Log in

View Full Version : this sentinel dongle kill me ! please need help


samy la guigne
June 4th, 2001, 05:07
i'm just newbie it's a matter of fact
but i try to trace the superpro's call in order to nop it
but noway
someone 'd got an idea ??

please

CrackZ
June 4th, 2001, 13:06
Hiya.

1. Your upload is missing a whole load of dll's, namely :

GEOUTI32.dll, GEOHOC32.dll, FNCTVX32.dll, PIPE32.dll, GEOCOM32.dll, PORTUTIL.dll.

2. The .exe you have uploaded contains the Sentinel 5.31 object. I recommend you load this target into IDA, download Killer_3k's Sentinel SuperPro signature and apply that (from my site).

I also suggest you familiarise yourself with the Sentinel SuperPro API, www.rainbow.com may still have the pdf's, else several of the essays on my and +Tsehp's site can help you more.

3. Initial analysis confirms the main file is protected, there appear only to be calls to sproFindFirstUnit(sub_4288c0) and 2 xrefs to sproRead(sub_428ae0), the read appears to be in a loop so multiple words are being retrieved from the dongle. This is probably about as basic as a Sentinel protection comes ;-).

Anyhow, if you want more help with this, drop me an e-mail (only if your prepared to provide those missing files ;-) else theres enough here and on the web for you to get through).

Regards

CrackZ.

samy la guigne
June 4th, 2001, 16:06
here are the files missing to you crackz Z

can you explain to a newby like me,
how to patch this target with ida and your signature thing
in detail please if you couls because
it's appear that many of the other executable with this one are protected in the same way so
in order to not boring you anymore
if you could help me

CrackZ
June 4th, 2001, 18:22
Hiya.

Thanks for the files. It seems it as above.

Program calls sproFindFirstUnit(developer ID 4142h). Easy patch to AX=0. Program then loops sproRead() twice, reading words 0x8-0x26 in one loop and 0x1A-0x3F in another, the destination buffer is the same in both cases i.e. 0x1A-0x26 are duplicate reads.

Bypassing these I could find only 2 instances of where the dongles memory was used, I don't know what this program does so it may be used later on or in other programs in the suite.

Word 9 - version information.
Word 0x30 - high byte test'd with 1 toggles the edition, 'GeoPort' or 'MD-90 port'.

Regards

CrackZ.

NB - None of the dll's you gave me seem to be protected, although the inclusion of superpro.dll in the package makes me think something somewhere must call in via there ;-).

samy la guigne
June 5th, 2001, 03:23
so sorry to be a newbies but i don't wherer to start
i've got every tool softice hexedit ida w32dasm

i've read your answer
open my target with ida, download your signature by "load flirt signature file"
with and WHAT ???????????????
what do i suppose to be :
Create output file in exe
but i can't coz he reply me that he can do this only for msdos prog
what i am suppose to do ?
i've got 4 similar prog to undongle
i'm really ambarrasssed can you teach me again

tsehp
June 7th, 2001, 14:23
hi samy,
I had to move this thread up to the newbies section where it belongs.
You first have to master the tools, learn about the api's, crackz is really nice to help you in such a way, but he will not give directly the solution to patch your apps.

regards,

+Tsehp