Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-11-2012, 12:36 PM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default Multikey help

Need some help with this Multikey program file.

Windows 7 - 64 Bit
Using MK_18.2.4_x64_WIN7
Here are the steps I followed

turned off UAC
REBOOT!!
1) Install newest Sentinel Drivers.
2) Run Driver Signature Enforcement Overrider Tool.
Select "enable test mode" -> next -> ok
Reboot !!!
3) Import "XXXEmu.reg" to registry
4) Install the Emulator in the Emulator folder, via the install.cmd.
5) Copy by hand "again" the "Multikey.sys" file to this folder
c:\windows\system 32\drivers\
and "overwrite" the existing file there.
REBOOT
6) After reboot a new Sentinel Dongle should be recognized. If not, look at
your Device Manager if there is an active "Virtual USB Multikey"
(without exclamation mark). Also right click on the Multikey.sys inside
the Drivers folder, and check if the Signature is there and if its accepted.
If it still doesnt work, than reboot and press F8 on Startup and click on
Disable Driver Signing Check. Than the Multikey Emu and the Dongle
should be recognized for sure

7) I get 2 different instances:

1 File "Virtual USB Multikey is there without exclamation mark but driver says not digitally signed so it's not recognized by my software.
2 File "Virtual USB Multikey is there with exclamation mark and also not digitally signed so not seen by software.

I have cleaned every instance of Multikey from system & used regedit to clean files listed here in forum from members (thanks Git & others who posted before me)
Still no joy.
I have tried to turn off cryptographic services under services but it keeps turning itself back on! Haven't tried going into the windows file and just renaming it.
Seems that is not needed but it pisses me off this my machine not M$ !!(small rant)

One thing I do notice it that when I install multikey I don't always get a pop up message from windows asking me if I want to install the file.
Tried installing it after cleaning again using cmd by hand and get same result.

I have tried this on 2 different machines both running win7 64 bit ultimate and get same results.

Cleaned again, waiting for some suggestions.
Seems only problem is the digital signature so it wont run?

Thanks
Dr Pete
Reply With Quote
  #2  
Old 10-11-2012, 03:04 PM
Lomex Lomex is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Default

Hehe, its obvious which software you are trying to install.

Anyway. Your Problem is STEP 5. That is needed, since if you install the EMU, Windows likes to remove the Driver Signature from the file. Thats why you need to copy it over AGAIN, since the file got already a sign verfication.

Also try to add the NGO Certificate (right click) to your host system
Reply With Quote
  #3  
Old 10-11-2012, 03:47 PM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default

I didn't want to say anything (Huge Thanks for this "toy")

Business, I did step 5!
I think it must be the built in stuff that windows does that messes things up we try.

Cleaned up system, what is NGO certificate?
Reply With Quote
  #4  
Old 10-11-2012, 10:14 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

you need license from author for MK_18.2.4_x64_WIN7
Reply With Quote
  #5  
Old 10-12-2012, 02:32 AM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default

Okay got things sorted out with multikey
Certificate is installed signed & accepted.
New problem, license says time stamp tampered with.
I go back into multikey & driver says not digitally signed but everywhere else including putting into certificate deposit & accepting says good.

3 days & I think giving up. Very frustrating when I change something & find out the computer changes it back or win7 won't let me change or delete things.

Works fine under xp

Lomex I appreciate your help very much.
Learned a few things along this path.
Reply With Quote
  #6  
Old 10-12-2012, 06:02 AM
Lomex Lomex is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Default

Hi,

it seems that YOU dont get it. The problem with the Driver Signing could be fixed, while pressing F8 on every Startup.

But, you tried to use the 64 Bit MK V1.8.2.4. It CANT work with that, because of missing of proper License.

Why do you think, it was ONLY a 32 Bit Emu included ???
Because of exactly that reason.

Try it on Windows 7 - "32 Bit". And it should work fine too.
Or pay money to the author from MK for a License.
Reply With Quote
  #7  
Old 10-12-2012, 08:49 AM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

or you try this for 64bit http://reteam.org/board/showpost.php...7&postcount=13
Reply With Quote
  #8  
Old 10-12-2012, 10:26 AM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default

Lomex, missed that one point about 32 bit right at the top of instructions. (when all else fails go back & READ the instructions SLOWLY)
Pushing F8 for some reason doesn't work on win7 (at least it doesn't for this machine)
Used cmd instruction to disable.
I am pretty sure I know why the license is giving me time stamp error now. I used 3 different versions of Multikey & they are all in certificate section.
Figuring out how to delete these keys short of format C:

Thanks
Reply With Quote
  #9  
Old 10-12-2012, 11:55 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

You are confused somewhere. Multikey only used a signing certificate once, and it was revoked the next day so is worthless.

Git
Reply With Quote
  #10  
Old 10-12-2012, 01:26 PM
Dr Pete Dr Pete is offline
Member
 
Join Date: Sep 2008
Posts: 25
Default

Git, so I clean the system of everything related to multikey & reinstall will still not work because certificate was revoked?

I cleaned everything by hand but there is a multikey instance under certificate store that I cannot delete even under safe mode.
Thoughts on how to delete that entry?
I also deleted certificates using mmc under cmd but the NGO certs wont delete also.

@kjms & lomex, do you think the 64 bit file would work for this program? Need the multikey.sys signed file which expires 2039?

Fortunately I imaged the system before install so easy to start new.

Reason I don't do this is Easy doesn't let me understand what I can fix myself. (Still learning stuff I can forget later)

Thanks,
Dr Pete
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.