Log in

View Full Version : Problem to emulate SproQuery

nasty
May 24th, 2004, 09:39
Hi To all,
i'm working from about 2 months on Spro emulation.
I have problem in SproQuery .. to calculate Xor values.
I have also the Dongle dump. how i can emulate this values to use in debugging?
Please gimme advices please.
I'm going mad!!

I have understood that the only way is "Brute" the entire array of response .. i have prepared a C bruter but i don't have understood how i calculate the right offset (in file), the bytesize ..
Please i want a complete example of bruter for this.
Thanks
KSA
May 24th, 2004, 11:52
Hi,

Is this target protect with Sentinel SuperPro Shell Protection ?
nasty
May 24th, 2004, 12:43
yes!
this is a part of the shell ..
tom
June 1st, 2004, 09:52
I did this a while ago and dumping al possible queries seemed the only solution for me. I allready posted a routine to load the correct value from a file a while ago.

http://www.woodmann.net/forum/showthread.php?t=5136

The problem i had had to do with the fact that the addresses he called were not correct in the context. (CreateFileA,SetFilePointer,ReadFile,CloseHandle)

(note that this code also returns some values to 'standard' queries this program required)

The code to dump the possible queries to a file is quite simple:
Code:


		for(query=0;query<=0xffff;query++) {

			ret = RNBOsproQuery (ApiPacket, 0x08, &query, &rsp, &rsp32, 4);

			if (ret == 0) {

				write(fd,&rsp,4);

			} else {

				printf("Error at query %i, aborting\n";

				return 0;	

			}

		}