Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-12-2009, 05:44 AM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default other dump, other question , Sentinel

i dump sentinel dongle but show this :

Code:
Number of Query Cells = 13 
0x08 0x0A 0x0C 0x0E 0x1C 0x1E 0x20 0x22 0x24 0x26 0x30 0x34 0x36 

DevID = 0xXXXX
Serial = 0xXXXX
WP = 0x0000

Cell 0x08 : enhanced, sig=13811
*************
Descriptor = 0xD4C363A4 C6 = 0x944A

Cell 0x0A : enhanced, sig=14188
********************
Descriptor = 0xDEE40674 C6 = 0x944A

Cell 0x0C : standard, sig=251
----------------------------------------------------------------
****************************************************************
Cell 0x0C not solved

Cell 0x0E : standard, sig=0

Cell 0x0E is Inactive (no data in dump)

Cell 0x1C : standard, sig=179
----------------------------------------------------------------
****************************************************************
Cell 0x1C not solved

Cell 0x1E : standard, sig=0

Cell 0x1E is Inactive (no data in dump)

Cell 0x20 : standard, sig=0

Cell 0x20 is Inactive (no data in dump)

Cell 0x22 : standard, sig=0

Cell 0x22 is Inactive (no data in dump)

Cell 0x24 : standard, sig=0

Cell 0x24 is Inactive (no data in dump)

Cell 0x26 : standard, sig=0

Cell 0x26 is Inactive (no data in dump)

Cell 0x30 : standard, sig=0

Cell 0x30 is Inactive (no data in dump)

Cell 0x34 : enhanced, sig=14745
**
Descriptor = 0xF13B68BF C6 = 0x944A

Cell 0x36 : standard, sig=199
----------------------------------------------------------------
****************************************
Descriptor = 0x97970588 WP = 0xAD1D

Processing time  134.438 seconds

Writing MultiKey Registry file...
now put reg file and install multikey 18.1 , install , detect hardware , all ok but......

y test soft , "error no dongle" ???
y test pva 3.3 for test dump and all ok, and no detect dongle LOL ?
i try with other dump, no dump ??? ,
test usbsearch , detect dongle sentinel ultrapro its ok
other test, edgehasp option sentinel . dump and ok

as possible?
possible solution?
thanks
Reply With Quote
  #2  
Old 11-12-2009, 06:33 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

There is no public emulator for UltraPro

Git
Reply With Quote
  #3  
Old 11-12-2009, 07:57 AM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default

ok, again ultrapro

thanks
Reply With Quote
  #4  
Old 11-12-2009, 08:40 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

I don't know for sure, you said it was UltraPro. You also said UsbDSearch said it was UltraPro, but as far as I know, UsbDSearch uses the PID and VID to find out the dongle type, and the PID and VID are the same for SuperPro and UltraPro. So I don't know how it can tell the difference.

I will take a look at the dump if you want.

Git
Reply With Quote
  #5  
Old 11-12-2009, 10:25 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

@ Git - Let us preassume that people dump their Sentinel SuperPro dongle with pva 3.3 dumper (Brute WP option-UNSELECTED).

Could you explain how we can identify the dongle is sspro or ultrapro from the pva3.3-dumped files ?
Reply With Quote
  #6  
Old 11-12-2009, 10:57 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Well theoretically, it should fail, as it is a superpro dumper, not an ultrapro dumper. In practice, I don't know what it does. There are several tricks it could use, for example calling GetKeyInfoEx and analysing returned info.

If you have in your hand a 64 cell dump in PVA format, all access codes are 0, 1, 2 or 3, then I know of no way to tell if it came from ultrapro or superpro, but there is a good chance it is superpro. If some of the access codes are bigger than 3, or if cell 7 is not 0, then there is more chance it is an ultrapro. Only the author can properly answer the question. Maybe pivasik has something to add.

For my own dumper, I exit with an error code if I find an ultrapro, because it is a superpro dumper.

Git
Reply With Quote
  #7  
Old 11-12-2009, 04:35 PM
pivasik pivasik is offline
Senior Member
 
Join Date: Dec 2007
Posts: 305
Default

Ok, some notes on PVA 3.3.
At first, the sources has been moved to public more than year ago. So, everybody may take a look and find that tool use old SuperPro API. UltraPro can be dumped using SuperPro API because it is almost the same key. If UltraPro has more than 64 cells only first 64 cells will be dumped.
If you want to dump full UltraPro memory, you may use the latest SuperPro/UltraPro dumper from http://nodongle.biz/files/supapi.zip

Using this tool you may check type of your key SSP/ULP and memory size.

2 topic starter: your key is SuperPro (99.9%) because at least 1 algo has been solved.
Reply With Quote
  #8  
Old 11-12-2009, 04:58 PM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default

Quote:
Originally Posted by pivasik View Post
.......

2 topic starter: your key is SuperPro (99.9%) because at least 1 algo has been solved.

ok thanks, i download ,


I have tried with same results f1_nodongle + ssp2reg

today tried with spapi

Last edited by gus : 11-13-2009 at 05:21 AM. Reason: upload post
Reply With Quote
  #9  
Old 11-13-2009, 05:44 AM
SonofabiT SonofabiT is offline
Senior Member
 
Join Date: Dec 2008
Posts: 351
Default

Quote:
Originally Posted by pivasik View Post
2 topic starter: your key is SuperPro (99.9%) because at least 1 algo has been solved.
@ pivasik - Agree ! The dongle is Sentinel Super Pro but it has cell more than 64. I wonder the dongle is Sentinel SuperPro XM.

Quote:
Originally Posted by gus View Post
i dump sentinel dongle but show this :
Cell 0x0C not solved
@ gus - I think it's depend upon the solver that you used. The dmp2mkey v2.3 did NOT solve the cell 0x0C and cell 0x1C, consequently dmp2mkey.exe copy 0x0000 to these two cells in your reg. See below :

1. dmp2mkey.exe ver 2.3
Code:
C:\solver\dmp2mkey.exe spro_RNBO_SPN_DRIVER_ea6e_0.dmp
Number of Query Cells = 13
0x08 0x0A 0x0C 0x0E 0x1C 0x1E 0x20 0x22 0x24 0x26 0x30 0x34 0x36

DevID = 0xEA6E
....
Cell 0x0C : standard, sig=251
*******-***********-**********************************-*********
Cell 0x0C not solved
....
Cell 0x1C : standard, sig=179
******-*********************************************************
Cell 0x1C not solved
....
********--------********--------********--------********--------
Descriptor = 0x97970588 WP = 0xAD1D

Processing time  700.187 seconds

Writing MultiKey Registry file...
Meanwhile, tch2000's f1_nodongle.exe solver has been solved the cell0x0C=cell0x0D=0x8674 and cell0x1C=cell0x1D=0x8674. See below :

2. f1_nodongle.exe
Code:
C:\solver\f1_nodongle.exe spro_RNBO_SPN_DRIVER_ea6e_0.dmp
 13 algo:
08 0a 0c 0e 1c 1e 20 22 24 26 30 34 36
 ....
 cell 0c std. algo  Cell_0c = 8674 Cell_0d = dee4 WP = 0008
 ....
 cell 1c std. algo  Cell_1c = 8674 Cell_1d = dee4 WP = 0008
 ....
 file ea6e.ssp is created. Press any key.
I sugest you to convert the ssp file which is generated by tch2000's solver and then try to find a suitable emualator. As i know, the multikey emulator from ver 0.16.0.1-0.18.1.0 could NOT emulate the Sentine Super Pro dongle which has cell more than 64.

Refers to tch2000's solver, basicly try to use the following reg entries :
Code:
"sntMemory"=hex:\
..,..,6E,EA,00,00,00,00,1D,AD,00,00,4A,94,00,00,\
A4,63,C3,D4,74,06,E4,DE,74,86,E4,DE,00,00,00,00,\
CA,CB,CE,CF,CB,FF,FF,FF,4B,69,00,00,00,00,00,00,\
02,00,00,00,00,00,02,00,74,86,E4,DE,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
84,6D,D4,23,BE,44,44,44,35,33,00,38,93,8A,69,47,\
00,00,00,00,01,00,C8,00,BF,68,3B,F1,88,05,97,97,\
63,00,63,00,63,00,63,00,00,01,00,01,00,01,00,01
The possible solutions are :
1. Wait until the future release of multikey able to emulate sspro dongle which has cells more than 64 such as SuperPro XM.
2. Get WinDDK and do something with vusbbus source code. But i don't know yet how to do it.
3. Ask gamebit in order to public his emulator.
4. Or..........
Reply With Quote
  #10  
Old 11-13-2009, 05:51 AM
gus gus is offline
Senior Member
 
Join Date: Nov 2007
Posts: 331
Default

ok, i dump with spapi

file 341 Kb
dump with SPAPI:
LOL 256 CELLs

Code:
010101010101010103030303030303030101010100000000010303020303030303030303030303030101010101010000030302020303030302020202020202020101010101010101010101010101010101010101010101010101010101010101030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303...................
dump with pva 3.3
only 64 cells
Code:
01010303030303030303030303030303010101010000000001030302030303030303030303030303010101010101000003030202030303030202020202020202
any solver for spapi ??


i no read sonofabit, thanks for info

Last edited by gus : 11-13-2009 at 05:56 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.