I have one software with three functions which is protected by each dongle with the same ID (3BDC for example) but having different Algo in "sntMemory" as listed below
function1:
"sntMemory"=hex:6C,11,DC,3B,51,6E,00,00,08,00,00,00,E7,CA,00, 00,B7,C1,C2,E0,00,00,00,00,6C,10,00,60,00,00,00,00 ,\...

function2:
"sntMemory"=hex:6C,11,DC,3B,51,6E,00,00,08,00,00,00,E7,CA,00, 00,B7,C1,C2,E0,00,00,00,00,6C,03,00,00,00,00,00,00 ,\...

function3:
"sntMemory"=hex:55,11,DC,3B,00,00,00,00,51,6E,01,00,E7,CA,00, 00,B7,C1,C2,E0,00,00,00,00,75,11,00,80,00,00,00,00 ,\...

Anyboby can share some experience to emulate with VUSBSentinel to use at the same time?

Sentinel Dongle contain wich memory ?

how u have read that bit's ?

Excuse me, but this seems like a good opportunity to disseminate a little knowledge about Sentinel Superpro.

Putting the data into tables so we can see it clearly :

Cell F1 F2 F3
00 116C 116C 1155
01 3BDC 3BDC 3BDC
02 6E51 6E51 0000
03 0000 0000 0000
04 0008 0008 6E51
05 0000 0000 0001
06 CAE7 CAE7 CAE7
07 0000 0000 0000
08 C1B7 C1B7 C1B7
09 E0C2 E0C2 E0C2
0A 0000 0000 0000
0B 0000 0000 0000
0C 106C 036C 1175
0D 6000 0000 8000
0E 0000 0000 0000
0F 0000 0000 0000

The first 8 cells (00 to 07 inclusive) do not contain Algos or other data. They have specific values. Cell 00 is the serial number of the dongle which is 0x116C for the first two cases and 0x1155 for the last. Cell 01 contains the Developer ID which identifies the software manufacturer, 0x3BDC in all three of your cases.

In an emulator (as opposed to a real dongle) cells 02 and 03 usually get used for Overwrite Password 1 and Overwrite Password 2, but they are often just ignored. What usually happens is that the Write Password gets (wrongly) put in cell 02 because the PVA dump format holds it there and it just gets carried over. Ignore cells 02 and 03.

Cell 04 holds the Write Password (WP). It looks like your third case correctly has 0x6E51 and the first and second case have 0x0008 which I think is probably garbage.

Cells 05 and 07 can be ignored. Cells 06 holds a very important number which is used for calculating algorithms. 0xCAE7 in all 3 of your cases.

The real dongle data, including algorithm descriptors, counters, data, passwords, etc, is held in cells 08 to 3F. Algorithm descriptors are 2 cells long (4 bytes) and correspond with the CellType value for that cell being 3. Counters are 1 cell long and have 2 in the CellType array. Standard data ius usually 1 cell long and has a 1 (Read Only) or a 0 (Read-Write) in the CellType array. It gets more complicated with counter protected algorithms and password protected algorithms, but if you want to know more find the SDK docs and read them.

In your case it looks like Cell 0C may be an Algorithm cell with Descriptor 0xE0C2C1B7. (note the cells are reversed, just like the byte positions are reversed). The corresponding CellType entry will confirm it if it is 03.

Your Descriptor 0xE0C2C1B7 can tell you several things about the ALgorithm at that cell. Look at the most significant digit, which is 0xE, which is 1110 in binary. Let's call those bits 4321.

If bit 4 is not a 1 then either the cell is not an Algo cell, or the Algo is Inactive.

If bit 3 is a 1 then it is an Enhanced Algo. If it is 0, then it is a Simple Algo.

So, as long as the CellType is 3, a descriptor of 0xE0C2C1B7 tells you that the Algorithm at that cell is Enhanced and Active.

The nexts cells that have data are 0C and 0D. Looks very unlikely that there is an Algo there (again, check CellType for that cell). If not Algos, then the cells are data. Seems very likely this is the case as you have three different lots of data for the three different dongle functions. The aim then immediately becomes to find out the relationship between the data and the corresponding enabled functions, with an aim to putting the magic data in 0C and 0D that enables *all* functions.

The way I would proceed would be to reverse engineer the software in IDA. I would apply a Sentinel signature and find out where the software is reading cells 0C and 0D and what it is doing with the data.

If you can send me the full 3 reg files and dumps if you have them, and some info on the software, I'll see if I can help.

Git

I have one software with three functions which is protected by each dongle with the same ID (3BDC for example) but having different Algo in "sntMemory" as listed below
...
Anyboby can share some experience to emulate with VUSBSentinel to use at the same time?
Unfortunately, it is unclear, work(or don't work) your SW with the three hw-keys simultaneously?
if it's work fine, then you can simply edit your 3 regs. as example (for ru-board VBUS sentemu):
first key:
[HKEY_LOCAL_MACHINE\...\ru-board\mulators\Dump\11110000] (it doesn't matter)
"sntMemory"=hex:6C,11,DC,3B,51,6E,00,00,08,00,00,0 0,E7,CA,00,00,B7,C1,C2,E0,00,00,00,00,6C,10,00,60, 00,00,00,00,\...
second key:
[HKEY_LOCAL_MACHINE\...\ru-board\mulators\Dump\22220000]
"sntMemory"=hex:6C,11,DC,3B,51,6E,00,00,08,00,00,0 0,E7,CA,00,00,B7,C1,C2,E0,00,00,00,00,6C,03,00,00, 00,00,00,00,\...
third key:
[HKEY_LOCAL_MACHINE\...\ru-board\mulators\Dump\33330000]
"sntMemory"=hex:55,11,DC,3B,00,00,00,00,51,6E,01,0 0,E7,CA,00,00,B7,C1,C2,E0,00,00,00,00,75,11,00,80, 00,00,00,00,\...
if it's not working, one way - analysis (dumps & program)

Gamebit - that would not work. Sentinel works by Developer ID, and they are all the same. If the emulator allowed it (it doesn't/shouldn't) the application software issues a FindFirstUnit(developer_id) command and expects an answer from one dongle.

Git

Gamebit - that would not work. Sentinel works by Developer ID, and they are all the same. If the emulator allowed it (it doesn't/shouldn't) the application software issues a FindFirstUnit(developer_id) command and expects an answer from one dongle.

Git

Git you are correct, Gamebit method doesn't work. Please see PM for ssp files. you can convert them into reg by using Uni2Reg.

I WAS COMPELETLY RIGHT GOOGLE IT IF YOU CANT EVEN READ POSTS HERE

LOOOOOOOL @GIT >>EVEN HE DID NOT READ YOUR POST

LOOK WHAT HE IS TELLING YOU

Please see PM for ssp files. you can convert them into reg by using Uni2Reg.

Gamebit - that would not work. Sentinel works by Developer ID, and they are all the same. If the emulator allowed it (it doesn't/shouldn't) the application software issues a FindFirstUnit(developer_id) command and expects an answer from one dongle.
Git
You forgot about FindNextUnit funk. i've seen progs which works correctly with several keys(one DevID). so, i think "(it does/should)"
If you want, i'll try find time and prove it to you(PM).
Git you are correct, Gamebit method doesn't work which one? this one if it's work fine, then you can simply edit your 3 regs... or this if it's not working, one way - analysis... :)
please, read carefully.
ps and no need to distort my nickname. i also know how to do it. :)
regards

@gamebit0 : I'm so sorry to mention like that. Please forgive me.
It is my fault.
I have to use it individual.