A trial version of the emulator has a reg file that came with it and has a line that says :

Security"=hex:10,03,D4,07,09,03,D4,07,11,22,33,45 ,07,F7,F8,28


the first dword corresponds to emulator's end of trial version

03 10 D4 07 = 16 march 2004

the second dword corresponds to emulator's start of trial date

03 09 D4 07 = 9 march 2004

the third dword corresponds to dongle id

2211 - as the dongle number
4533 - as the developer id

the last dword F7 07 28 F8 has to be calculated using the algo below for the emulator to work :

dword4=(((dword2+0x459af96c)^(dword1+0x12345678))* (dword3+0x549CDFED))^0x19F65901

following are my understanding to the formula :

dword1 = 03 10 D4 07
dword2 = 03 09 D4 07
dword3 = 22 11 45 33

and

+ operator = binary OR
* operator = binary AND
^ operator = binary NAND

my problem is that, the result of my calculation for dword4 is not equal to F7 07 28 F8

can anybody please tell me where i did the mistake in understanding the formula above?

thanks.

| Сообщение посчитали полезным:

vernon пишет:
dword1 = 03 10 D4 07
dword2 = 03 09 D4 07
dword3 = 22 11 45 33

and

+ operator = binary OR
* operator = binary AND
^ operator = binary NAND

try this:

dword1 = 0x07D40310
dword2 = 0x07D40309
dword3 = 0x45332211
dword4 = 0x28F8F707

and

+ operator = summation
* operator = multiplying
^ operator = XOR

| Сообщение посчитали полезным:

thanks a lot!!! now i was able to have dword4 correctly. more power to this forum and to everybody here.

| Сообщение посчитали полезным:

vernon
You should post in english in http://www.exelab.ru/f/action=vtopic&forum=10&sortBy=0&page=0.html next time.

Archer: the topic was moved to appropriate subforum.

| Сообщение посчитали полезным:

To : HoBleen,

Thank you for the information.


To : All

i was able to calculate the correct dword4 but i still cant make the emulator work since my app still cant detect the hardware.

the emulator came with a reg file with information as follows :

