Results 1 to 9 of 9

Thread: Sentinel, and now ?

  1. #1
    andreas heinz
    Guest

    Question Sentinel, and now ?

    Hi Guys,
    I'm a new member and this is my first posting.
    I'm from Hamburg, Germany and 31 Years old.

    I've read nearly all Tut's from woodman.com and now it's the time to ask for some asskickin' in the right direction ;-)

    I got one licensed version of my app, protected(Har :P) by a SentinelSuperPro from Alladin.The API-Calls are inside my Target, not linked against any DLL(so statically linked).
    And now i need some advice on how to get either the emulator workin or to find the points of interest for patching...
    I swear, i tried all the standard ways, but it seems to give any subroutines which makes me confused.
    So, my dump from my SentinelSuperPro (using Sdump,thanks to CrackZ ;P) and the whole IDA-Listing of the interesting func's are attached as .txt-file


    Please inform me, if U need additional informations.
    Greetz and Tribute to all the great People who know how to reverse and share Knowledge with us, namely +spath, CrackZ, Sp0raw, MeteO, Killer3K , CyberHeg,and all the others being unamed.....
    Greetz
    SuumCuique
    Attached Files Attached Files
    Last edited by andreas heinz; March 16th, 2005 at 11:04.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    andreas heinz:

    Please edit your post and take out the long listing of code and put it into a text file and attach it. We really do not need that much code displayed in the thread for the few who may have a specific interest in it.

    Regards,
    JMI

  3. #3
    andreas heinz
    Guest
    Yep, it will be done...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    andreas heinz
    Guest

    Sentinel Emulation


    Hi all,
    I need some additional informations on emulating a sentinelsuperPro and on how to insert the dump into my App.
    I have no dll's, the whole stuff is statically linked. And the func calls are very nested.
    I first posted in the newbie frorum, because I'm new in this forum, and so I point to this posting, because there are the listings of the SproCalls, which i patched and with my dump.
    Please excuse my xpost, but it seems, here are the ones who got more experience on Dongles...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Hiya andreas,

    First suggestion, do JMI a big favour and ask him to merge your posts (this one and the one from the newbie forum), I think you might even be able to do it yourself ;-).

    OK, my initial suggestions :

    1. sproFormatPacket() shouldn't need to be patched.
    2. Read a few tutorials about sproRead(), more specifically to emulate that function your emulation code needs to pass back emulated dongle memory, simply clearing AX to 0 will pass only the status check, the code after just looks like a loop of reading each word. This is likely your main problem at this stage.
    3. The rest of your code paste is pretty much junk ;-), keep in mind you are here to attack the dongle API and nothing else, if you can't simulate the dongle API your just going to blindly force checks instead of working out why the code flows as it does.
    4. You can brute force the write password, overwrites are another story (pray you've got them in the app if you really need to recover them).
    5. Forget getting your dump to work with any 'Sentinel Emulators' at least in the short term.
    6. Read SSPro API guide (this is IMPERATIVE!) or contact me someway.

    Regards

    CrackZ.

  6. #6
    Actually he can't, but anything for an admirer of Shania.

    Regards,
    JMI

  7. #7
    andreas heinz
    Guest
    1. Ok, will try to merge ...
    2. Right, i inserted FormatPacket as patched, but it wasn't. Was unchanged. My failure (Perhaps one beer too much;-) )
    3. Well, The main Problem for me is not be confused by the whole loops.
    Can't see the forest, because of the trees....
    So, to suggest the flow I have to investigate a lot more...
    I downloaded the Rainbow Toolkit and studied the API-Documentation, the details of the functions, the return values and their meaning was very helpfully (thanks for your advice), could be the start point to write a bruteforce function to get the Passwords.
    And it seems, you prefer to insert the dump into the target and forward the query flows to the memory adresses....
    Well, we'll see...
    I will give Feedback when done...
    Regards
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    egalerst
    Guest
    my 2 cents, if any of the gods here knows better correct me.

    you made a good approach.
    formatpacket normally only needs to be patched for users who dont have the sentinel driver installed.
    u already succesfully patched the findfirstunit() and your next step would be dealing with sproread(). to accomplish this task u have to trace the program with the dongle attached(sounds like u got it. now when sproread is called take a look at the destination buffer (remember u have the api guide
    now write down the result after the sproread()
    next step is to replace the sproread() with one of crackz' fine emulator code.
    sprowrite() is almost the same approach.
    good luck
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    andreas heinz
    Guest
    Thanks for the advice.
    Think it's the lack of experience which let me lead into the deeps of the loops.
    Well, I'm checkin' the DestinBuffer and SproRead is called 61 times in one loop and after that no more (checked the app. SproRead() is called only this one time.)
    Now the job is to get it emulated ;-)
    Will try what's in CrackZ-Tutorials
    (But I never ever setted up a deltaOffset, now it's the time for cooling a six-pack)
    Regards
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Sentinel Lm
    By Theislander in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: April 1st, 2011, 09:06
  2. Sentinel RMS
    By naides in forum Advanced Reversing and Programming
    Replies: 21
    Last Post: October 13th, 2007, 12:38
  3. Need help for Sentinel LM
    By Hero in forum The Newbie Forum
    Replies: 0
    Last Post: March 24th, 2005, 02:30
  4. Sentinel Lm
    By titof in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: April 26th, 2002, 15:20
  5. Sentinel LM help
    By LaptoniC in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: September 9th, 2001, 11:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •