Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: Sentinel RMS

  1. #1
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647

    Sentinel RMS

    I will try to keep this question as general as possible.

    I am dealing with several programs protected with the last version of Sentinel License manager package.

    I am familiar with the approach championed by Nolan Blender, described at CrackZ site in excruciating detail, which relies on having access to the vendor code and the Sentinel license generator/SDK, which is protected with a Sentinel dongle.

    finding the correct SDK and Un-dongle-ing such app is not an easy feat.

    But I wonder, and that is my question, instead of trying to produce a local valid license,
    What about a frontal attack on the program protection itself?
    classic tracing, faking the right response, every time the "license are you there", "license are you correct" and "license is time up" calls are made?

    I was able to accomplish that in at least one program, but it is turning to be difficult in the package I am most interested.

    So my dilemma is: put my energy in finding and reversing the Dongled licgen,
    or further digging the Sentinel protection calls at the application level.

    Does anyone know what am I against?

  2. #2
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    Sentinel RMS v3.0 have similar way as SLM up to v8.x

    1. Recovery VendorID, make license.
    2. Solve algo and find descriptors.
    3. Make sys driver.

    It my way.

    wbr

  3. #3
    Depends on a few things.

    If you are good at unpacking then you can try unpacking the lic generator. Then emulate sprofirst*, sproread, sprowrite and sproquery. Then its pretty easy. But the lic generator unpacks on a need basis, cleans up memory immedately after execution of functions, performs SMC, and of course, is also encrypted.

    So I'd suggest going after the lic generator if you want to break Sentinel, and go the app way if you are interested in getting the app to work, Sentinel be damned.


    Have Phun
    Blame Microsoft, get l337 !!

  4. #4
    4naides:
    reversing the Dongled licgen seems to be better way; at least you will find a general way for attacking RMSed softwares..

    4foxb:
    the query answers inside lic_generator are less than enough; so would you explain how you get the algo solved (I think linear brute-forcing of enhanced algo will take a long time).

    regards.

  5. #5
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    4cEnginEEr: Need only 32 query/response from shell for solve enh algo and 2 q/r - for std.

  6. #6
    solving by means of mathematic or just brute-forcing the descriptors?

  7. #7

    hm

    Solving the sproquery seeds is doable with xx amount of seeds, Solver has been around since earlier 2001/02 (I might have the date wrong). cE, the algo descriptions (cell6+2others) are solved using the queries, so it a solver, bruteforce is not worth the time. Obviously the poster does not have the solver. One can look around on some forums and beg a pretty please to some people (Exetools for instance) and possibly get it. Or find a stinky indian.

    DONGS

  8. #8
    Hey sab, your cleverness amazed me alot..clap clap..

    ok, time to make confession: I can solve the algo only if I get 4kb of q/r but for 32 q/r I have to work more

  9. #9
    Founder FoxB's Avatar
    Join Date
    Mar 2002
    Location
    Earth
    Posts
    450
    4kb is better for solving. 32 q/r is min.

  10. #10
    hi all
    query/answers in rms licgen is enough for descriptor calculation, i want to share a new type of usb emulators in exetools which is the result of cooperation of me and souz. it is based on microsoft DSF and is completelly Vista/x64 compatible. i will include a sample for rms v8 .maybe in a week

    TORO

  11. #11
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Sounds interesting nikan, be sure to let us know.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  12. #12
    Hi nikan,
    there is already a SentinelSproUsbEmulator on the net; I havn't tested it with Vista, but it works perfectly under winxp.

    Anyway, this is good news and I'm eager to see this emulator of yours too; I'll be more thankful if you share it with us here; you know, registeration to exetools is disabled now.

  13. #13
    DSF USB emulator had post at exetools forum. The download URL: http://rapidshare.com/files/35712337/DSF_USB_EMULATOR.rar.html

  14. #14
    Quote Originally Posted by cEnginEEr View Post
    Hi nikan,
    there is already a SentinelSproUsbEmulator on the net; I havn't tested it with Vista, but it works perfectly under winxp.

    Anyway, this is good news and I'm eager to see this emulator of yours too; I'll be more thankful if you share it with us here; you know, registeration to exetools is disabled now.
    Are you talking about TORO's new generation of usb emulators?

  15. #15
    Quote Originally Posted by mr.x View Post
    Are you talking about TORO's new generation of usb emulators?
    no, I was talking about Chingachguk's vbus sentinel emulator.

    Regards

Similar Threads

  1. Sentinel Lm
    By Theislander in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: April 1st, 2011, 09:06
  2. Sentinel, and now ?
    By andreas heinz in forum The Newbie Forum
    Replies: 8
    Last Post: March 29th, 2005, 13:11
  3. Need help for Sentinel LM
    By Hero in forum The Newbie Forum
    Replies: 0
    Last Post: March 24th, 2005, 02:30
  4. Sentinel Lm
    By titof in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: April 26th, 2002, 15:20
  5. Sentinel LM help
    By LaptoniC in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 9th, 2001, 11:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •