Sentinel vUSB Emulator How-To - Page 46

ravi_scolomin · #**451** 12-23-2010, 05:16 PM

i dumped with safedum.exe, used dump2mkey.exe to create *.reg file. the virtual driver installs with multikey. but when i run program it says do dongle found.

Please somebody advice me.

the reg file is as follows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\67F60000]
"DongleType"=dword:00000003
"Copyright"="None"
"Created"="Fri Dec 24 01:14:16.253 2010"
"Name"="67F6 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\
01,01,03,03,03,03,03,03,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,01,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"sntMemory"=hex:\
E9,12,F6,67,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,63,61,61,73,00,00,E9,21,70,6F,\
34,32,31,38,33,30,28,31,61,38,2C,30,68,66,7B,78,\
A0,77,DE,55,72,6A,26,6B,5E,79,FD,3E,7F,79,9E,93

crab · #**452** 12-24-2010, 05:21 AM

did you try to correct sintax ?
here is new mk format

Code:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\000067F6]
"DongleType"=dword:00000003
"Copyright"="None"
"Created"="Fri Dec 24 01:14:16.253 2010"
"Name"="67F6 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\ 
01,01,03,03,03,01,03,01,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,01,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00
"sntMemory"=hex:\ 
E9,12,F6,67,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,63,61,61,73,00,00,E9,21,70,6F,\ 
34,32,31,38,33,30,28,31,61,38,2C,30,68,66,7B,78,\ 
A0,77,DE,55,72,6A,26,6B,5E,79,FD,3E,7F,79,9E,93

notmebug · #**453** 12-25-2010, 11:41 AM

Quote:

Originally Posted by pfonseca

Ok finally, it is done.

Here is a small manual for beginners and if you lose come hither look

1-run "sprodmp.exe".
2-make a new file "spro_RNBO_SPN_DRIVER_xxed_0.dmp"
3-run the file "dmp2mkey.exe" to get a *.reg file.
5-change :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\xxxxxxxx]
to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ru-board\mulators\Dump\xxxxxxxx]
6-and then run the "install.bat" from "Sentinel_vUSB_Emulator"

http://www.2shared.com/file/NvbtOP0z/ALL_IN_ONE.html
Password=ru-board

Regards
Pfonseca

Thanks to pfonseca, effective soft available! (Test XP sp3 x86 and Sentinel Protection Installer 7.4.0.)

steve_rb · #**454** 01-05-2011, 07:54 AM

above link is infected. It is trying to install "WhiteSmokeWriterGeo5002_en.exe" file.

Staffer · #**455** 01-06-2011, 05:43 PM

Hi,

I just recently succesfully emulated a superpro dongle with the instructions in this thread (big thanks to the OP and all the makers of the associated SW). (Seeing what was inside the dongle helped me to break the encryption of the serial file associated with the dongle in question.)

However there are two things that bother me:

1st:

Long version: I made the dongle emulation and reverse engineering on a virtual machine (win7) that was connected to the internet at the time. It was a fresh install and at first I didn't have a 3rd party firewall installed. When later I installed a firewall I noticed that the sentinel software (don't remember if it was an userland proggie or the sentinel driver itself) wanted to connect back to safenet servers. That got me worrying whether the sentinel software is trying to send back some usage statistics/dongle related data or if it's just an innocent update check or something like that. I haven't yet been able to catch the connection with a packet sniffer so I don't really know what is inside or even if it's an encrypted transmission or not. The issue is rather delicate since the dongle is associated with a company I work for and... I quess you catch my drift..

Long story short: Should I be worried about any personal/dongle-related information leaking thorugh the sentinel drivers? Is there a feature in Sentinel Super Pro that'd make this possible? The target software itself doesn't worry me: it hasn't requested internet access even once after I installed the firewall. Oh, and the sentinel software package version in question is 7.5.1, IIRC.

2nd: Sorry for bumbing up such an old thread but I didn't feel my issue was worth a new thread: better to keep all the information in one place.

OT: It's my first post here. I hope I don't brake too many rules...

Even more OT: I haven't really been doing any reverse engineering in a while: barely remembered the thrill of all-nighters.

So, I'm really looking forward to learning more about the principles HAPSs work on.

Bonzo · #**456** 01-13-2011, 04:33 PM

I have followed the instructions as explained by Y8Y8Y8Y.
When I get to step 2 where is the XXXX.SSP file stored? In step 3 the drop down only allows me to select the original dump and at this point the "Safekey ssp option is greyed out. Please advise. The original dump file is titled;spro_RNBO_SPN_DRIVER_467b_0.dmp

BfoX · #**457** 01-14-2011, 11:09 AM

show spro_RNBO_SPN_DRIVER_467b_0.dmp

Bonzo · #**458** 01-14-2011, 07:19 PM

Hope this helps

http://www.megaupload.com/?d=2NXUNZ3U

Bonzo · #**459** 01-15-2011, 11:06 AM

I tried a few times to attach the link and it never showed up as being posted.

megaupload.com/?d=2NXUNZ3U

BfoX · #**460** 01-15-2011, 12:51 PM

he have only memory...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode