Hey

I have a program, that is dongle protected. The problem is, the dongle (Sentinel ????, surface cleaned) is death. No read out with the Tools in the Web. The company , what programmed the software doesn't exist anymore.
The software runs on DOS. The Software doesnt run under NT, but it run under DOS in a VMware. I have try it to crack, but i found out, that i am not very good at DOS Tragets. I have make my homeworks !
Could somebody help me ??





PS.: Could I talk about the target?? (There are no copyrights anymore) If I could talk i load the target up.

no you can't upload the target here and you did not do your homework

I did my Homework.

The Problem is, i dont find the Dongle check..




(I could upload it to Rapidshare)

YOU MAY NOT UPLOAD THE TARGET HERE AND MAY NOT POST A LINK TO IT HERE!!

If you spent ANY time reading the FAQ and/or Threads in these Forums, you would already know this. These things may ONLY be discussed in Private Messages, if interested people contact you.

What information you exchange PRIVATELY is YOUR business. What you post HERE is OUR business and you WILL follow OUR Rules of pay the consequences.

NOW GO READ THE FAQ !!!!!!

Regards,

I used to do a LOT of DOS Sentinel apps. They can be easy, or they can be hard. I'd bet it's an old Sentinel Pro dongle. They worked by sending a string of characters to the dongle, which returned a 16 bit value. Run the program through IDA, and search for references to port 378, typically an OUT to 378h. This will help you to identify the routine that talks to the dongle. Typically this routine returns the result in AX. If the programmers were idiots, (and I've seen more than my share of them!), then they immediately compare ax to the value they were looking for to return there, and branch to "bad boy" place if it doesn't match. If that's the case, then you just need to look at the "Sentinel Communications Routine", and see where it's called from, and patch up each of those checks. Now, if it's encrypted, or they store the return value in memory, and muck with it later, then it'll take a little bit more effort, but it's NOT impossible.

I've been dealing with one of those lately.

If you want to work it with a debugger:

Install either DOS or win95 in a VM

Install the 16 bit version of SoftIce that is included in later packages.
Install your app, run without dongle.

Learn the concepts of segmented memory, short calls and long calls, long jumps and short jumps

BPIO 378


trace