FoxB
July 19th, 2004, 12:50
Hi ALL!
I am working on a target & i don't have the dongle as the many people.
My work is complete on 75%, i have:
1. Known Sentinel functions.
sproFindFirstUnit()
sproRead()
sproQuery()
2. Order of events:
from start - The decryption routine is defined. Recovering the 0x28c byte's of table.
1 - sproFindFirstUnit(Developer ID 0xD4E4) - patch, passed.
2 -sproRead(Words 0x30, 0x34, 0x38 ,0x3C, 0x00, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15) - patch, emulate, passed.
3 - sproQuery(), identify Cyberheg's GetQuery() & GetResponse() - patch, emulate, passed.
4 - sproQuery(), this time we need to handle GetQuery() & GetResponse() - two table defined, patch, passed.
5 - sproQuery(static query data 0xfb4c74b5) - code section.
Start address 401000, size 0x169222 bytes, correct result should be 0x7c01c3ef. Recovering the key ..... My brute force code enclosed, the size of the section is 1.6Mb's so very big
(two day - 0x221f83 pass of decryption from 0xffffffff on my P4 2.0GHz) - stopped, trouble.
6 - sproQuery(static query data 0xfba2ee13) - data section.
Start address CE6000, size 0x52000 bytes, correct result should be 0xe87c9b0e. Recovering the key is 0xdacc397f. Data section recovering OK.
Recovering of section was spent at the rate of, that the program is written on VC++ and first four bytes to section of the data is zero.
3. I have trouble with Recovering of code section.
I also read FAQ and all topic's, concerning to Sentinel Key and sproQuery. I not have solution. If anyone have solution, tell me please.
WBR
I am working on a target & i don't have the dongle as the many people.
My work is complete on 75%, i have:
1. Known Sentinel functions.
sproFindFirstUnit()
sproRead()
sproQuery()
2. Order of events:
from start - The decryption routine is defined. Recovering the 0x28c byte's of table.
1 - sproFindFirstUnit(Developer ID 0xD4E4) - patch, passed.
2 -sproRead(Words 0x30, 0x34, 0x38 ,0x3C, 0x00, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15) - patch, emulate, passed.
3 - sproQuery(), identify Cyberheg's GetQuery() & GetResponse() - patch, emulate, passed.
4 - sproQuery(), this time we need to handle GetQuery() & GetResponse() - two table defined, patch, passed.
5 - sproQuery(static query data 0xfb4c74b5) - code section.
Start address 401000, size 0x169222 bytes, correct result should be 0x7c01c3ef. Recovering the key ..... My brute force code enclosed, the size of the section is 1.6Mb's so very big
(two day - 0x221f83 pass of decryption from 0xffffffff on my P4 2.0GHz) - stopped, trouble.
6 - sproQuery(static query data 0xfba2ee13) - data section.
Start address CE6000, size 0x52000 bytes, correct result should be 0xe87c9b0e. Recovering the key is 0xdacc397f. Data section recovering OK.
Recovering of section was spent at the rate of, that the program is written on VC++ and first four bytes to section of the data is zero.
3. I have trouble with Recovering of code section.
I also read FAQ and all topic's, concerning to Sentinel Key and sproQuery. I not have solution. If anyone have solution, tell me please.
WBR