I will try to keep this question as general as possible.

I am dealing with several programs protected with the last version of Sentinel License manager package.

I am familiar with the approach championed by Nolan Blender, described at CrackZ site in excruciating detail, which relies on having access to the vendor code and the Sentinel license generator/SDK, which is protected with a Sentinel dongle.

finding the correct SDK and Un-dongle-ing such app is not an easy feat.

But I wonder, and that is my question, instead of trying to produce a local valid license,
What about a frontal attack on the program protection itself?
classic tracing, faking the right response, every time the "license are you there", "license are you correct" and "license is time up" calls are made?

I was able to accomplish that in at least one program, but it is turning to be difficult in the package I am most interested.

So my dilemma is: put my energy in finding and reversing the Dongled licgen,
or further digging the Sentinel protection calls at the application level.

Does anyone know what am I against?

Sentinel RMS v3.0 have similar way as SLM up to v8.x

1. Recovery VendorID, make license.
2. Solve algo and find descriptors.
3. Make sys driver.

It my way.

wbr

Depends on a few things.

If you are good at unpacking then you can try unpacking the lic generator. Then emulate sprofirst*, sproread, sprowrite and sproquery. Then its pretty easy. But the lic generator unpacks on a need basis, cleans up memory immedately after execution of functions, performs SMC, and of course, is also encrypted.

So I'd suggest going after the lic generator if you want to break Sentinel, and go the app way if you are interested in getting the app to work, Sentinel be damned.


Have Phun

4naides:
reversing the Dongled licgen seems to be better way; at least you will find a general way for attacking RMSed softwares..

4foxb:
the query answers inside lic_generator are less than enough; so would you explain how you get the algo solved (I think linear brute-forcing of enhanced algo will take a long time).

regards.

4cEnginEEr: Need only 32 query/response from shell for solve enh algo and 2 q/r - for std.

solving by means of mathematic or just brute-forcing the descriptors?

Solving the sproquery seeds is doable with xx amount of seeds, Solver has been around since earlier 2001/02 (I might have the date wrong). cE, the algo descriptions (cell6+2others) are solved using the queries, so it a solver, bruteforce is not worth the time. Obviously the poster does not have the solver. One can look around on some forums and beg a pretty please to some people (Exetools for instance) and possibly get it. Or find a stinky indian.

DONGS

Hey sab, your cleverness amazed me alot..clap clap..

ok, time to make confession: I can solve the algo only if I get 4kb of q/r but for 32 q/r I have to work more

4kb is better for solving. 32 q/r is min.

hi all
query/answers in rms licgen is enough for descriptor calculation, i want to share a new type of usb emulators in exetools which is the result of cooperation of me and souz. it is based on microsoft DSF and is completelly Vista/x64 compatible. i will include a sample for rms v8 .maybe in a week

TORO

Sounds interesting nikan, be sure to let us know.

Hi nikan,
there is already a SentinelSproUsbEmulator on the net; I havn't tested it with Vista, but it works perfectly under winxp.

Anyway, this is good news and I'm eager to see this emulator of yours too; I'll be more thankful if you share it with us here; you know, registeration to exetools is disabled now.

DSF USB emulator had post at exetools forum. The download URL: http://rapidshare.com/files/35712337/DSF_USB_EMULATOR.rar.html

Are you talking about TORO's new generation of usb emulators?

no, I was talking about Chingachguk's vbus sentinel emulator.

Regards

Chingachguk not make any sentinel emulators
Any of this emulatros - is Chingachguk BASED emulators.

4 sataron:

U're right; the author is someone else.

Regards

Pl share this emulator
Thanks

clive - for why U need it?

I have dump from Sentinel Super pro & also the Emulator.
I need to make the Reg file.
I am also missing teh steps after making the dump.

you're also missing reading the FAQ and using the search button, i'd advise doing that, before JMI appears...

And that is REALLY good advise!

Regards,