Originally Posted by
gokilaravee
thanks to zhongtiany:
Author: zhongtiany
Software Name: Sentinel RMS
Software Category: Business Protection class
Software Description: Sentinel RMS lic production
Tools: lsdecode Sentinel 8.2.2; ollydbg1.10; SentinelLM SDK8.0.6; moZfet SentinelLM tools; TORO Sentinel SuperPro Emulator1.7; UltraEdit.
I found the forum a lot of people are looking for SentinelLM 8.0 or later lic production methods, wlscgen8.0 more difficult to find to the dog version, is definitely yes, but we are not willing to share out. Last week, tossing a few days, and finally use a different method - were successfully simulated dog produced lic, are summed up and share. We hope you can express their opinions, share their harvest.
Summarized in the Sentinel LM lic production of reference 1: The asterisk at the beginning of the license string is version 8.0 and above, must SentinelLM SDK 8.0 or later wlscgen.exe production, this paper SentinelLM SDK 8.0 and 8.2 versions of the production lic .
1, find the VendorID, Feature name and other information.
(1) easy way: condition that has been the county seat of lic, according Demo License tool lsdecode Sentinel 8.2.2 (a SentinelLM license file decoding tools) calculate the Vendor ID, Vendor Info, Feature, and more.
Usage is: will lservrc file test to lsdecode Sentinel 8.2.2 directory;
Loaded with ollydbg lsdecode.exe, press Ctr + G to find the address below, and set breakpoints, and then find the relevant information, in relevant part: (only for 7.x-8.2 Sentinel licenses)
vendor code: 00422460 (EAX)
vendor info: 00423A60 (ECX ASCII)
Feature Name: 00423988 (ECX ASCII)
7 secrets: 00409CF7 (EAX ASCII)
Client lock Code: 00423906
Feature version: 004239DD
(2) using ollydbg debugging method: After installing the target software to run ollydbg, loading the main program. After loading the godup with ollydbg1.10 plug (used to load sentinellm ida sig) take the corresponding sig file and dumsig.exe file (dumsig.exe in godup plug directory). Right "View" module, click and enter lsapiw32.dll module; Right "View" all refer to the text string ": search"% s error: Illegal vendor identification ", the string is located within computevendorcode subroutine, the subroutine is called vendor id, set a breakpoint in its return to office. press F9 to run programs, to the break at the breakpoint, look at the contents of eax, namely VendorID. but also can be seen in the stack Feature name.
2, get their needs wlscgen.exe (which contain their own Vendor ID required information):
(1) get the serial number SentinelLM SDK installation: in dos run moZfet SentinelLM tools in slmkeys.EXE, get an all VendorID SDK SNs on the use of the database SLMKEYS.DAT file, this process rather long time; then moZfet SentinelLM tools in SLMtoolkit.exe-brute forte the SDK SN, according to VendorID generated SDK SN (2) using the generated SDK SN install SentinelLM SDK, you can get their needs wlscgen.exe.
3, enable the simulation of a dog TORO Sentinel SuperPro Emulator1.7 (see annex):
(1) with UltraEdit-32 modified sample RegFile directory A870.TORO, such changes: the offset address 0x000060h Department 70 0A (default VID is 0x0A70) modified for your VID (example: if your VID is ABCD, then the need to A870.TORO the VID to CDAB);
(2) copy the dll files in the folder and modify the VID two dll files after A870.TORO, a total of three files to C: \ WINDOWS \ system32 directory;
(3) Run Service directory install.bat, install analog dog.
4, run wlscgen 8.0.6 and production lic.
Note: This method is suitable for Sentinel sdk 7.3-8.1;
For the 8.0.6 version, without modifying the simulation of a dog in the VID, wlscgen the same can also generate lic, lic of VID depends only on the wlscgen.exe the VID.
About Sentinel sdk 8.2
Since the current Internet can not find the Sentinel sdk 8.2 and above, but can be found wlscgen8.2 version. Wlscgen8.2 need to modify the Vendor ID, use the TORO DSF USB EMULATOR analog dog, with pva dumper3.3 generated. Dmp file, and then use dmp2mkey2.3 the dmp file into. Reg file, then modify write password and the Vendor ID, MultiKey 18.2.X in accordance with examples of changed a bit. reg format which:
If mkey 18.2.x simulation, need to modify this reg file:
"CellType" = hex: \
01,01,03,03,03,01,03,01, \
If mkey 18.0.x simulation, need to modify this reg file:
"CellType" = hex: \
01,01,03,03,03,03,03,03, \
Modify write password is as follows:
"SntMemory" = hex: \
9A, 01,70, A8, 7A, 07,00,00, C8, 34,00,00, CA, 70,00,00, \
... ...
Thanks: 
sentinel LM investigation by zhongtiany.
Bookmarks