Page 1 of 2 12 LastLast
Results 1 to 15 of 22

Thread: Sentinel SuperPro Brute Force

  1. #1

    Sentinel SuperPro Brute Force

    Hello, i have searched the forum but still am a little unclear on some of the steps i need to perform to do this. I have a blank Sentinel SuperPro usb dongle. I have been able to read the data to find the serial number, DevID, and the write password. But as i have seen in other threads it is not easy getting the Overwrite password. I have read that you can use a brute force attack on the dongle to find the Overwrite password but it takes very long. What I would like to know is how to perform this brute force attack for I have never used it before. And after i do use the brute force method and i retrieve the 2 Overwrite passwords what do i do then? How would i write my own data to all those 0's from cell 8 to the end?
    If anyone could help me in this that would be great. And if i did miss a thread somewhere that has this information i am deeply sorry and please point me in the right direction. Thnx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well how did you miss this Thread:

    It's fairly old and is, of course, not discussing a usb dongle, but might be relevant.

    AND you don't get to skate with just searching here!

    YOU are also supposed to Search on the net for answers to YOUR question. If you have done that, you have not indicated you have done so.

    For example, have you tried entering thing, such as combinations of:

    sentinel superpro brute force overwrite password

    in YOUR favorite search engine and looked at some of the results? Again, if you have, how would we know you have done so? I got 31 hits.


  3. #3
    I did read that thread and the threads linked from that one. I am not asking this without doing some research. Google doesn't link to anything useful other than the threads in this forum. I wrote in my question, "but still am a little unclear on some of the steps I need to perform to do this." I stated I was unclear on how to perform the steps even if they were written there in those threads. This could be due to me not understanding some of the terminology in that thread. As i said I have never performed any kind of brute force attack in my life. I do not know how it works or how it is set up. What I request is that some knowledgeable person on this forum please help a noob like me out in understanding what those threads say. Even after rereading them I still am unclear. And googling brute force attacks got me millions of different things that can be brute force attacked and that only created more confusion for me.

    There is actually a lot of information i see on the EXETOOLS forum but the registration is disabled and i cant download any files from them. If someone has a way for me to join them then that would help me out a lot.
    Last edited by litePL; January 23rd, 2008 at 21:49. Reason: Addition
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4

    I'm assuming you are trying to reprogram the memory contents inside the dongle and that you do not possess or have access to the overwrite passwords either legally or from an application that might reveal them.

    I'm also assuming that the cells you are trying to program have been set as "locked" preventing you from simply reprogramming them trivially using the API RNBOsproWrite (which requires only the write password).

    Brute forcing the 2 overwrite passwords is code-trivial with a major caveat; you could simply cycle your way through the possibilities using RNBOsproOverwrite; the reality however is a very long wait since you cannot escape the API & hardware overhead which restricts considerably the speed at which you can test passwords. Also on the more recent devices there are tamper checks inside the hardware looking for just this sort of attack so you'll probably trip that long before finding the passwords.

    As an exercise I know of several people who stripped out going via the API interface and opted for direct access to the Sentinel and still found the brute force times impractical.

    With the overwrite passwords you can obviously reprogram the dongle to your hearts content either direct via the SDK or using the GUI therein.


    Last edited by CrackZ; January 24th, 2008 at 13:45.

  5. #5
    So, is that covered in your lecture on 3-Feb? -- How to reprogram dongles without knowing the overwrite dongle passwords?

    Have Phun
    Blame Microsoft, get l337 !!

  6. #6
    Thank you so much! That cleared up a lot for me but there is still one more thing left. I have searched for "API sproWrite" here on the forums and google but i haven't been able to find anything. Is this a program i can download?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Previous post edited slightly.

    Search out the Sentinel Developer or Programmers Guide, RNBOsproWrite on google ought to give you something.



  8. #8
    I have been searching for a couple of hours now and the best thing i could find are these 2 documents.'s+Reference+Manual.pdf

    They talk about the, program?, that apparently has commands that start with RNBOspro just like the RNBOsproWrite you mentioned.

    However i cannot find this anywhere.

    You stated before
    "using the API RNBOsproWrite (which requires only the write password)."

    Is this a program you know of? Do you know where i can get it?

    You also stated
    "via the SDK or using the GUI therein."

    Do you now where i can get the SDK or GUI?

    If you could explain this to me in further detail that would be great. I am quite clueless in this area.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9

    Did you actually READ THE FRIGGIN FAQ??? If you did, how come you feel YOU are entitled to ignore the part which states, rather clearly:

    Do not ask where to find the "tools."

    I see no exception there for YOU to ask where YOU can find the tools YOU might need to solve your sentinel superpro problems. Now get with the program or go away.

    It's up to YOU to master the skill of searching on the net and finding the tools YOU need for YOUR reversing projects. We have an entire Website linked below where you can study that skill.

    That it may not be easy, or that YOU haven't succeeded, or might not succeed at all, does not give YOU permission to ask someone here to take you by the hand and lead you to the tools YOU want or just give them to you.

    Learning how to be a "reverser" means you have to have patience and determination to actually find what you need and to study what you need to study to figure out what is necessary for YOUR project.

    It is past time you actually PAY ATTENTION TO OUR RULES!

  10. #10
    Understood, I apologize.

    But there is one more question I could ask that wont go against your rules.

    Are those actual programs? That I would be able to find on my own? or am I searching for something that doesn't exist, or works in some different form.
    Last edited by litePL; January 25th, 2008 at 10:54.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #11
    Sorry, you actually do NOT understand. You found a reference to the Sentinel LM Programmer C's Reference Manual, but you obviously didn't spend any "quality time" actually reading it, or attempting to find on the net information about things discussed in that manual which you might not understand.

    For example, you might have simply put API in you favorite search engine and found something similar to this:

    "Abbreviation of application program interface, a set of routines, protocols, and tools for building software applications."

    Had you done that simple thing, you might have some better clue about what you are attempting to do and how it might be done.

    If you actually have done "basic" research on how to "reverse Sentinel SuperPro" you should have gained some understanding of what is involved and what "tools" might be needed and/or where such tools might be located.

    You've obviously recovered "some" data from the dongle, but you do not appear to have done much in the way of research on "brute forcing" or the tools which might be necessary or available, generally, for that task, and/or what may be available for your "target."

    You are STILL in the mode where you want someone to GIVE you the answers, rather than in the mode that YOU are determined to do YOUR very best to FIND the answers and what YOU need.

    You appear to get just one idea, and then you search for just one thing, apparently without any real understanding of what you are really attempting to do. It certainly appears that you are starting from "no knowledge" to going to "cracking" a very difficult project for a beginner, while, at the same time, trying to do as little "real work" as possible. That is not the type of effort that gets "rewarded" on this Forum with getting taken by the hand and being "led to the promised land" of "success."

    Now have you even attempted to do what CrackZ suggested you do??? He is, after all, one of the "Experts" on such things! He suggested you SEARCH on google for:


    something YOU apparently haven't done or you should have more information than you exhibit so far. That search criteria produced 91 hits for me, including some about something called a "Sentinel SuperPro Emulator", which YOU should have already discovered, had you been doing your own homework! It's possibly what you are already using to recover the data you have already recovered, which you mentioned in your first post.

    If you had actually been reading some of the Threads on Exetools, even though you can't download attachments from there, you would already have some "basic" understanding of what might be available for use in the context of "Sentinel Dongle Tools," instead of asking "lame" questions here which simply show you haven't been doing any real "thinking" about what you are attempting to accomplish.

    Now these conclusions could be mistaken, but they are based on the only information YOU have provided about what you started out knowing about what YOU want to do and what YOU have told us YOU have done so far.

    Just one more example. Have you done the "obvious?" Have you put:

    Brute Force Sentinel Super Pro

    in YOUR favorite search engine and read some of the more than 7,740 hit available about that subject? There's even a link to the manufacturer with information about their efforts to "defend" against brute force attack. YOU have read at least some of those, haven't you.

    If you've actually done any of these things, it certainly is not clear from your Posts and the very "basic" questions you keep asking so far.

    Reversing is a time consuming process. Are YOU willing to actually put in the time to learn how to attempt to do what you have said you want to do? So far, it only looks like you want an "easy" and/or "quick" answer handed to you for a "cookie cutter" solution to your problem, where you might click a few buttons and your quest is accomplished.

    Step up to the plate and actually THINK about what your problem is and how YOU might go about researching it more effectively and then YOU tell US what you have found and ask whether your information is correct. That's what we ask you to do!


  12. #12
    RNBOxxxx are the names of the API functions developers can use when programming their dongle, the Sentinel SuperPro SDK has example programs you could trivially compile / edit to do this so no-one has actually bothered authoring any *tool* as its considered rather pointless.

    I suggested you try RNBOsproWrite as it *writes* data to the dongles memory and requires you know only the Write Password (which you have).

    JMI is right though, although I'll summarise it in much fewer words; If you had invested just a little bit more effort & time in reading & researching the information you were given, it would have saved you all of the criticism you have received.



  13. #13
    Thank you CrackZ, I will continue my search with the information you have supplied.

    JMI, you seem to be extremely biased against me doing any research.
    When I said I do understand I DID mean I understand. Apparently my apology wasn't enough.
    Let me make it clear I HAVE been doing MY own research and putting my OWN hard work into this.
    I did look up API, it was one of the first things I researched. I was just a little unsure of how things worked.
    I have done MORE than "basic" research for i have read EVERY document i could find on the topic.
    And no I am not in a "mode" of wanting someone else to just hand over some program so i can do this with zero knowledge.
    I am more than willing to give time and effort into learning more about how these things work.
    When I asked directly for the programs I was wrong in this and I did apologize. But my main concern was not to have the programs handed over to me, but to understand if they actually are programs in the first place.

    I have researched EACH and every one of the keywords CrackZ has given me.
    This has helped me ALOT and I thank him once again for the help.

    So, JMI, don't jump to direct conclusions that I have not researched enough.
    When i asked if those are actual programs, I was basing the question on the knowledge I received from reading both of those documents and from research in many other documents.
    Now that CrackZ has explained to me the basic information on this i can further continue MY own research.

    Confusion on how something works even when researching it does not mean I had not put a good amount of effort into searching for it myself.
    I am NOT a lazy person. I actually enjoy finding things out on my own much more than someone hading me the knowledge. Most of my ventures into learning about technology have been by myself, learning the knowledge myself, researching it myself, the way I like and enjoy it.

    ALL I have been asking for in this entire thread other than my mistake of asking for the programs directly has been ONLY directions on what topics or information would be best to research, and questions when I was confused about how a certain thing works.

    JMI don't get me wrong. I am not telling you how to do your job as an Administrator for this forum. In fact I admire it and think you do a good job. But sometimes you can be a little TOO negative towards the possibility of someone actually putting hard work into something.

    So once again I thank both of you in pointing me in the right direction in my research.
    I will post again soon on my success.. or failures but hopefully i wont have much of those.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14

    You have made some valid points.

    I want to remind you, however, that I did not use or imply that you were "lazy." That was not part of my description of your efforts.

    What you also need to keep in mind is that I have only your "words," written here, upon which to form a conclusion about what you may or may not have done. I can not look into your mind and see what you have seen or read. If you didn't write it here, I would have no way of knowing what you might have done, or already knew, or learned along the way.

    Along with my efforts, I did provide some, I hope, useful pointers in directions of information which I thought might help you. Again, I can only judge what you might have done with that information by what you then write here and what you indicate you may have learned.

    I was more attempting to get you to focus on what your answers seemed to indicate you did not yet understand. It was fairly reasonable, even if not completely correct, that, if you didn't understand some of the very basic information, that you either hadn't found or hadn't carefully considered some of the information which had already been mentioned.

    Try not to be discouraged if you seem to be having problems with your task or if some part of the Administration here doesn't seem to understand all the efforts you may have already invested. This all takes substantial time.

    I will only say that when I first started "reversing," I had not the faintest idea about how computers and/or computer languages worked and after more than 20 years of trying to do some reversing and reading a very great deal about it, I do not consider myself a "skilled" reverser, by any means, mostly because real life does not afford me the time or the opportunity to spend as much quality time as I once had to just "play" with the workings of some program or protection scheme.

    Also try to remember that I do not write my comment about Searching, learning to Search, and actually doing that with the intent of just criticizing anyone. It is intended to emphasize the importance of that required skill for anyone interested in this great adventure on which we journey. Much of what I write is intended for a general audience of those who come later and who might "get the message" about searching and how to accomplish that skill while simply reading some of what has already been said to others.

    I neither have, nor hold any personal hard feelings about you or your efforts. If I seem to try to nudge you down "the correct path through the dark codewoods" with what you might fairly consider to be too much apparent passion, it is simply because I believe the message of our founder, +Fravia, that learning to search and actually doing the searching and applying one's brain to that task, is one of the most important skills a wannabe reverser can master, including me.

    I can only suggest to you that "impatience" with achieving your goal is one of the more difficult traits for anyone, particularly the young, to master. Learning some of this "stuff" takes time and, unless you program computers all day, there is one heck of a learning curve to climb against.

    So may I humbly suggest you try to look on what is happening as a "process" rather than an "event" and that along the way there will seem to be many roadblocks and pitfalls, against which one bumps in the night. We just need to pick ourselves up, focus on the road ahead, try to keep putting one foot in front of the other, and eventually we realize we actually begin to understand a little bit more and a little bit more.

    Sometimes we can slap our heads and wonder why we didn't see something more clearly before, and sometimes we can wonder whether we will ever "get it." But in the end, it is the "journey" which is the adventure, not the single event of success over this or that problem.

    It is learning how to "think through" something we initially don't really understand, and gaining a little more understanding of the ever evolving world of computers and their programs, and the constant struggle between protectors and reversers that keeps it interesting. It is the determination not to be stopped, not to give up, which give useful purpose to the process.

    Analyzing and problem solving skills are generally great preparation for much of what confronts one throughout life. Working on those skill sets, in almost any area, is nearly always a very "good thing."


  15. #15
    Hello again.
    I got a bit further in my goal of writing to the SuperPro dongle.
    Today I had a look at a friends old serial port dongle that had code already written to it.
    I noticed another difference between my blank dongle and his.

    I actually have 2 different kinds of dumpers.

    One reads the data off the dongle and creates a nice little txt file that has the cells from 0x00 to 0x3F.

    And the other apparently dumps more, a .RSL file, but must be viewed in a hex editor.
    It shows the same cells as the first dumper but the entire string of them is at the end of the dump.
    Before that there is more space with more numbers.
    On my blank every couple of blank spaces is the code 12 34 56 78.
    The string of blanks and 12345678 keeps repeating until it reaches the cells at the end which r same as in first dumper.
    My first thought is that this is some extra code on the dongle and the default "blank" code in these places is 12345678.

    On my friends serial SuperPro, some of the 12345678's are there but most of them have been replaced by other sets of numbers sometimes even longer in length than the 12345678.

    Now I am stumped again... I thought the cells 0x00 to 0x3F were all that was on the dongle. But this proves it wrong does it not?

    The code shown in the first dumper would be in this format,

    Cell 0x00: ABCD (1/0) (Dongle Serial Number)
    Cell 0x01: 1234 (1/0) (Developer ID)
    Cell 0x02: ???? (1/4) (OverWrite Password 1)
    Cell 0x03: ???? (1/4) (OverWrite Password 2)
    Cell 0x04: 5678 (1/4) (Write Password)
    and on down to cell 0x3F

    But the code from the second dumper viewed in a hex editor, omitting the beginning part I am confused about explained above, would be in this format

    CD AB 34 12 00 00 00 00 78 56 ----> onward to end are 0's, same length as first dumper so i know its same code.

    notice how each of the 4 digit codes r reversed


    So there you have my new discovery. If you have any information on what that code is then it would be well appreciated.

    Now back to my RNBOxxxx API functions research.
    I thought I should take a look at the source of the first dumper since it so nicely provided it. And there was the code I was looking for. All the RNBOxxxx commands that the program uses to communicate with the dongle were there.
    This gave me more understanding on what I will have to do to accomplish my task of writing data to the blank dongle.
    Apparently I would have to code my own little program with the commands to write to the cells I want.
    I have enough knowledge to see the code is written in C. I guess its better to start learning to code now then never.

    Once again I thank you for helping me to get this far. Would have taken me much longer without you.

    Possibly is the code before the known string of 0x00 to 0x3F a space just for the company that sold the dongle with Program to write some extra code of their own?
    Just an idea...

    Well now I know exactly what must be done but i am unable to do it.
    I must write a code in C to use the RNBOsproWrite API function correctly so it writes the code I want.
    If anyone is willing to show me how the code would be written that would be great.
    I tried editing the source of the dumper and then compiling it but I failed... There is just too much more to the code I don't know. Its close to impossible for me to write a successful piece of code that will use the sproWrite command successfully.

    This is the format for the sproWrite command:

    RB_WORD writePassword,
    RB_WORD address,
    RB_WORD data,
    RB_BYTE accessCode )


    packet - is a pointer to the RB_SPRO_APIPACKET record.
    writePassword - is the write password for the SuperPro key.
    address - is the address of the word to write.
    data - will contain the SuperPro word to write.
    accessCode - will contain the access code associated with the word
    to write.
    Last edited by litePL; January 28th, 2008 at 16:15.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Brute Force Software Cracking
    By Garrett in forum Off Topic
    Replies: 11
    Last Post: February 26th, 2013, 18:25
  2. Sentinel SuperPro USB
    By brentw in forum The Newbie Forum
    Replies: 1
    Last Post: April 15th, 2005, 15:43
  3. Need help with Sentinel SuperPro
    By Calintz in forum The Newbie Forum
    Replies: 6
    Last Post: March 18th, 2005, 12:30
  4. Sentinel SuperPro
    By Aldavan Diablo in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: May 13th, 2001, 16:38
  5. Could some one tell me more about Brute Force ~ I am totally New to This
    By Abhi in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: May 2nd, 2001, 07:38


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts