PDA

View Full Version : Sentinel SuperPro v6.1 Unsheller!


SmallBoy
December 29th, 2001, 12:13
Hi,

After i use Spuica It Can't Unshell My EXE Protected By Sentinel SuperPro Version 6.1

Please Guide Me More!


Most Regards
SmallBoy3000
SmallBoy3000@yahoo.com

CrackZ
December 29th, 2001, 18:48
Hiya.

The ICA's Sentinel Shell unwrapper was designed to be used with the original dongle connected, in fact I think even good old Procdump has support for dumping with the dongle connected since execution resumes in the first section at OEP for Sentinel shell protected applications.

If you do have the original dongle, contact the ICA guys to see whats going on or try ProcDump or Icedump, finding the OEP ought to be pretty easy too ;-). I can't imagine the ICA unpacker does very much more than a dump of the unpacked image.

If you don't have the dongle, the Sentinel shell is still vulnerable since its decryption depends on a sproQuery() response, a sliding 32-bit XOR key actually. One can actually check if it is the correct key as a checksum of the decrypted area is included as part of the 'is the unpacking all safe and correct code', all one needs to do is guess 1 or 2 likely plaintext bytes and the whole thing can be bruteforced (depending on section size) in less than a few hours, well done Rainbow, since I'm out of this game pretty much, did I mention that the decryption checksum is one of the main features of your protector that actually compromises your entire protection (pretty much) ;-), or it at least prevents us having to write something more sophisticated anyway.

Anymore details needed, drop me a msg here or e-mail.

Regards

CrackZ.

nblender
January 5th, 2002, 12:41
Is it possible you could tell what your 6.1 target is or where to get the 6.1 sdk since the latest one on rainbows pages is 6.0.

Thanks

--nb

SmallBoy
January 8th, 2002, 14:40
If you want to see one of example programs that protected by SS6.1 Tell Me To Send It For You!

I buy original ss6.1 from it's company!


SmallBoy
SmallBoy3000@yahoo.com