MA700C
April 9th, 2006, 05:59
A while back, I used the old tutorials posted by CrackZ and others to crack an old Sentinel SuperPro protected program I had. I had the dongle for the program to compare against, so this wasn't much of a challenge. I mainly was interested in using it as a vehicle for learning how to crack a dongle protected program. I now want to try the same thing from the other end. I want to try using this same program to learn what is going on inside the dongle. I'm hoping someone can evaluate my strategy for investigating the dongle protocol and comment on whether they feel my method is logical, or if I'm going the "long way around the barn".
The program is an old application from about year 2000 and uses the Sentinel driver version 5.38. The dongle is the USB version and so uses the SNTNLUSB driver of the same version. I'm using Ida to step through the program and using SoftIce to handle the drivers. I previously had used Ida on the drivers to create as much of a map as I could. I'm also using a USB bus analyzer to observe the packets going to and from the dongle.
What I am finding is that Sentinel is using a series of vendor defined requests to handle each of its API calls. For example, the FindFirstUnit call results in seven sets of USB packets being transferred to the dongle and then retrieving results. Each packet, of course, consists of 8 data bytes being sent either to or read from the dongle. At this point, however, I have not been able to equate the data contents of the packets to the FindFirstUnit call returning success. Each successive call to FindFirstUnit results in a new set of data being transferred to the dongle (are they being hashed by the current system clock?).
Can someone comment on my strategy of trying to map the various Sentinel API calls to the actual data being sent back and forth to the dongle? Is what I'm seeing consistent with what others have seen with the lower level protocol that Sentinel has developed? If anyone is interested, I can send the various code segments that result in the data transferred. At this point, however, I can't see how this code results in the set of data bytes that are being sent back and forth and this is what I'm tryingt o discover.
Again, I not trying to crack the program, I've already done that. Now I'm trying to learn a little about the inner workings of the drivers and the dongle itself. I chose this program even though it is pretty old since I'm hoping the older driver/dongle will be a bit simpler than the newer devices. Also, since we aren't using the program any more, if I screw up the dongle itself, it is no problem.
Thanks in advance for any assistance anyone can give.
MA700C
The program is an old application from about year 2000 and uses the Sentinel driver version 5.38. The dongle is the USB version and so uses the SNTNLUSB driver of the same version. I'm using Ida to step through the program and using SoftIce to handle the drivers. I previously had used Ida on the drivers to create as much of a map as I could. I'm also using a USB bus analyzer to observe the packets going to and from the dongle.
What I am finding is that Sentinel is using a series of vendor defined requests to handle each of its API calls. For example, the FindFirstUnit call results in seven sets of USB packets being transferred to the dongle and then retrieving results. Each packet, of course, consists of 8 data bytes being sent either to or read from the dongle. At this point, however, I have not been able to equate the data contents of the packets to the FindFirstUnit call returning success. Each successive call to FindFirstUnit results in a new set of data being transferred to the dongle (are they being hashed by the current system clock?).
Can someone comment on my strategy of trying to map the various Sentinel API calls to the actual data being sent back and forth to the dongle? Is what I'm seeing consistent with what others have seen with the lower level protocol that Sentinel has developed? If anyone is interested, I can send the various code segments that result in the data transferred. At this point, however, I can't see how this code results in the set of data bytes that are being sent back and forth and this is what I'm tryingt o discover.
Again, I not trying to crack the program, I've already done that. Now I'm trying to learn a little about the inner workings of the drivers and the dongle itself. I chose this program even though it is pretty old since I'm hoping the older driver/dongle will be a bit simpler than the newer devices. Also, since we aren't using the program any more, if I screw up the dongle itself, it is no problem.
Thanks in advance for any assistance anyone can give.
MA700C