Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 09-14-2011, 03:07 PM
dgp dgp is offline
Junior Member
 
Join Date: Sep 2011
Posts: 4
Default Sentinel SuperPro question

Hi to all

I use dongle Sentinel Super Pro for commercial application that stores (and change) some specific data on it during work. The application stores this data via send string/receive code in format:

XXXXXX-XXXXXX-XXXXXX-XX-XXXXX-XXXXXXXX-1

I want in some way to change certain value that is stored in dongle memory and use dongle emulation with corrected value. With Toro dongle monitor I get chance to find the address that corresponding to the value:

In:> Read Address=18 (0x12)
Out:> Read Address=18 (0x12) -> Status=0x0
Data=28 (0x1C)

The value is 28 and should be more. Then I used the Sentinel Emulator 2007 by EDGE and created dump.dng file but not know how to edit this file (it's encrypted) to make the change and use modified file without a dongle key. In other way I need to write "corrected" dump (or somehow converted image) back to the dongle. Can someone help me with that?

Thanks
Reply With Quote
  #2  
Old 09-14-2011, 10:30 PM
gokilaravee gokilaravee is offline
Senior Member
 
Join Date: Nov 2008
Posts: 221
Default

if u want to test ur dump by modifying dongle memory,use multikey instead of others..

and if u know WP,OWP1 and OWP2,u can change the certain things in dongle..
__________________
“As a child of God, I am greater than anything that can happen to me.”
Reply With Quote
  #3  
Old 09-15-2011, 10:22 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,254
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

use the pva dumper and place new dump here
__________________
... Either you work well or you work much ....
Reply With Quote
  #4  
Old 09-15-2011, 11:43 AM
dgp dgp is offline
Junior Member
 
Join Date: Sep 2011
Posts: 4
Default

Can't dump with pva dumer - program give me error message: "Sentinel system driver not found - Error 18". This by me is because sentinel driver that uses application developers is not standard (excepting that it's 0,5 version) and updating with standard newer version will cause program to stop working. Horewer i have dump files from edgespro11 (EDGE sentinel emulator) and sspro_dmp (nodongle.biz).

Here is the 2 files from the program:

Launcher: Launcher.rar

Credit Manager: CreditManager.rar

Here is the Toro Sentinel info file: SentinelInfo.rar

With edgespro11 I found this:

Cell 4 (0x4) - d5fd,3 (this should be write password)

Cell 08 solved as extended 742D 2741 C1AB

Cell 18 solved as standard D5FD 3E95 8060

Cell 1C (28) solved as extended 742D 57B7 D3A0

And here is the dump files:

edgespro11 dump: EdgeDump.rar

sspro_dmp dump: Ssp5D84.rar

Last edited by dgp : 09-15-2011 at 05:10 PM. Reason: Add links
Reply With Quote
  #5  
Old 09-16-2011, 08:11 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,254
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Emulator\Sentinel\Dump\5D840000]
"sntMemory"=hex:\
20,18,84,5D,00,00,00,00,FD,D5,00,00,2D,74,00,00,\
41,A7,AB,C1,E0,29,B9,BF,FF,02,4C,88,52,05,00,00,\
0B,00,00,00,1C,00,00,00,00,00,00,00,01,00,D4,F5,\
95,3E,60,80,BE,B8,02,00,B7,57,A0,D3,42,93,05,75,\
F1,51,91,13,E7,B6,32,52,F4,81,C4,56,92,17,E6,C0,\
35,25,A5,36,D4,13,AC,73,98,1F,D3,A5,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CellType"=hex:\
01,01,03,03,03,03,03,03,03,03,01,01,01,01,01,00,\
00,00,00,00,00,00,00,00,03,03,00,02,03,03,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Type"=dword:00000000
"DongleType"=dword:00000003
__________________
... Either you work well or you work much ....
Reply With Quote
  #6  
Old 09-16-2011, 05:18 PM
dgp dgp is offline
Junior Member
 
Join Date: Sep 2011
Posts: 4
Default

Thanks BfoX ... this is for use with Sentinel Emulator (EDGE) or I need to convert it for multikey?

Last edited by dgp : 09-16-2011 at 05:19 PM. Reason: mistake
Reply With Quote
  #7  
Old 09-16-2011, 09:42 PM
gokilaravee gokilaravee is offline
Senior Member
 
Join Date: Nov 2008
Posts: 221
Default

modify for multikey with help of example reg file..
__________________
“As a child of God, I am greater than anything that can happen to me.”
Reply With Quote
  #8  
Old 09-17-2011, 01:58 PM
dgp dgp is offline
Junior Member
 
Join Date: Sep 2011
Posts: 4
Default

I modified file for multikey but something is wrong - multikey device is correctly installed and running, reg file in the registry in right place but chkmkey.exe said: 5d840000 - SENTINEL - not found. Here is the regfile:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\5D840000]
"Name"="5D840000"
"DongleType"=dword:00000003
"Type"=dword:00000000
"sntMemory"=hex:\
20,18,84,5D,00,00,00,00,FD,D5,00,00,2D,74,00,00,\
41,A7,AB,C1,E0,29,B9,BF,FF,02,4C,88,52,05,00,00,\
0B,00,00,00,FF,00,00,00,00,00,00,00,01,00,D4,F5,\
95,3E,60,80,BE,B8,02,00,B7,57,A0,D3,42,93,05,75,\
F1,51,91,13,E7,B6,32,52,F4,81,C4,56,92,17,E6,C0,\
35,25,A5,36,D4,13,AC,73,98,1F,D3,A5,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CellType"=hex:\

01,01,03,03,03,03,03,03,03,03,01,01,01,01,01,00,\
00,00,00,00,00,00,00,00,03,03,00,02,03,03,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

From testprotect support said me to change this:

"CellType"=hex:\
01,01,03,03,03,03,03,03,03,03,01,01,01,01,01,00,\
to
"CellType"=hex:\
01,01,03,03,03,01,03,01,03,03,01,01,01,01,01,00,\

I changed this but situation is the same as above. Something wrong with regfile or I need to "load" dump in the emulated device. If multikey not load dump in startup how to make this with devcon? Sorry for stupid (for some people maybe) question.

Last edited by dgp : 09-17-2011 at 02:57 PM. Reason: other question
Reply With Quote
  #9  
Old 09-18-2011, 12:00 AM
gokilaravee gokilaravee is offline
Senior Member
 
Join Date: Nov 2008
Posts: 221
Default

no space in Multikey...check ur sample reg files in multikey folder
__________________
“As a child of God, I am greater than anything that can happen to me.”

Last edited by gokilaravee : 09-18-2011 at 12:08 AM.
Reply With Quote
  #10  
Old 09-18-2011, 07:08 AM
P@blo P@blo is offline
Member
 
Join Date: Jan 2009
Posts: 45
Default

dgp
change dongle name in your reg:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\5D840000]

like this:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\MultiK ey\Dumps\00005D84]
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.