Log in

View Full Version : Sentinel SuperPro Password Overwrite


paulofutre10
February 13th, 2004, 17:22
Hi

I have a Sentinel Superpro dongle , and i need the password for overwrite ( Word 1 , Word 2)

I went to www.safe-key.com and download sentread.exe ( for read the sentinel superpro) , its generate a file . I open that file with a hex-editor .
And i see the ID , the Write password , but i cant see the overwrite password .

Can you help me ?

Thanks

JMI
February 13th, 2004, 18:26
Have you already read the FAQ and searched the Forums for information on "sentinel" and "superpro?" If not, please do that first.

Regards,

paulofutre10
February 14th, 2004, 10:23
hi

I have read , and this forum (Clonning sentinel superpro) , they have the same problem that i . I donīt want to clone the sentinel , i just need the overwrite passord

Can you help me , find the overwrite password ?

How can i do a brute attack to the overwrite password ?

http://woodmann.com/forum/showthread.php?t=3579&highlight=sentinel+superpro

"- then launch a brute force attack on the write password (but be
careful and use an empty cell for doing that). The attack on
the write password will take no longer than a couple of minutes.
- a brute force attack on the overwrite password is feasible,
but it will take a couple of month ( 2..12 depending on the
amount of luck ;-) to go.
I had to do this on a specific dongle some time ago, and there
is nothing special about it.
Post by VoxQuietis "


Thanks
Paulo Futre

sope
February 15th, 2004, 03:41
Hello Paulfutre10

Firstly i need to understand why you need to brute force Overwrite Password for a specific dongle ? Do you need to make some changes in dongle cell or its something else ?

Also if you can dig the executable files & check if they have used a function called RNBOsproOverWrite if you are lucky you can find overwritepassword 1 & 2.

Regards, Sope.

paulofutre10
February 15th, 2004, 07:04
Hi

I need to make some changes in the dongle cell , because my software is by packs , and i need to active packs that i dont have.

Iīm not a expert in this fild , when i talk about brute force Overwrite Password , i read this in this forum http://woodmann.com/forum/showthread.php?t=3579&highlight=sentinel+superpro

i just want to know the best way to get the overwrite passaword .

how can i dig in the executable files ?

Can you help me ?

naides
February 15th, 2004, 09:20
Quote:
[Originally Posted by paulofutre10]Hi


i just want to know the best way to get the overwrite passaword .

how can i dig RNBOsproOverWrite in the executable files ?



Can you help me ?



First step is searching for "RNBOsproOverWrite" in google. I got 3 hits, one in english, two in Chinese with english text.

Also , disassemble or use Exescope to find out the list of import and export functions of relevant exe and dll files, and locate which ones import and export the function. Then study what the function does and follow the general advice of sope.

paulofutre10
February 15th, 2004, 12:39
i use exescope in the directory file and open
Export, Product Name Removed.DLL
Ordinal Address Name
0000000A 10001170 sproActivate
00000009 10001150 sproDecrement
00000006 100010A0 sproExtendedRead
00000003 10001040 sproFindFirstUnit
00000004 10001060 sproFindNextUnit
00000001 10001010 sproFormatPacket
0000000D 10001240 sproGetFullStatus
0000000C 100011E0 sproGetVersion
00000002 10001030 sproInitialize
00000008 10001110 sproOverwrite
0000000B 100011A0 sproQuery
00000005 10001070 sproRead
00000007 100010E0 sproWrite

and
Export, SK32W.dll
Ordinal Address Name
0000000E 00403590 CLOSE_SENT
00000014 00407EF0 DllEntryPoint
0000000D 00403580 OPEN_SENT
0000000B 00406A40 RNBOskCfgLibParams
00000008 00407400 RNBOskCommand
00000005 004071C0 RNBOskEnable
00000001 00406EC0 RNBOskFormatPacket
0000000A 00407180 RNBOskGetFullStatus
00000009 004070B0 RNBOskGetVersion
00000002 00406F00 RNBOskInitialize
00000003 00406FA0 RNBOskRead
00000006 004072B0 RNBOskSetFamily
00000007 00407390 RNBOskSetPort
00000004 00407030 RNBOskWrite
0000000F 004046C0 SKMSFP
0000000C 00404650 SK_COMMAND

What i do now ?

paulofutre10
February 15th, 2004, 12:56
i send the file

Edit by JMI: Do not attach portions of commercial software on these Forums and do NOT identify your target when you post target specific code.

sope
February 16th, 2004, 03:14
Hello paulofutre10

Quote:
Export, Product Name Removed.DLL
You take Product Name Removed.dll file & disassemble it in IDA. Check cross-ref of the function sproOverwrite if used it will show you. Go there & see the parameters passed. For reference of parameters pls read sentinel api reference. Hope it helps.

Regards, Sope.

paulofutre10
February 18th, 2004, 15:17
Can you give me your email

I need help in IDA

paulofutre10@hotmail.com