Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 01-24-2008, 02:47 AM
benito benito is offline
Senior Member
 
Join Date: Jul 2007
Posts: 685
Default

no, it works on each computer
Reply With Quote
  #12  
Old 01-24-2008, 02:27 PM
fejkus fejkus is offline
Member
 
Join Date: Dec 2007
Posts: 46
Default sentinel emulation

i tried vusb emulator and it worked fine.
i have drivers 7.4.x

no problem at all, but i must say, that i have about one year old keys.
Reply With Quote
  #13  
Old 01-25-2008, 06:08 PM
y8y8y8y y8y8y8y is offline
Senior Member
 
Join Date: Sep 2007
Posts: 210
Default

Quote:
Originally Posted by fejkus View Post
i tried vusb emulator and it worked fine.
i have drivers 7.4.x

no problem at all, but i must say, that i have about one year old keys.
did you manage to emulate sentinel with algo?
Reply With Quote
  #14  
Old 01-25-2008, 07:28 PM
fejkus fejkus is offline
Member
 
Join Date: Dec 2007
Posts: 46
Default

Quote:
Originally Posted by y8y8y8y View Post
did you manage to emulate sentinel with algo?
yes, one key is with algo.
Reply With Quote
  #15  
Old 01-26-2008, 07:06 AM
y8y8y8y y8y8y8y is offline
Senior Member
 
Join Date: Sep 2007
Posts: 210
Default

hi,
I dumped and solved dump with "f1_nodongle" tool. Now I have SSP file, how can I convert it to REG to use with vusb emulator ?
10x
Reply With Quote
  #16  
Old 01-26-2008, 10:43 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Get a text editor and make your own reg file. There are plenty of examples to look at. Make sure DongleType and Type are set as below, and the registry entry name ends with the dongle ID and 4 zeros. For example, Dongle ID 45C6 would be 45C60000

"DongleType"=dword:00000003
"Type"=dword:00000000

That leaves "sntMemory" and "CellType".

CellType is an array of 64 bytes, 1 per cell, which denotes the access rights to that cells data. It is set to 0, 1, 2 or 3. You can find those 64 bytes starting at offset 8 in the SSP file.

sntMemory is an array of 64 WORDs (a WORD is a 16 bit value, ie made of 2 bytes). Each WORD represents the data stored in that cell (starting at cell 0 and ending at cell 63).

Cell 0 contains the Serial number of the dongle.
Cell 1 contains the Developer ID of the dongle. (The dongle ID)
Cell 4 *should* contain the Write Password.
Cells 8 to 63 can contain data, counters, Algorithms, passwords..

This array starts at offset 72 (0x48) of the SSP file.

So, get yourself HexWorkshop and NotePad and help yourself. You may have to experiment with the 'endianism' of the two bytes that make up a 16bit WORD, ie which way round they are.

Git
Reply With Quote
  #17  
Old 01-26-2008, 01:48 PM
fejkus fejkus is offline
Member
 
Join Date: Dec 2007
Posts: 46
Default

Quote:
Originally Posted by Git View Post
Get a text editor and make your own reg file. There are plenty of examples to look at. Make sure DongleType and Type are set as below, and the registry entry name ends with the dongle ID and 4 zeros. For example, Dongle ID 45C6 would be 45C60000

"DongleType"=dword:00000003
"Type"=dword:00000000

That leaves "sntMemory" and "CellType".

CellType is an array of 64 bytes, 1 per cell, which denotes the access rights to that cells data. It is set to 0, 1, 2 or 3. You can find those 64 bytes starting at offset 8 in the SSP file.

sntMemory is an array of 64 WORDs (a WORD is a 16 bit value, ie made of 2 bytes). Each WORD represents the data stored in that cell (starting at cell 0 and ending at cell 63).

Cell 0 contains the Serial number of the dongle.
Cell 1 contains the Developer ID of the dongle. (The dongle ID)
Cell 4 *should* contain the Write Password.
Cells 8 to 63 can contain data, counters, Algorithms, passwords..

This array starts at offset 72 (0x48) of the SSP file.

So, get yourself HexWorkshop and NotePad and help yourself. You may have to experiment with the 'endianism' of the two bytes that make up a 16bit WORD, ie which way round they are.

Git
thank you Git for explanation. i check immediately my reg files.
where did you learn it.
some my ssp files has over 100 kb.
Reply With Quote
  #18  
Old 01-26-2008, 01:55 PM
y8y8y8y y8y8y8y is offline
Senior Member
 
Join Date: Sep 2007
Posts: 210
Default

Quote:
Originally Posted by Git View Post
Get a text editor and make your own reg file. There are plenty of examples to look at. Make sure DongleType and Type are set as below, and the registry entry name ends with the dongle ID and 4 zeros. For example, Dongle ID 45C6 would be 45C60000

"DongleType"=dword:00000003
"Type"=dword:00000000

That leaves "sntMemory" and "CellType".

CellType is an array of 64 bytes, 1 per cell, which denotes the access rights to that cells data. It is set to 0, 1, 2 or 3. You can find those 64 bytes starting at offset 8 in the SSP file.

sntMemory is an array of 64 WORDs (a WORD is a 16 bit value, ie made of 2 bytes). Each WORD represents the data stored in that cell (starting at cell 0 and ending at cell 63).

Cell 0 contains the Serial number of the dongle.
Cell 1 contains the Developer ID of the dongle. (The dongle ID)
Cell 4 *should* contain the Write Password.
Cells 8 to 63 can contain data, counters, Algorithms, passwords..

This array starts at offset 72 (0x48) of the SSP file.

So, get yourself HexWorkshop and NotePad and help yourself. You may have to experiment with the 'endianism' of the two bytes that make up a 16bit WORD, ie which way round they are.

Git
Util "UniDumpToReg" do exactly this. As I understand the algos startes later in SSP file, in my I see at offset A8CAh (43210) some data. I see more data later, 4 blocks of it with 700h lenth each. While solving dump I know there is 4 algos in the dongle. How can I create those algon in REG file, I didn't find any examples for it. I will realy appreciateif you can send me one REG and SSP with algos for example.
Reply With Quote
  #19  
Old 01-26-2008, 04:14 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

UniDumpToReg" will do it, but if you follow the thread that is going on at the momenet, it's output is in the wrong format and does not work.

As for the SSP file and Algos, all (100%) of the information you need is in those two arrays I pointed you to. The 700h long blocks (1 per algo) are needed only by the Safekey emulator. Rather than risk putting the true algorithm in the emulator, they put an obfurscated version of the algorithm in the emulator which uses extended information from the SSP file to unobfurscate the algorithm information. You can ignore it.

Git
Reply With Quote
  #20  
Old 01-26-2008, 05:40 PM
y8y8y8y y8y8y8y is offline
Senior Member
 
Join Date: Sep 2007
Posts: 210
Default

10x, finaly I manage to emulate this dongle. 10x again to all who helped and to this board !
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.