Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 03-15-2011, 07:25 AM
30f4011 30f4011 is offline
Member
 
Join Date: Sep 2009
Posts: 9
Default Sentinel LM Vendor Information

Hi all,
How to find Vendor Information(Optional attributes) from sentinel RMS protected program?

--
BR
Reply With Quote
  #2  
Old 03-15-2011, 10:44 AM
yogi_saw yogi_saw is offline
Senior Member
 
Join Date: May 2009
Posts: 533
Default

Search for lsdecode106 in google dnload the utility u will get all info
__________________
"Don't backstab me, i have two eyes on my back..." saint DABANGG
Reply With Quote
  #3  
Old 03-16-2011, 12:37 AM
30f4011 30f4011 is offline
Member
 
Join Date: Sep 2009
Posts: 9
Default

Hi,

I have lsdecode106 and and I had used it to find vendor information from lic file.
But is it possible to find vendor information by reversing app?
Is there any function which takes vendor information as paramater?

--
BR
Reply With Quote
  #4  
Old 03-16-2011, 03:52 AM
pivasik pivasik is offline
Senior Member
 
Join Date: Dec 2007
Posts: 305
Default

Read manuals. Some functions get the parts of vendor info as parameters. But also there is secret parts used internally.
Reply With Quote
  #5  
Old 10-12-2012, 01:33 PM
stuart1974 stuart1974 is offline
Member
 
Join Date: Jul 2010
Posts: 43
Default

Hi,

Is there a possibility to get the secrets, what should we look for.

Thanks
Stuart
Reply With Quote
  #6  
Old 10-13-2012, 01:20 AM
zementmischer zementmischer is offline
Member
 
Join Date: Apr 2011
Location: Europe
Posts: 43
Default

RMS' secrets (a.k.a. challenge-response) are based on comparing the MD4 digest of the license secret to the MD4 digest inside your target. If you are lucky your target is based on the example code provided by SafeNet which means that the secrets are also stored as plain text inside the executable. But most of the time your target will only contain the MD4 digest of the secrets and not the secrets itself. In this case it's almost impossible to recover the plain secrets. You should analyze your target for any references to the MD4 algorithm (just search for known constants like 0x67452301, 0xefcdab89, 0x98badcfe and 0x10325476). These constants are used by MD4_init. From here you should be able to determine the MD4_update function. You'll probably find two (or more) MD4_init and MD4_update functions inside your target if the implementation is based on the example. Just make a dummy license with some arbitary secrets, set a bpx on all MD4_update functions and examine the stack on each hit. If you see anything else than your own secrets then you've found a candidate for a secret - if not, shit happens...
__________________
Real programmers don't comment their code.
If it was hard to write, it should be hard to read.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.