Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #451  
Old 12-23-2010, 05:16 PM
ravi_scolomin ravi_scolomin is offline
Junior Member
 
Join Date: Nov 2008
Posts: 4
Default

i dumped with safedum.exe, used dump2mkey.exe to create *.reg file. the virtual driver installs with multikey. but when i run program it says do dongle found.

Please somebody advice me.

the reg file is as follows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\67F60000]
"DongleType"=dword:00000003
"Copyright"="None"
"Created"="Fri Dec 24 01:14:16.253 2010"
"Name"="67F6 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\
01,01,03,03,03,03,03,03,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,01,00,00,\
00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"sntMemory"=hex:\
E9,12,F6,67,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,63,61,61,73,00,00,E9,21,70,6F,\
34,32,31,38,33,30,28,31,61,38,2C,30,68,66,7B,78,\
A0,77,DE,55,72,6A,26,6B,5E,79,FD,3E,7F,79,9E,93
Reply With Quote
  #452  
Old 12-24-2010, 05:21 AM
crab crab is offline
Senior Member
 
Join Date: Dec 2008
Posts: 56
Default

did you try to correct sintax ?
here is new mk format
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\000067F6]
"DongleType"=dword:00000003
"Copyright"="None"
"Created"="Fri Dec 24 01:14:16.253 2010"
"Name"="67F6 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\ 
01,01,03,03,03,01,03,01,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,01,00,00,\ 
00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00
"sntMemory"=hex:\ 
E9,12,F6,67,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 
00,00,00,00,00,00,63,61,61,73,00,00,E9,21,70,6F,\ 
34,32,31,38,33,30,28,31,61,38,2C,30,68,66,7B,78,\ 
A0,77,DE,55,72,6A,26,6B,5E,79,FD,3E,7F,79,9E,93
Reply With Quote
  #453  
Old 12-25-2010, 11:41 AM
notmebug notmebug is offline
Junior Member
 
Join Date: Aug 2010
Posts: 2
Thumbs up Thanks to pfonseca

Quote:
Originally Posted by pfonseca View Post
Ok finally, it is done.

Here is a small manual for beginners and if you lose come hither look

1-run "sprodmp.exe".
2-make a new file "spro_RNBO_SPN_DRIVER_xxed_0.dmp"
3-run the file "dmp2mkey.exe" to get a *.reg file.
5-change :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\xxxxxxxx]
to
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ru-board\mulators\Dump\xxxxxxxx]
6-and then run the "install.bat" from "Sentinel_vUSB_Emulator"

http://www.2shared.com/file/NvbtOP0z/ALL_IN_ONE.html
Password=ru-board

Regards
Pfonseca

Thanks to pfonseca, effective soft available! (Test XP sp3 x86 and Sentinel Protection Installer 7.4.0.)
Reply With Quote
  #454  
Old 01-05-2011, 07:54 AM
steve_rb steve_rb is offline
Junior Member
 
Join Date: Aug 2010
Posts: 4
Default

above link is infected. It is trying to install "WhiteSmokeWriterGeo5002_en.exe" file.
Reply With Quote
  #455  
Old 01-06-2011, 05:43 PM
Staffer Staffer is offline
Junior Member
 
Join Date: Dec 2010
Posts: 1
Default

Hi,

I just recently succesfully emulated a superpro dongle with the instructions in this thread (big thanks to the OP and all the makers of the associated SW). (Seeing what was inside the dongle helped me to break the encryption of the serial file associated with the dongle in question.)

However there are two things that bother me:

1st:

Long version: I made the dongle emulation and reverse engineering on a virtual machine (win7) that was connected to the internet at the time. It was a fresh install and at first I didn't have a 3rd party firewall installed. When later I installed a firewall I noticed that the sentinel software (don't remember if it was an userland proggie or the sentinel driver itself) wanted to connect back to safenet servers. That got me worrying whether the sentinel software is trying to send back some usage statistics/dongle related data or if it's just an innocent update check or something like that. I haven't yet been able to catch the connection with a packet sniffer so I don't really know what is inside or even if it's an encrypted transmission or not. The issue is rather delicate since the dongle is associated with a company I work for and... I quess you catch my drift..

Long story short: Should I be worried about any personal/dongle-related information leaking thorugh the sentinel drivers? Is there a feature in Sentinel Super Pro that'd make this possible? The target software itself doesn't worry me: it hasn't requested internet access even once after I installed the firewall. Oh, and the sentinel software package version in question is 7.5.1, IIRC.

2nd: Sorry for bumbing up such an old thread but I didn't feel my issue was worth a new thread: better to keep all the information in one place.


OT: It's my first post here. I hope I don't brake too many rules...

Even more OT: I haven't really been doing any reverse engineering in a while: barely remembered the thrill of all-nighters. So, I'm really looking forward to learning more about the principles HAPSs work on.
Reply With Quote
  #456  
Old 01-13-2011, 04:33 PM
Bonzo Bonzo is offline
Member
 
Join Date: Jan 2011
Posts: 4
Default

I have followed the instructions as explained by Y8Y8Y8Y.
When I get to step 2 where is the XXXX.SSP file stored? In step 3 the drop down only allows me to select the original dump and at this point the "Safekey ssp option is greyed out. Please advise. The original dump file is titled;spro_RNBO_SPN_DRIVER_467b_0.dmp
Reply With Quote
  #457  
Old 01-14-2011, 11:09 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,264
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

show spro_RNBO_SPN_DRIVER_467b_0.dmp
__________________
... Either you work well or you work much ....
Reply With Quote
  #458  
Old 01-14-2011, 07:19 PM
Bonzo Bonzo is offline
Member
 
Join Date: Jan 2011
Posts: 4
Default

Hope this helps


http://www.megaupload.com/?d=2NXUNZ3U
Reply With Quote
  #459  
Old 01-15-2011, 11:06 AM
Bonzo Bonzo is offline
Member
 
Join Date: Jan 2011
Posts: 4
Default

I tried a few times to attach the link and it never showed up as being posted.


megaupload.com/?d=2NXUNZ3U
Reply With Quote
  #460  
Old 01-15-2011, 12:51 PM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,264
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

he have only memory...
__________________
... Either you work well or you work much ....
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.