View Full Version : Sentinel SuperPro v6.1 Unsheller!

December 29th, 2001, 12:13

After i use Spuica It Can't Unshell My EXE Protected By Sentinel SuperPro Version 6.1

Please Guide Me More!

Most Regards

December 29th, 2001, 18:48

The ICA's Sentinel Shell unwrapper was designed to be used with the original dongle connected, in fact I think even good old Procdump has support for dumping with the dongle connected since execution resumes in the first section at OEP for Sentinel shell protected applications.

If you do have the original dongle, contact the ICA guys to see whats going on or try ProcDump or Icedump, finding the OEP ought to be pretty easy too ;-). I can't imagine the ICA unpacker does very much more than a dump of the unpacked image.

If you don't have the dongle, the Sentinel shell is still vulnerable since its decryption depends on a sproQuery() response, a sliding 32-bit XOR key actually. One can actually check if it is the correct key as a checksum of the decrypted area is included as part of the 'is the unpacking all safe and correct code', all one needs to do is guess 1 or 2 likely plaintext bytes and the whole thing can be bruteforced (depending on section size) in less than a few hours, well done Rainbow, since I'm out of this game pretty much, did I mention that the decryption checksum is one of the main features of your protector that actually compromises your entire protection (pretty much) ;-), or it at least prevents us having to write something more sophisticated anyway.

Anymore details needed, drop me a msg here or e-mail.



January 5th, 2002, 12:41
Is it possible you could tell what your 6.1 target is or where to get the 6.1 sdk since the latest one on rainbows pages is 6.0.



January 8th, 2002, 14:40
If you want to see one of example programs that protected by SS6.1 Tell Me To Send It For You!

I buy original ss6.1 from it's company!