Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 01-22-2012, 03:29 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

zement - I was not looking at MK at that level of detail, I don't use it. The point I was and still am trying to make is that the format of explicit Q/R pairs *changed* in MK reg data around 18.1, so without knowing what version is in use we can't advise.

asch - read the *correct* manual for your version of MK. If you get the reg file right it will work.

Git
Reply With Quote
  #12  
Old 01-22-2012, 03:31 PM
asch75 asch75 is offline
Member
 
Join Date: Sep 2010
Posts: 12
Default

First, thanks for trying to help me; and sorry about my poor english.

-Git, I readed the manual.
-zementmischer, I tried your syntax ""CAFEBABEDEADBEEF"=hex: FA,CE,FE,ED,FE,E1,DE,AD,8B,AD,F0,0D,DE,AD,FA,11" with my q/a data with no luck.

Changed "Type"=dword:00000000; with 1 the sentinel monitor didn't show q/a.

I think the q/a table syntax is not clear; maybe is not supported.

My cell: 0A
My lenght: 04
My querie: 8D,C0,97,0F
My answer: 3A,B2,C9,18

Nobody has a Sentinel Superpro Multikey REG file example with q/a?
Reply With Quote
  #13  
Old 01-22-2012, 07:55 PM
zementmischer zementmischer is offline
Member
 
Join Date: Apr 2011
Location: Europe
Posts: 43
Default

I think I've solved the riddle of SSPro q/a tables...
And RTFM didn't helped much in this case!

First of all, I've used MK 18.2.2 - other versions might behave differently.

As mentioned in my previous post you need to set "Type" to dword:00000001
Make sure that all AES algorithm descriptors (cells with access code '07,03') are enabled. This can be done by setting these memory cells to 'FF,FF,FF,FF'.
You'll also need to change all cell types from '07' to '03' because MK 18.2.2 doesn't know how to handle those access codes.

Here's a working example:
Code:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\00003971]
"Name"="3971 MK 18.2.2 q/a table test"
"CopyLeft"="zementmischer"
"DongleType"=dword:00000003
"Type"=dword:00000001
"Option"=hex:02,00,03,80,7F,00,00,00
"sntMemory"=hex:\
5C,01,71,39,00,00,4C,CE,F8,BD,00,00,00,00,08,00,\
FF,07,00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,\
FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,80,FA,10,2A,\
48,EB,39,2A,FF,FF,FF,FF,8C,FF,26,2B,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,04,5F,F0,70,\
01,01,00,00,01,01,00,00,01,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CellType"=hex:\
01,01,03,03,03,01,03,01,\
00,00,03,03,03,03,03,03,\
03,03,03,03,03,03,03,03,\
03,03,03,03,03,03,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\MultiKey\Dumps\00003971\cell_0a]
"8DC0970F"=hex:3A,B2,C9,18
The query '8DC0970F' on cell 0Ah will now return the correct value '3AB2C918' - any other query value on this cell will be handled by the 'enhanced' algorithm descriptor 'FFFFFFFF' (tested with sproeval)
__________________
Real programmers don't comment their code.
If it was hard to write, it should be hard to read.

Last edited by zementmischer : 01-22-2012 at 08:04 PM.
Reply With Quote
  #14  
Old 01-23-2012, 03:51 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Hi zementmischer thanks for idea....
@asch75 i was right from ur 1st post u r mixing up two emulators.
Can u share monitor by chinadragon i dont hv tat pls.
Pls chk zementmischer's reg if tat dont work i would lik to chk ur 1mb module. Pls post if zement's reg work
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
  #15  
Old 01-23-2012, 09:43 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,249
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

5C,01,71,39,00,00,4C,CE,F8,BD,00,00,00,00,08,00,\
what is? OWP2?
__________________
... Either you work well or you work much ....
Reply With Quote
  #16  
Old 01-23-2012, 09:52 PM
asch75 asch75 is offline
Member
 
Join Date: Sep 2010
Posts: 12
Default

[Please DO NOT reply to yourself, use the Edit button to edit your post]

Hi zementmischer... It works!
Now all the q/a are handled ok. thanksthanksthanks!

Link to chinadragon monitor (be aware; running it directly on Virtualbox XP hangs the computer; but running it throught guest addon network runs perfect).
http://www.fileserve.com/file/3DvW3eF/ssm.rar

zementmischer; another question. I searched the forum and read a lot about the Wysiwyg R22 problems.
¿Can you take a look at the reg file? It's a ZIP file attached used with Sentemul2007.
¿What do you think about the first Security line?
"Security"=hex:42,1F,C5,F5,0F,69,73,6B,F4,B2,70,72 ,19,1E,BD,6A,43,38,C6,E7,0D,9B,20,1A,27,2D,1D,A4,1 2,2C,AC,AD,8B,BC,0E,2B,5C,74,41,C7,5C,18,FE,F9,10, 90,BF,44,5E,EF,F1,E5,40,C8,EE,2E,6A,21,E3,BA,D6,F9 ,DC,0A,

Thanks,
Attached Files
File Type: zip dongle.zip (14.1 KB, 72 views)

Last edited by Git : 01-24-2012 at 08:18 AM.
Reply With Quote
  #17  
Old 01-24-2012, 02:06 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Hi gr8 work thanks to zementmischer
btw can u pls attach chinadragons monitor here pls
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
  #18  
Old 02-04-2012, 04:27 PM
bolota bolota is offline
Senior Member
 
Join Date: May 2008
Posts: 128
Default

for all

If someone have multikey version 17.1.0, please share.
thanks
bolota
Reply With Quote
  #19  
Old 02-04-2012, 11:18 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

@bolota version 17.0 here

Last edited by kjms : 02-04-2012 at 11:20 PM.
Reply With Quote
  #20  
Old 02-05-2012, 07:11 AM
user1 user1 is offline
Senior Member
 
Join Date: Jun 2011
Posts: 324
Smile ?

Can you explain why your files look very suspicious?

ssm.rar

https://www.virustotal.com/file/bc1b...is/1328439961/
Attached Files
File Type: zip Antivirus scan for at UTC - VirusTotal.zip (63.9 KB, 13 views)

Last edited by user1 : 02-05-2012 at 07:13 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.