Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 02-12-2017, 06:55 PM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 16
Default SRM Help

Hi everyone.

I'm trying to backup my dongle SRM everything is OK except that I can't get the Vendor AES. and I can't dump the EXE file. it's always corrupted. the software name is t-r-i-m-b-l-e ____ b-u-s-i-n-e-s-s ____ c-e-n-t-e-r.

Please I need help to extract the vendor AES
Reply With Quote
  #2  
Old 02-12-2017, 10:36 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,197
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

He use new envelope with section name .AKS?
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 02-13-2017, 02:43 PM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 16
Default

Well I dumped the exe file with (Process Explorer) and scanned the file with VID Tool to extract the AES but I think the resault is encrypted as it didn't work.

Any help please or advice on how to extract the AES knowing the I've dumped the exe file successfully.
Reply With Quote
  #4  
Old 02-13-2017, 03:34 PM
Larry Larry is offline
Member
 
Join Date: Oct 2008
Posts: 23
Send a message via ICQ to Larry
Arrow

As I know, this software works via dynamic-link library hasp_windows_XXXXX.dll (XXXXX - the vendor's number). Look this file in the application's folder. But this file from the new Sentinel HL API and Vendor AES key is encrypted by whitebox AES. Unfortunately, I think that public solutions are not suitable for this protection.

Last edited by Larry : 02-13-2017 at 04:18 PM.
Reply With Quote
  #5  
Old 02-13-2017, 04:26 PM
mhafez mhafez is offline
Member
 
Join Date: Feb 2010
Posts: 16
Default

it's not a public solution. I just got the emulator that was published on lavteam.net and i got the dumper from the dongle author which is working perfectly with the emulator except for getting the vendor AES.
Reply With Quote
  #6  
Old 02-14-2017, 05:54 AM
nodongle nodongle is offline
Senior Member
 
Join Date: Oct 2007
Posts: 290
Default

TBC new versions have 2-layer protection:
1. using wbaes hasp_windows dll + checking hash of the dll
2. checking hasp key via internal query/answer tables

It can be easily bypassed by correct emulator
__________________
nodongle.biz
Reply With Quote
  #7  
Old 02-15-2017, 12:52 PM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 256
Exclamation

Redirect crc check to original vendor dll. And if tables inside you need do and put in emulator.
That's all.

Lavteam full of copy cat cheaters....
__________________
dongle backup

Last edited by user1 : 02-15-2017 at 01:20 PM. Reason: lavteam
Reply With Quote
  #8  
Old 12-04-2017, 03:11 PM
P@blo P@blo is offline
Member
 
Join Date: Jan 2009
Posts: 45
Default

Hello!
nodongle:
Can You explain what is "checking hash of the dll"?
What will be wrong when I remove .protect section and reconstract IAT&reloc (only import, export is correct).
I didn't find hasp_windows dll in my folder, it's CPM.
My dll don't work after reconstraction. Now it change other dll...
Thanks!
Reply With Quote
  #9  
Old 12-05-2017, 03:03 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 256
Exclamation

if have dongle solution is 100% possible, not public free available.
__________________
dongle backup
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.