Did anyone try to find the SLM 7.2 dongle ComputerID Query Algorithm?
 

In the SLM 7.1 the dongle ComputerId had been retrieved by rather simple procedure. Here's small part of the code I use to emulate that explains the proces. In general RNBOsprQuery to cell address 10 with small query/responce tables is used to retrieve two seeds and the ComputerID is just a xor value of those two.
In the SLM 7.2 however this proces is much more evolved. It includes the SLM 7.1 ComputerID code plus four different checks to ensure that the attached dongle is correct one. It rotates HUGE 16-bit query/responce tables, which are encoded by the feature code the SLM is destined to protect, so if the product have several features the size of the emulator code becomes very unpleasant UNLEAST SOME discover what is the ALGORITHM to convert 16-bit query string into 16-bit responce string :(


int vlsGetIdFromDongle710(char *ErrStr, int dwNumDongles, char *lpQueryResp, int dwMaxLen)
{

int SJOB;
char QueryStr60[60];
char ConvRespStr60[60];
char TempStr60[60];
U32 dwResp2;
U32 dwQR;
U32 dwResp;
U32 dwTemp;
U32 RdDataA15;
U32 QueryLen;
int i;
U32 r_eax, r_edi;

if((r_eax = RNBOsproFormatPacket(&SJOB, 0x404)) != OK) {

printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

if(RNBOsproFindFirstUnit(&SJOB, 0x25CF) != OK) {
printf("Error accessing SentinelLM portable server(s). Please make sure one is attached.");
return 0x30;
}

for(i = dwNumDongles; i> 0; i--) {
if(RNBOsproFindNextUnit(&SJOB) != OK) {
printf("Error accessing SentinelLM portable server(s). Please make sure one is attached.");
return 0x30;
}
}


TempStr60[0] = '\0';
strncat(TempStr60, aUbikbalm, 56);

QueryLen = strlen(TempStr60) >> 1;

ConvertQueryStr(TempStr60, QueryStr60);

if((r_eax = RNBOsproQuery(&SJOB, 10, QueryStr60, TempStr60, &dwTemp, QueryLen)) != OK) {
printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

ConvertResponseStr(TempStr60, ConvRespStr60, QueryLen);

sscanf(ConvRespStr60, "%lx", &dwResp);
printf("********* dwResp1 = %lX\n\n", dwResp);

if((r_eax = RNBOsproRead(&SJOB,15,&RdDataA15)) != OK) {
printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

if(((RdDataA15 & 0xFF00) != 0x600) || ((RdDataA15 & 0xFF) != 0)) {
printf("Your SentinelLM portable server has an invalid version (%d.%d). Expected %d.%d.", (RdDataA15 & 0xFF00), (RdDataA15 & 0xFF), 0x600, 0);
return 0x31;
}

TempStr60[0] = '\0';
strncat(TempStr60, ConvRespStr60, 56);
TempStr60[8] = '\0';

QueryLen = strlen(TempStr60) >> 1;

ConvertQueryStr(TempStr60, QueryStr60);

if((r_eax = RNBOsproQuery(&SJOB, 8, QueryStr60, TempStr60, &dwTemp, QueryLen)) != OK) {
printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

ConvertResponseStr(TempStr60, ConvRespStr60, QueryLen);

sscanf(ConvRespStr60, "%lx", &dwResp2);

printf("********* dwResp2 = %lX\n\n", dwResp2);

r_edi = (rand() % 100);

TempStr60[0] = '\0';
strncat(TempStr60, QueryTbl[r_edi], 56);

QueryLen = strlen(TempStr60) >> 1;

ConvertQueryStr(TempStr60, QueryStr60);

if((r_eax = RNBOsproQuery(&SJOB, 8, QueryStr60, TempStr60, &dwTemp, QueryLen)) != OK) {
printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

ConvertResponseStr(TempStr60, ConvRespStr60, QueryLen);

if(strcmp(ConvRespStr60, RespTbl[r_edi]) != 0) {
printf("Bad %s != %s\n", ConvRespStr60, RespTbl[r_edi]);
return 0x32;
}

srand(time(NULL));

r_eax = (rand() << 16);
r_eax |= (rand() & 0xFFFF);
dwQR = r_eax;

doDongleQuery1(0x25CF, 0, &dwQR);

if(dwQR != r_eax) {
printf("doDongleQuery1() returned wrong value\n");
return 0x32;
}

if((r_eax = RNBOsproQuery(&SJOB, 10, QueryStr60, TempStr60, &dwTemp, QueryLen)) != OK) {
printf("Unknown exception (%d) in accessing SentinelLM portable server(s).", r_eax);
return 0x2F;
}

dwResp ^= dwResp2;
printf("********* SLM 7.1.0 ComputerID = dwResp2^dwResp2 = %lX\n\n", dwResp);
sprintf(ConvRespStr60, "%08lx", dwResp);
ConvRespStr60[8] = '\0';

if(strlen(ConvRespStr60) > (U32)dwMaxLen) {
printf("Bad strlen\n");
return 0xFFFFFFFD;
}

strcpy(lpQueryResp, ConvRespStr60);
convert_toupper(lpQueryResp);

return 0;

}

Good way for have dog to TRACE
 

Sometimes no dog no more Crack.
Rainbow Crypt So bt,waste long time to Crypt Str , long time to Decrypt

The problem is not with the tracing. The reconstruction of the query/responce 64-bit values is easy, so the emulation using look-up tables. The real problem lies with the size of this tables :rolleyes: