Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 04-15-2009, 05:46 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Jeez, I put error checking in to make sure it was a valid pva dump, but seem to have lost the 'else' clause that actually reports the error and exits!

Fixed dmp2mkey attached to first post in thread.

Git

Last edited by Git : 04-15-2009 at 05:50 PM.
Reply With Quote
  #12  
Old 04-16-2009, 12:21 AM
kiki kiki is offline
Senior Member
 
Join Date: Jun 2007
Posts: 186
Default

Thanks you Git!
Reply With Quote
  #13  
Old 04-16-2009, 09:42 AM
bybyby bybyby is offline
Member
 
Join Date: Nov 2008
Posts: 30
Default

An excellent work !!!
Great Git !!!!
many thx
Reply With Quote
  #14  
Old 04-16-2009, 10:22 AM
bybyby bybyby is offline
Member
 
Join Date: Nov 2008
Posts: 30
Red face

Dear Git:
I use your dmp2mkey v1.1 to convert a PVA V3.3 SuperPro dump to a registry file suitable for the MultiKey emulator,but when I lauch the program protected by the dongle, The reg file doesn't work. I compare the reg file with another one whick I made along with y8y8y8y8's method,I find some differents between these tow reg files as mentioned below:
Your dmp2mkey produced XXXX0000.reg file:
-------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\XXXX0000]
"DongleType"=dword:00000003
"Copyright"="Git"
"Created"="Thu Apr 16 21:41:47.656 2009"
"Name"="XXXX Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\
01,01,03,03,03,03,03,03,01,00,00,00,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,03,03,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"sntMemory"=hex:\
BF,51,B4,73,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,EE,64,93,7C,AC,F5,13,00,\
00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00
---------------------------------------------------
The reg file named XXXX.reg which I made along with y8y8y8y8's method
--------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ru-board\mulators\Dump\XXXX0000]
"Type"=dword:00000000
"DongleType"=dword:00000003
"Name"="Dump XXXX"
"sntMemory"=hex:\
BF,51,B4,73,00,00,00,00,08,00,00,00,99,CF,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,D7,28,FF,01,D4,87,09,C0,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CellType"=hex:\
01,01,03,03,03,03,03,03,01,00,00,00,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,03,03,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01

------------------------------------------------------------------------
I have tested the reg flie which I made along with y8y8y8y8's method worked pefectly,but you dmp2mkey v1.1 coverted reg file
doesn't work. I replaced the sntMemory content in dmp2mkey v1.1 coverted reg file with y8y8y8y8's method,and I find the MultiKey
dongle worked well.
Would you check this problem and tell me what's wrong with the dmp2mkey v1.1? Thank you!
sorry for my pool Englist
I can't upload my dmp file here, will you give me you e-mail and I'll sent it to you

Last edited by bybyby : 03-04-2010 at 07:40 AM.
Reply With Quote
  #15  
Old 04-16-2009, 11:46 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Upload the dump to rapidshare or similar and PM me the URL please. I should mention, I've used this program for a year or two now and not had any problems with it. All I have done recently is modify it's output to suit MultiKey and I have nor changed the cell data generation routines. A bug may have crept in though, so let me see your dump please.

Later.. I found the dump of 73B4 that I had, and it produces the same Reg file as it did 18 months ago :

O:\dmp2ssp\release>dmp2mkey 73B4.dmp

Number of Query Cells = 2
0x22 0x26

DevID = 0x73B4
Serial = 0x????
WP = 0x0000

Enhanced Algo on cell 0x22
*
Descriptor = 0xC04287D5 Cell6 = 0xCF99

Enhanced Algo on cell 0x26
*
Descriptor = 0xC05B87D6 Cell6 = 0xCF99

Processing time 2.031 seconds

Writing SSP file...

Writing MultiKey Registry file...


Git

Last edited by Git : 04-16-2009 at 02:02 PM.
Reply With Quote
  #16  
Old 04-16-2009, 06:20 PM
foffa foffa is offline
Senior Member
 
Join Date: Jul 2007
Location: %TEMP%
Posts: 344
Default

Master GIT

and as usual master piece
Reply With Quote
  #17  
Old 04-17-2009, 02:42 AM
bybyby bybyby is offline
Member
 
Join Date: Nov 2008
Posts: 30
Default

Git:
It is very interesting !!!
Today I run dmp2mkey11 on another PC with the same dmp file ,I found it produced another reg file which had differrent content.Just like mentioned below:
-
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\XXXX0000]
"DongleType"=dword:00000003
"Copyright"="Git"
"Created"="Fri Apr 17 14:20:38.78 2009"
"Name"="XXXX Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\
01,01,03,03,03,03,03,03,01,00,00,00,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,03,03,01,01,01,01,01,01,01,01,\
01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"sntMemory"=hex:\
BF,51,B4,73,00,00,00,00,00,00,00,00,99,CF,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,D7,28,FF,01,D4,87,09,C0,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
----------------------------------------------------------
I found it woked with the MultiKey. It seems that my orignal PC has some trouble. But I don't know the reason.
BTW I found there is a little difference between this reg file and my old reg file produced with f1_nodongle.exe.
Your regfile is :
---------------------------------------------------------
"sntMemory"=hex:\
BF,51,B4,73,00,00,00,00,00,00,00,00,99,CF,00,00,\
---------------------------------------------------------
While my old reg file is :
---------------------------------------------------------
"sntMemory"=hex:\
BF,51,B4,73,00,00,00,00,08,00,00,00,99,CF,00,00,\
---------------------------------------------------------
But they all worked with no problem.It seems very interesting!
Could anyone tell me the reason ???
Best Regards
Thank you Git

Last edited by bybyby : 03-04-2010 at 07:41 AM.
Reply With Quote
  #18  
Old 04-17-2009, 04:02 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,265
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

BF,51,B4,73,00,00,00,00,08,00,00,00,99,CF,00,00,

this data from PVA dumper, not from tools by Git...
__________________
... Either you work well or you work much ....
Reply With Quote
  #19  
Old 04-17-2009, 06:15 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Well the dump file you sent me gives :

Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\73B40000]
"DongleType"=dword:00000003
"Copyright"="Git"
"Created"="Fri Apr 17 10:55:07.3 2009"
"Name"="73B4 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\ 
    01,01,03,03,03,03,03,03,01,00,00,00,01,01,01,01,\ 
    01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,\ 
    01,01,01,01,01,01,03,03,01,01,01,01,01,01,01,01,\ 
    01,01,01,01,01,01,01,01,01,01,01,01,01,01,01,01
"sntMemory"=hex:\ 
    BF,51,B4,73,00,00,00,00,00,00,00,00,99,CF,00,00,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
    00,00,00,00,00,00,00,00,D7,28,FF,01,D4,87,09,C0,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
which I think is the same as you now get. Also, the other dump for this dongle from 2007 gives similar results. I am 99.999% sure dmp2mkey is not the source of your problem. The spurious 0x0008 for WP also seems strange, was that on your suspect PC ?.

Just for interest, your dump gives 1 enhanced algo but the 2007 dump I have gives 2 enhanced algos, cells 0x22 and 0x26, both with different Descriptor to the algo in your dump.

Git
Reply With Quote
  #20  
Old 06-19-2009, 09:36 PM
paulmarry paulmarry is offline
Member
 
Join Date: Feb 2009
Posts: 9
Default

I owe you for your services.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.