Log in

View Full Version : how do i set a dongle breakpoint?


TrixMan
March 19th, 2002, 09:12
Hi!

I have a program protected with a sentinel dongle and i have made a dump with spro dump.

I can see the serial and the dev id but how do i set a breakpoint when the program is calling a specific cell in my dongle??

TrixMan......

me8
March 19th, 2002, 20:32
bpio ? ?

goatass
March 19th, 2002, 23:22
What you can do is set a BPX CreateFileA do "d *(esp+4)"
and watch to see when the application trys to open the sentinel.vxd when it does that disable the BPX and F12 a few times until you are back into the application and can see the dongle related parameters pushed in to that call. Once you think you are there write down the RVA, load the file into IDA, load the sentinel signatures and jump to the RVA you wrote down and you will know exactly what is going on.

Check out CrackZ archive, there are tons of great papers that will help you. Also check out my paper on FlexiSign it will show you how to locate these dongle functions without knowing where to BPX.

goatass

UrgeOverKill
March 20th, 2002, 23:32
Hiya,
what you may want to do is read the manual on setting breakpoints on the I/O ports.

TrixMan
March 21st, 2002, 09:50
Hi all!

What I'm was looking for was something like"BPX cell 0x24"or something like that, but I know it愀 not so essay it must bee a bitt more complicated maybe "bpio 'something'" I don愒 know.

I want to thank goatass for his CreateFileA I will try it.

When I'm using DeviceIoControl I find a loop where I can see some off the cell being pushed to the stack but not all (I think).
The reason is that when I'm trying to manipulate the words (I'm using a dump from another dongle, same program) and the program fails, that's the reason I belive it must be another loop somewere.

Regards

TrixMan

goatass
March 21st, 2002, 13:15
Sentinel uses the DeviceIOControl API to talk to the VXD which will than talk to the dongle. Using the BPIO -h 378 trick might work but many times it won't.
You can not BPX on specific cell readings like you think, you need to find the sproRead function and BPX there, find the sproQuery function and BPX there, etc.

If you want to find out why it's failing, find where it reads some byte from the dongle and then set a BPM on the buffer holding these bytes and continue tracing and see where that buffer is being manipulated. The program will most likely not read everything in the dongle memory so don't expect to see each and every cell being accessed.

goatass