Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-22-2013, 04:46 AM
alaa_982 alaa_982 is offline
Member
 
Join Date: Jun 2009
Posts: 33
Unhappy I DUMP THE DONGEL SENTINL BY edgespro11

ihave dongel safent >
dump it by edgespro11 >> *.dng
when i load file dump in SENTEMUL2007
okay



program aledari give me message key not found

why:????


file dng:


www.4shared.com/file/kpDdalB6/assa.html

PROGRAM FILE with file dump
www.4shared.com/rar/pk4_jcFS/edari1.html
Reply With Quote
  #2  
Old 05-22-2013, 06:16 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,276
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

on other forum you got reg-file. why you make cross-post for us?
read carefull about use multikey on x64 system - it done.
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 07-04-2013, 06:18 AM
alaa_982 alaa_982 is offline
Member
 
Join Date: Jun 2009
Posts: 33
Default any one help

how can convert this it to reg



TORO Sentinel Info File
DongleType=4
MemorySize=40
DesignID=0000
PartNumber=00000000
SerialNumber=00000000

0000,3 FEF6,1 ------ ------ ------ ------ ------ ------
------ ------ 0000,3 ------ ------ ------ ------ ------
------ ------ ------ ------ 0000,3 ------ ------ ------
------ ------ ------ ------ ------ ------ ------ ------
------ ------ ------ ------ ------ ------ ------ ------
------ ------ ------ 0000,2 0000,3 ------ ------ ------
------ ------ ------ ------ ------ ------ 0000,3 ------
0000,3 ------ ------ ------ ------ ------ ------ ------

PairsCount=19
00,4BF02B00,4BF02B00,F04B002B
00,B9F02B00,B9F02B00,F0B9002B
0A,FD5884F7,FD5884F7,58FDF784
14,4119DDCC,CF1414D4,14CFD414
14,809F6052,2D00368F,002D8F36
14,C9BA9ECB,84813A06,8184063A
14,F9F89ECB,25D96542,D9254265
2C,00000000,9B8C73BF,8C9BBF73
2C,D0F0A62C,9727A2D1,2797D1A2
36,7A38539D,F81F225F,1FF85F22
36,9E029ECB,723B424F,3B724F42
36,B980F841,579E2323,9E572323
36,CF5E9ECB,97000ED5,0097D50E
36,EFB49DCB,1607ED0B,07160BED
36,EFDE9DCB,43879323,87432393
38,07194789,40F3A05F,F3405FA0
38,90863CE2,8555F7DF,5585DFF7
38,B7C88601,9E2BEC81,2B9E81EC
38,C3B14CA5,B2E6A38F,E6B28FA3


dongel_info


In:> Initialize
Out:> Initialize

In:> FindFirstUnit DeveloperId=65270 (0xFEF6)
Out:> FindFirstUnit DeveloperId=0 (0x0) -> Status=0x0

In:> Read Address=48 (0x30)
Out:> Read Address=48 (0x30) -> Status=0x4
Data=77 (0x4D)

In:> Read Address=0 (0x0)
Out:> Read Address=0 (0x0) -> Status=0x0
Data=77 (0x4D)

In:> Query Address=0 (0x0)
Data=4BF02B00
Out:> Query Address=0 (0x0) -> Status=0x0
Response=4BF02B00
Response32=F04B002B

In:> Query Address=54 (0x36)
Data=B980F841
Out:> Query Address=54 (0x36) -> Status=0x0
Response=579E2323
Response32=9E572323

In:> Query Address=54 (0x36)
Data=7A38539D
Out:> Query Address=54 (0x36) -> Status=0x0
Response=F81F225F
Response32=1FF85F22

In:> Query Address=54 (0x36)
Data=EFDE9DCB
Out:> Query Address=54 (0x36) -> Status=0x0
Response=43879323
Response32=87432393

In:> Query Address=54 (0x36)
Data=EFB49DCB
Out:> Query Address=54 (0x36) -> Status=0x0
Response=1607ED0B
Response32=7160BED

In:> Query Address=54 (0x36)
Data=CF5E9ECB
Out:> Query Address=54 (0x36) -> Status=0x0
Response=97000ED5
Response32=97D50E

In:> Query Address=54 (0x36)
Data=CF5E9ECB
Out:> Query Address=54 (0x36) -> Status=0x0
Response=97000ED5
Response32=97D50E

In:> Query Address=54 (0x36)
Data=9E029ECB
Out:> Query Address=54 (0x36) -> Status=0x0
Response=723B424F
Response32=3B724F42

In:> Initialize
Out:> Initialize

In:> FindFirstUnit DeveloperId=65270 (0xFEF6)
Out:> FindFirstUnit DeveloperId=0 (0x0) -> Status=0x0

In:> Read Address=48 (0x30)
Out:> Read Address=48 (0x30) -> Status=0x4
Data=77 (0x4D)

In:> Read Address=0 (0x0)
Out:> Read Address=0 (0x0) -> Status=0x0
Data=77 (0x4D)

In:> Query Address=0 (0x0)
Data=4BF02B00
Out:> Query Address=0 (0x0) -> Status=0x0
Response=4BF02B00
Response32=F04B002B

In:> Query Address=20 (0x14)
Data=809F6052
Out:> Query Address=20 (0x14) -> Status=0x0
Response=2D00368F
Response32=2D8F36

In:> Query Address=20 (0x14)
Data=4119DDCC
Out:> Query Address=20 (0x14) -> Status=0x0
Response=CF1414D4
Response32=14CFD414

In:> Query Address=20 (0x14)
Data=F9F89ECB
Out:> Query Address=20 (0x14) -> Status=0x0
Response=25D96542
Response32=D9254265

In:> Query Address=20 (0x14)
Data=C9BA9ECB
Out:> Query Address=20 (0x14) -> Status=0x0
Response=84813A06
Response32=8184063A

In:> Initialize
Out:> Initialize

In:> FindFirstUnit DeveloperId=65270 (0xFEF6)
Out:> FindFirstUnit DeveloperId=0 (0x0) -> Status=0x0

In:> Read Address=48 (0x30)
Out:> Read Address=48 (0x30) -> Status=0x4
Data=77 (0x4D)

In:> Read Address=0 (0x0)
Out:> Read Address=0 (0x0) -> Status=0x0
Data=77 (0x4D)

In:> Query Address=0 (0x0)
Data=B9F02B00
Out:> Query Address=0 (0x0) -> Status=0x0
Response=B9F02B00
Response32=F0B9002B

In:> Query Address=56 (0x38)
Data=07194789
Out:> Query Address=56 (0x38) -> Status=0x0
Response=40F3A05F
Response32=F3405FA0

In:> Query Address=56 (0x38)
Data=C3B14CA5
Out:> Query Address=56 (0x38) -> Status=0x0
Response=B2E6A38F
Response32=E6B28FA3

In:> Initialize
Out:> Initialize

In:> FindFirstUnit DeveloperId=65270 (0xFEF6)
Out:> FindFirstUnit DeveloperId=0 (0x0) -> Status=0x0

In:> ExtendedRead Address=43 (0x2B)
Out:> ExtendedRead Address=43 (0x2B) -> Status=0x0
Data=0 (0x0),AccessCode=2

In:> Query Address=44 (0x2C)
Data=00000000
Out:> Query Address=44 (0x2C) -> Status=0x0
Response=9B8C73BF
Response32=8C9BBF73

In:> Query Address=44 (0x2C)
Data=D0F0A62C
Out:> Query Address=44 (0x2C) -> Status=0x0
Response=9727A2D1
Response32=2797D1A2

In:> Query Address=56 (0x38)
Data=B7C88601
Out:> Query Address=56 (0x38) -> Status=0x0
Response=9E2BEC81
Response32=2B9E81EC

In:> Query Address=56 (0x38)
Data=90863CE2
Out:> Query Address=56 (0x38) -> Status=0x0
Response=8555F7DF
Response32=5585DFF7

In:> Query Address=10 (0xA)
Data=FD5884F7
Out:> Query Address=10 (0xA) -> Status=0x0
Response=FD5884F7
Response32=58FDF784
Reply With Quote
  #4  
Old 07-04-2013, 05:14 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

SEARCH THE FORUM. As people keep telling you, all the info is here, just get off your butt and look for it.

Git
Reply With Quote
  #5  
Old 07-04-2013, 05:30 PM
Lomex Lomex is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Default

@GIT

I have a generell question on those Q/A values for the different cells.

What does it mean if there are "different" Q/A for "one" cell value.
Why is that and which one is the right one ?

Seen in the example above.
Reply With Quote
  #6  
Old 07-05-2013, 06:09 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,276
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

to TS: you dongle have one cell with inactive algo.
simple remove the sspro shell from main exe, next make patch like je/jne inside. it done.

Lomex, here not present a "different" Q/A for "one".
__________________
... Either you work well or you work much ....

Last edited by BfoX : 07-05-2013 at 06:13 AM.
Reply With Quote
  #7  
Old 07-05-2013, 06:14 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Both of them. There are billions of possible Q/A pair values for each cell. Behind the cell there is a mathematical function. Q is the input to the function and A is the resulting value of the function for that specific Q.

In the ideal world, we would know the mathematical function, then we wouldn't need to store any known Q/A pairs. For any Q that the program throws at it, the A will always be correct. If we do not know the function, all we can do is run the program ang log every Q and it's A that happen while the program runs. If we are lucky and the protection is badly implemented, then there is a finite number of Q/A pairs used by the program. So or emulator keeps a table of all those Q/A pairs known to the program. Whenever the emulator sees a specific Q, it outputs the corresponding A from the table.

In early Superpro, some clever people worked out the hand made weak encryption which was the function for the dongle, so we don't need to store Q/A pairs for it. That was cell type 1. Then they found the function for the more difficult encryption, cell type 3. For SHK, SRM, Ultrapro and later Superpro with cell type 7, proper AES encryption was used as the cell function so it is very difficult to use the function without knowing the AES key. So we have to use pairs of known Q/A values.

Can you see what a program author could do to make it virtually impossible to emulate using Q/A pairs?.

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.