a dmp2mkey.ini file in v2.5.8. I has the following entries :

[emulator]
path=[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\0000xxxx]
accessname=CellType
dataname=sntMemory
cell57=1


path : this sets the full registry path where you want to store the reg file. The last part can be 0000xxxx or xxxx0000. In each case xxxx will be replaced by the DevID, also the generated file name will be 0000xxxx.reg or xxxx0000.reg.

accessname : this is the name of the access code data array. Currently CellType in multikey.

dataname : this is the name of the cell data array. Currently sntMemory in multikey.

cell57 : this is the value that will be put in the access code for cell 5 and cell7. It can be set to 1 or 3. Currently 1 in multikey and 3 in all other emulators.

This combination of values should allow dmp2mkey to generate reg files for almost any emulator with the minimum hand editing, if any. Can anybody think of any other entries for the INI file before I release it?.

Git

Last edited by Git : 12-06-2011 at 02:03 PM.
Reply With Quote
  #16  
Old 12-02-2011, 05:13 PM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default

thanks git nice job
Reply With Quote
  #17  
Old 12-17-2011, 01:04 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Version 2.5.9.1 now available for download.

http://hotfile.com/dl/177681349/ed94...y2591.zip.html

Code:
Changes to 2.5.9.1  17 December 2011
  Introduced INI file for flexibility
  Defined usability limit at SSE2 CPU's
  Added warning and quits if CPU does not support SSE2
  Couple of minor cosmetic changes
  dmp2mkey version noted in reg file
  Made console routines thread safe
  Added ability to save SSP file
INI file should prove useful. With correct entries it will make reg file for any VUSB based emulator. Read dmp2mkey.txt to make sure you have SSE2 CPU.

Code:
[emulator]
path=[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\0000xxxx]
accessname=CellType
dataname=sntMemory
cell57=1
ssp=0

path : this sets the full registry path where you want to store the reg file. The last part 
         can be 0000xxxx or xxxx0000. In each case xxxx will be replaced in the reg file by the 
         DevID, also the generated file name will be 0000xxxx.reg or xxxx0000.reg.

accessname : this is the name of the cell access code array. Currently CellType in multikey.

dataname : this is the name of the cell data array. Currently sntMemory in multikey.

cell57 : this is the value that will be put in the access code for cell 5 and cell 7. 
           It can be set to 1 or 3. Currently 1 for multikey and 3 in all other emulators.
           Any other value will cause the use of cell 5 & 7 access code from the dump.

ssp   : this controls the production of a *.ssp file for old emulators, in addition to the 
          reg file. The file xxxx.ssp is produced if ssp=1 and not produced if ssp=0.

Git

Last edited by Git : 10-27-2012 at 09:12 AM.
Reply With Quote
  #18  
Old 12-17-2011, 01:19 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

Excellent, thank you much.....
Reply With Quote
  #19  
Old 01-05-2012, 02:56 AM
paulmarry paulmarry is offline
Member
 
Join Date: Feb 2009
Posts: 9
Default

Thanks, Git
Reply With Quote
  #20  
Old 04-13-2012, 08:03 AM
1933 1933 is offline
Member
 
Join Date: Sep 2010
Posts: 23
Default

where to find the reg file after clicking on dmp2mkey??
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.