Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #21  
Old 09-05-2012, 07:32 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

The is no such thing as a SuperPro with 128 customer cells. What does sentinel medic say about it?

Git
Reply With Quote
  #22  
Old 09-05-2012, 08:25 AM
zementmischer zementmischer is offline
Member
 
Join Date: Apr 2011
Location: Europe
Posts: 43
Default

The cells may not be accessible using Rainbow's official API - but almost all SSP USB dongles contain additional 64 cells which hold some values as well as an algorithm descriptor. These cells are probably used for configuration purposes.
I've never tried to write anything to these cells using the low-level API so I can't say if it's possible or not...

@tiduskg:
What version of the Sentinel Protection Installer did you have installed?
The error message indicates that either RNBOsproInitialize or RNBOsproGetVersion have failed (my posted version depends on SDK 7.1.0 - but the source code also contains SDK 6.6.0 and 7.0.0)
__________________
Real programmers don't comment their code.
If it was hard to write, it should be hard to read.

Last edited by zementmischer : 09-05-2012 at 08:34 AM.
Reply With Quote
  #23  
Old 09-05-2012, 08:40 AM
tiduskg tiduskg is offline
Member
 
Join Date: Jan 2009
Posts: 10
Default

Sentinel medic report it is SuperPro.
I dumped this dongle with Git's tool and this is the report:
Quote:
Key family is = SuperPro
Key form is = USB
Key has = 64 cells
serverName = 0
serverIPAddress = 0
serverIPXAddress = 0
version = 7.6.0
protocol = NONE
devId = 0x0731
serialNum = 0x****
capabilities = SP_CAPS_AES_ALGO
capabilities = SP_CAPS_PASSWORD_COUNTER

****!! DO NOT BRUTEFORCE WP !!****

capabilities = SP_CAPS_SECURE_TUNNEL
capabilities = SP_CAPS_DISABLE_DEVICE_SHARING
hardLimit = 1
inUse = 0
numTimeOut = 0
highestUse = 0
subLicLimit = 0
subLicInUse = 0


Processing dongle 0731
Finding cell data...
Found 0 Query cells
WorkingWriting dump file RNBO_0731.dmp
I also try Toro logger 2.01, but it can't monitor any thing except "KeyType=7 -> ULP USB"?

I still don't understand, maybe this dongle is Sentinel Dual Hardware Key?

Thank.
Reply With Quote
  #24  
Old 09-05-2012, 05:39 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

> The cells may not be accessible using Rainbow's official API

Specifically why I said customer cells.

Git
Reply With Quote
  #25  
Old 09-06-2012, 09:48 AM
tiduskg tiduskg is offline
Member
 
Join Date: Jan 2009
Posts: 10
Default

Here is usb bus trace that I can't explain:
Quote:
24.0 IN 1a 03 55 00 53 00 42 00 20 00 55 00 6c 00 74 00 ..U.S.B. .U.l.t. 2.2.0
72 00 61 00 50 00 72 00 6f 00 r.a.P.r.o. 2.2.16
This information show that my key is UltraPro but with all other dumper only report it only SuperPro?
I don't understand?
Reply With Quote
  #26  
Old 10-03-2012, 07:40 PM
jabrix jabrix is offline
Senior Member
 
Join Date: Aug 2009
Location: JKT
Posts: 136
Send a message via MSN to jabrix Send a message via Yahoo to jabrix
Default

Want to thank for this.

With spro PVA, I only get 1 cell dump & solve, but with this I can dump & solve 2 cell.

Still reg not working, the question is :
1. from picture below, it show that key info is different, emu 0400-A703, dongle 0002-8003.
2. emu 64 cells, dongle & dump 128 cells.

how to solve this?
I have 2 dongles, which this dongle already expire [06,03,DC,07]

Quote:
[ REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\0000XXXX]
"Created"="Fri Oct 02 12:32:23 2009"
"DongleType"=dword:00000003
"Type"=dword:00000000
"Option"=hex:02,00,03,80,7F,00,00,00
"CellType"=hex:\
01,01,03,03,03,01,03,01,\
03,03,00,00,00,00,00,00,\
00,00,00,00,01,00,00,01,\
00,00,01,00,00,01,00,00,\
00,00,00,00,00,00,00,00,\
00,01,00,00,00,00,00,00,\
00,00,01,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
03,03,01,01,01,00,00,00
"sntMemory"=hex:\
XX,XX,FF,FF,00,00,00,00,EF,5D,00,00,DE,59,00,00,\
31,FA,A0,F0,00,00,00,00,A8,53,00,00,A8,53,00,00,\
A8,53,00,00,AA,53,00,00,01,00,06,03,DC,07,01,00,\
06,03,DC,07,01,00,06,03,DC,07,01,00,06,03,DC,07,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,06,03,DC,07,00,00,00,00,00,00,00,00,\
00,00,00,00,01,00,06,03,DC,07,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
04,41,13,D4,80,90,2D,13,00,00,00,00,00,00,00,00

Last edited by jabrix : 10-03-2012 at 07:56 PM.
Reply With Quote
  #27  
Old 10-03-2012, 10:04 PM
kjms kjms is offline
Senior Member
 
Join Date: Aug 2009
Posts: 337
Default

read mkey manual Sentinel-Spro new "Type"=dword:00000001
Reply With Quote
  #28  
Old 10-03-2012, 11:04 PM
jabrix jabrix is offline
Senior Member
 
Join Date: Aug 2009
Location: JKT
Posts: 136
Send a message via MSN to jabrix Send a message via Yahoo to jabrix
Default

@kjms : not working. lock not found.
this soft need install with dongle pluged.
and only work with dongle which we use when installation.
Reply With Quote
  #29  
Old 10-04-2012, 02:30 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,263
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

the software is fire your emulator =)
__________________
... Either you work well or you work much ....
Reply With Quote
  #30  
Old 11-15-2012, 04:54 AM
georgechou georgechou is offline
Member
 
Join Date: Sep 2009
Posts: 4
Default

when i dump a key and solve then i found the error message, can anyone help me to solve this ?

"Failed to solve cell 2Eh (46)"

14:50:39 [Solver - Notification] Start solving 2 algorithm descriptors
14:50:39 [Solver - Info] 24 solver threads started
14:50:40 [Solver - Info] Standard algorithm cell 2Eh (46) - sig = 102h (258)
14:51:35 [Solver - Warning] Failed to solve cell 2Eh (46)
14:51:35 [Solver - Info] Enhanced algorithm cell 78h (120) - sig = 3DB4h (15796)
14:51:36 [Solver - Info] Solved cell 78h (120) - Descriptor = C3CC2D73h - C6 = 2A6Fh
14:51:36 [Solver - Info] 24 solver threads closed
14:51:36 [Solver - Info] Finished
https://www.dropbox.com/s/1zeb1dsaae...VER_e1fc_0.dmp

Last edited by georgechou : 11-16-2012 at 05:05 AM. Reason: add link
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.