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Emulator\Sentine l\4533\Queries]
"1"=hex:3E,08,47,41,46,55,4B,45,5A,41,42,95,30,8A,96,89,43,29,
"2"=hex:3E,08,4D,4F,44,55,4C,45,30,31,3D,32,5F,7D,09,8E,C1,CA,
"3"=hex:3E,08,4D,4F,44,55,4C,45,30,32,3D,32,5F,7D,A0,F1,3C,A0,
"4"=hex:3E,08,4D,4F,44,55,4C,45,30,33,3D,32,5F,7D,84,E5,7B,0C,
"5"=hex:3E,08,4D,4F,44,55,4C,45,30,34,3D,32,5F,7D,A6,C3,AA,73,
"6"=hex:3E,08,4D,4F,44,55,4C,45,30,35,3D,32,5F,7D,72,C7,84,F3,
"7"=hex:3E,08,4D,4F,44,55,4C,45,30,36,3D,32,5F,7D,60,19,1E,78,
"8"=hex:3E,08,4D,4F,44,55,4C,45,30,37,3D,32,5F,7D,75,3E,58,31,
"9"=hex:3E,08,4D,4F,44,55,4C,45,30,38,3D,32,5F,7D,B3,1F,67,45,
"10"=hex:3E,08,4D,4F,44,55,4C,45,30,39,3D,32,5F,7D,CC,C1,6C,F2,
"11"=hex:3E,08,4D,4F,44,55,4C,45,31,30,3D,32,5F,7D,AF,0F,35,D8,
"12"=hex:3E,08,4D,4F,44,55,4C,45,31,31,3D,32,5F,7D,C0,1C,4A,1C,
"13"=hex:3E,08,4D,4F,44,55,4C,45,31,32,3D,32,5F,7D,5F,9E,82,1D,
"14"=hex:3E,08,4D,4F,44,55,4C,45,31,33,3D,32,5F,7D,DA,C2,63,EF,
"15"=hex:3E,08,4D,4F,44,55,4C,45,31,34,3D,32,5F,7D,EB,E6,01,3E,
"16"=hex:3E,08,4D,4F,44,55,4C,45,31,35,3D,32,5F,7D,C1,30,D6,84,
"17"=hex:3E,08,4D,4F,44,55,4C,45,31,36,3D,32,5F,7D,B8,D4,5B,B3,
"18"=hex:3E,08,4D,4F,44,55,4C,45,31,37,3D,32,5F,7D,58,87,35,87,
"19"=hex:3E,08,4D,4F,44,55,4C,45,31,38,3D,32,5F,7D,4F,ED,39,0E,
"20"=hex:3E,08,4D,4F,44,55,4C,45,31,39,3D,32,5F,7D,FF,28,4A,CB,
"21"=hex:3E,08,4D,4F,44,55,4C,45,32,30,3D,32,5F,7D,4A,8B,E9,A9,
"22"=hex:3E,08,4D,4F,44,55,4C,45,33,31,3D,32,5F,7D,60,CC,E9,8B,
"23"=hex:3E,08,4D,4F,44,55,4C,45,33,32,3D,32,5F,7D,ED,C0,25,2F,
"24"=hex:3E,08,4D,4F,44,55,4C,45,33,33,3D,32,5F,7D,3A,73,2A,18,
"25"=hex:3E,08,4D,4F,44,55,4C,45,33,34,3D,32,5F,7D,13,91,79,B4,
"26"=hex:3E,08,4D,4F,44,55,4C,45,33,35,3D,32,5F,7D,DC,E4,47,FE,
"27"=hex:3E,08,4D,4F,44,55,4C,45,33,36,3D,32,5F,7D,12,14,F0,A9,
"28"=hex:3E,08,4D,4F,44,55,4C,45,33,37,3D,32,5F,7D,F4,D3,B0,7A,
"29"=hex:3E,08,4D,4F,44,55,4C,45,33,38,3D,32,5F,7D,E8,01,72,DA,
"30"=hex:3E,08,4D,4F,44,55,4C,45,33,39,3D,32,5F,7D,F7,ED,3E,57,
"31"=hex:3E,08,4D,4F,44,55,4C,45,34,30,3D,32,5F,7D,6D,1A,60,36,
"32"=hex:3E,08,4D,4F,44,55,4C,45,34,31,3D,32,5F,7D,E7,CC,4E,F3,
"33"=hex:3E,08,4D,4F,44,55,4C,45,34,32,3D,32,5F,7D,3F,29,E0,62,
"34"=hex:3E,08,4D,4F,44,55,4C,45,34,33,3D,32,5F,7D,D6,BA,C2,23,
"35"=hex:3E,08,4D,4F,44,55,4C,45,34,34,3D,32,5F,7D,21,2F,33,11,
"36"=hex:3E,08,4D,4F,44,55,4C,45,34,35,3D,32,5F,7D,22,9B,65,00,
"37"=hex:3E,08,4D,4F,44,55,4C,45,34,36,3D,32,5F,7D,6C,7D,DB,8B,
"38"=hex:3E,08,4D,4F,44,55,4C,45,34,37,3D,32,5F,7D,3C,73,B7,1F,
"39"=hex:3E,08,4D,4F,44,55,4C,45,34,38,3D,32,5F,7D,3C,ED,04,75,
"40"=hex:3E,08,4D,4F,44,55,4C,45,34,39,3D,32,5F,7D,A1,59,C1,B8,
"41"=hex:3E,08,4D,4F,44,55,4C,45,35,30,3D,32,5F,7D,04,5C,66,60,
"42"=hex:3E,08,4D,4F,44,55,4C,45,35,31,3D,32,5F,7D,20,94,51,C7,
"43"=hex:3E,08,4D,4F,44,55,4C,45,35,32,3D,32,5F,7D,B3,8A,41,EA,
"44"=hex:3E,08,4D,4F,44,55,4C,45,35,33,3D,32,5F,7D,54,FA,60,40,
"45"=hex:3E,08,4D,4F,44,55,4C,45,35,34,3D,32,5F,7D,05,30,43,69,
"46"=hex:3E,08,4D,4F,44,55,4C,45,35,35,3D,32,5F,7D,7C,31,61,A1,
"47"=hex:3E,08,50,54,52,43,48,49,4C,49,90,B5,CC,EC,6D,FF,84,D2,
"48"=hex:3E,08,42,4F,54,48,41,4C,49,42,86,02,37,6E,9B,9E,57,BF,
"49"=hex:3E,08,54,52,53,4F,42,4D,57,48,48,45,14,7C,42,8B,6C,51,
"50"=hex:3E,08,52,54,4C,53,56,58,59,5A,44,FC,2B,1E,9E,98,80,FA,
"51"=hex:3E,08,56,43,50,54,41,52,45,50,30,78,D3,BB,CE,64,95,83,
"52"=hex:3E,08,51,41,4B,41,54,49,41,53,17,57,4E,C7,01,BD,35,46,
"53"=hex:3E,08,50,4F,49,59,47,4D,4F,49,66,04,5F,70,5E,C7,95,82,
"54"=hex:3E,08,44,45,46,4A,4F,49,52,45,7E,E2,84,F0,F5,F3,7D,CA,
"55"=hex:3E,08,4E,55,4D,53,45,50,56,4C,A4,3C,FC,1C,A3,12,93,A8,

