Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-17-2013, 05:36 AM
alaa_982 alaa_982 is offline
Member
 
Join Date: Jun 2009
Posts: 32
Lightbulb consulting or solution

Hello to all
I'm trying to break the protection program of dongel safenet

Link program

http://www.4shared.com/rar/pk4_jcFS/edari1.html

1- you make Damp program using edgespro1.1
Then carried dng to SENTEMUL2007 program

file dng
www.4shared.com/file/kpDdalB6/assa.html

2 -run the program to be broken, a message appears key not found

3- searched for the message key not found in olldebug not found

4 -decided to examine the program peid v0.95 program turned out to be encrypted (O my God)

UPX 0.89.6 - 1.02 / 1.05 - 2.90 -> Markus & Laszlo

5- decrypted tried to the RL! DePacker1.5 appeared message


e1d03 - security key not found

6- run the SENTEMUL2007 program and carried dng it

7 run program RL! DePacker1.5 for decoding and decryption actually succeeded

8 -check program peid v0.95 program turned out to be unencrypted ok

9 -program does not work after decryption solution why??

10 -I'm trying to decrypt the program in order to bypass the message key not found

plz help

Last edited by alaa_982 : 06-17-2013 at 05:45 AM.
Reply With Quote
  #2  
Old 06-17-2013, 09:35 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,232
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

you can re-dump SENTEMUL2007 with PVA dumper?
__________________
... Either you work well or you work much ....
Reply With Quote
  #3  
Old 06-18-2013, 04:38 AM
alaa_982 alaa_982 is offline
Member
 
Join Date: Jun 2009
Posts: 32
Default pva 3.3

pva 3.3 file dump
mediafire.com/download/u7s43950khn0qcn/spro_RNBO_SPN_DRIVER_fef6_0_for_edari_.dmp


same result ?
Reply With Quote
  #4  
Old 06-18-2013, 07:28 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Write password is not in the dump and it cannot be calculated because there are no simple algos, otherwise it converts fine with dmp2mkey, with the exception of cell 0x2E which has something odd going on.

"Cell 0x2E has incorrect data . May be inactive, secure tunnel, or AES cell algo"

Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiKey\Dumps\0000FEF6]
"DongleType"=dword:00000003
"Copyright"="None"
"Created"="Tue Jun 18 12:27:57.796 2013 by dmp2mkey v2.5.9.1"
"Name"="FEF6 Sentinel SuperPro Dump"
"Type"=dword:00000000
"CellType"=hex:\ 
    01,01,03,03,03,01,03,01,\ 
    03,03,03,03,03,03,03,03,\ 
    03,03,03,03,03,03,03,03,\ 
    03,03,03,03,03,03,03,03,\ 
    03,03,01,03,03,03,03,03,\ 
    03,03,00,02,03,03,03,03,\ 
    03,03,03,03,03,03,03,03,\ 
    03,03,03,03,03,03,00,00
"sntMemory"=hex:\ 
    4D,00,F6,FE,00,00,00,00,00,00,00,00,B2,F6,00,00,\ 
    47,10,2A,D7,00,00,00,00,C9,0B,9C,DC,15,36,0F,F8,\ 
    CE,08,EE,DA,0F,5B,C1,E7,2A,78,F9,F2,6A,48,B6,EE,\ 
    B1,6A,BE,C4,FD,17,32,DD,88,3C,54,C8,51,13,F1,FD,\ 
    FF,2E,48,D1,10,00,00,00,66,0D,7F,C7,91,51,D5,F6,\ 
    D8,48,D3,F6,01,00,00,00,71,B5,E4,D8,00,00,00,00,\ 
    AC,F7,96,C3,4A,C6,CF,C0,EA,87,D8,C3,59,18,68,CB,\ 
    3F,74,2F,E7,83,5C,BF,F7,7A,0A,78,EB,00,00,00,00
You may have to change "Type" and/or "DongleType", I cannot remember what MK uses.

Git

Last edited by Git : 06-18-2013 at 07:36 AM.
Reply With Quote
  #5  
Old 06-18-2013, 10:06 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,232
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

inactive algorithm cell 0Ah and inactive algorithm cell 2Eh in this dongle. he have problem 'Key not found'

WP is 0x2937

some table q/r data for call 0Ah inside main executable
__________________
... Either you work well or you work much ....

Last edited by BfoX : 06-18-2013 at 10:41 AM.
Reply With Quote
  #6  
Old 06-19-2013, 05:42 AM
alaa_982 alaa_982 is offline
Member
 
Join Date: Jun 2009
Posts: 32
Default thanks for reply

iam newbie in this Thread


plz help me mr BfoX and mr git

Last edited by alaa_982 : 06-19-2013 at 06:29 AM.
Reply With Quote
  #7  
Old 06-19-2013, 06:04 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

We just DID help you. As I have said earlier, everything you need to know is already posted in this forum. DO not be lazy, use the Search and look for MultiKey and read and study about it.

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.