View Full Version : sentinel dongle cracking help
warior_jal
May 11th, 2002, 12:06
I am a newbie to cracking with my first target as sentinel superpro protected program. I have taken a dump of the dongle but the active algorith cells cannot be read by my utility(spath's utility v 0.02). If desired i can send the dumped dongle contents to anybody willing to study it. I have read the papers by crack'z. My problem is that i do not know how to code the emulator as a seperate exe file. I need a the code in which i can put the words retrieved from the dongle and then proceed with softice to find out the what the proggy expects from the unreadable cells. Also what I need is any utility that could effectively dump sentinel dongles and other dongles. If possible i need the sentinel manuals which have been removed from sentinel's site.
Regarding the crackz tutorial about emulator inside the sx32w.dll file, I tried it but the program crashes (general protection fault) when i use the delta offset. I tried to fix the stack but it still craches. The option that seems best is to code a seperate exe to emulate the dongle. Please help me with the code and dumper utilities.
Once done I'll publish the entire results as a tutorial here.
regards
warior
CrackZ
May 11th, 2002, 15:29
Hiya,
I think you attached the dongle dump to one of your other posts, it escapes me right now, but I recall downloading it.
1. I hope your download of dongle contents has been removed, it looks as if some of the data read from your dongle might be personally compromising. Since I couldn't find it, I assume it has.
2. I'm really not sure what you mean by putting the code in a 'separate file', maybe its a language thing and you do mean patching the original, writing some sort of replacement?, god I don't even want to contemplate that ;-).
3. You need to identify whether its using sproRead() or sproExtendedRead(), I suspect also theres a few sproQuery()'s and sproDecrements() possibly writes in there too. The sx32w.dll code is for Sentinel Pro, generally the format of any emulator for reading is as follows :
cmp word ptr [someregister], 7242h
jz start_here (OK we'll change this to 74 00)
push ebp
mov eax, [esp+xxh] ; where the word to read is on the stack
shl eax, 1 ; x 2
call $+5
pop ebp
lea edi, [ebp+xx] ; displacement (normally its 17h or 18h or so)
mov edi, [esp+xxh] ; where word is to be placed (off stack and +4h of word to read)
movzx eax, word ptr [eax.edi] ; read from fake memory
mov [edi], ax
xor eax, eax
pop ebp
USUAL function exit here (important you use the one in your target or your stack will be out)
db 128 dup(0) <-- fake dongle memory
4. Contact me with your target details, if you can send me it ;-), I can send you Sentinel manuals and other information regarding dumpers.
Regards
CrackZ.
i.r.o.n.m.a.n
May 11th, 2002, 21:17
CrackZ,
I too am very interested in learning about emulating Sentinel SuperPro. I've not found a working dumper for my app yet

. Perhaps when you have some time you can help? If so, I'll provide any requested info/files.
Much abliged
___________________
I.r.o.n.M.a.n
I am also interested in learning HASP & Sentinel Emulation.
Please help me, if you find some time & post me manuals,if possible
Cah...
warior_jal
May 13th, 2002, 17:27
Hi!
Could somebody please guide me (with example) how to add dongle data to the sentinel dll.
best regards
warior
goatass
May 13th, 2002, 22:54
Easy, find an empty space in the DLL, a place where there are a lot of zeros and put your data in there. Put some kind of tag at the beginning of the data so you could do a search in memory for this tag and you will know where in memory your data is. Now when you calculate your delta offset you could add this offset to where your dongle data is and boom.
goatass
warior_jal
May 14th, 2002, 12:31
Dear Mr. CrackZ,
I have sent you the details of the target, please check your mailbox.
best regards
warior
warior_jal
May 14th, 2002, 12:44
thanks Dear Goatass for your advice. This would surely aid me in removing this dongle. As I am a newbie, I would like to study a file which has a working emulator inside (this would make me clear about the concepts). I would be gratefull to you if you could mail me any cracked sx32w.dll file, preferably a file with maximum functions emulated.
best regards
warior
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.