as i understand from "1" above,

cell3E holds "47,41,46,55,4B,45,5A,41" as query from app and dongle will respond using cell08 with "42,95,30,8A,96,89,43,29,"

was i able to understand the syntax correctly or can somebody explain to me properly?

thank you.

| Сообщение посчитали полезным:

"55"=hex:3E,08,4E,55,4D,53,45,50,56,4C,A4,3C,FC,1C,A3,12,93,A8,

hex:3E - cell number
08 - query len
4E,55,4D,53,45,50,56,4C - query
A4,3C,FC,1C,A3,12,93,A8 - response

br

-----
...или ты работаешь хорошо, или ты работаешь много...

| Сообщение посчитали полезным:

thanks to everyone who has help me with the problem. following all the instructions and explanations, i still can't use this emulator. the app i am using it with still cant detect the hardware key. when i am running emuinst it say something like "cant get a handle on \.\sentemul". My OS is winXP.

the installation program overwrites the original sentinel.sys

I understand that sentemul.sys will replace the function of sentinel.sys since on the emustart it is written"
net stop sentinel
net start sentemul


thank you very much for replying thereby helping me with my problem. more power to you all.

| Сообщение посчитали полезным:

vernon, show you dump for making .ssp file...

-----
...или ты работаешь хорошо, или ты работаешь много...

| Сообщение посчитали полезным:

i dont have a dump file for the dongle. all i have is what toro's sentinel monitor 1.7 has been able to capture while loading the program and during its operation but i believe that i was able to capture the complete query-response pair for it. will there be any way for me to be able to use a non-table based emulator? I prefer to use this emulator and then later on be able to make a dng file from it. are my targets doable?

| Сообщение посчитали полезным:

PREVX says :

BEWARE!!!!!!!!!!!

The most common objects with the name of SENTEMUL.SYS have yet to be classified as safe by our research department.

The filename SENTEMUL.SYS was first seen on Oct 23 2007 in SPAIN. It has also been seen in the following geographical regions of the Prevx community:

* The UNITED STATES on Oct 23 2007
* The EUROPEAN UNION on Dec 17 2007

The filename SENTEMUL.SYS refers to many versions of an object.

The most common file size is 107,008 bytes. But the following file size has also been seen:

* 180,480 bytes

These files have no vendor, product or version information specified in the file header.

SENTEMUL.SYS has been seen to perform the following behavior(s):
SENTEMUL.SYS has been the subject of the following behavior(s):

* Created as a new Background Service on the machine

SENTEMUL.SYS can also use the following file name:

* 21351075.SYS

| Сообщение посчитали полезным:

vernon
hmm. no quite got you. some antivirus company says that a file without version info is most likely malicious s/w?
or someone uses sentemu.sys file name for his rootkit?

| Сообщение посчитали полезным:

check the attached file. i believe i was able to download it but it is not sentEMUL.sys but rather sentEmu.sys.

i was able to download sentEMUL2004 and i was surprised that the above method in computing the security is no longer valid. i stopped working with sentEMUL2003 because i dont think i have the original driver as i cant get it to load. when i run Insdrv from the batch file, it says : "can't get a handle on \ sentEmul " can somebody help me out with sentEMUL2004.

SentEmul2003
Security"=hex:10,03,D4,07,09,03,D4,07,11,22,33,45 ,07,F7,F8,28

SentEmul2004
Security"=hex:10,03,D4,07,09,03,D4,07,11,22,33,45 ,XX,xx,Xx,xX


Samples working Security Key

"Security"=hex:BB,AA,D0,07,BB,AA,D0,07,6A,7B,36,6E,76,33,74,C2
"Security"=hex:BB,AA,D0,07,BB,AA,D0,07,BF,76,72,61,21,B6,2C,3B

PLEASE share the algo to compute for XX,xx,Xx,xX

Thank you


5ea6_21.01.2008_CRACKLAB.rU.tgz - sentemu.sys

| Сообщение посчитали полезным: