我今天模拟一个UltraPro的狗以下是DUMP出来的LOG

GET_KEYINFO | 0002 9003 |
-------------------------
------------------------------------------------------------
|cell|      FN 10       |        FN 11      || DATA |celltype|
------------------------------------------------------------
| 00 | 38 00 D95F 0000  |  FC 00 F91F 657F  || 5FD9 |   01   |
| 01 | E7 00 5790 0000  |  87 00 8267 5D41  || 9057 |   01   |
| 02 | 02 01 0100 0000  |  04 01 0000 0300  || 0000 |   03   |
| 03 | 02 01 0100 0000  |  04 01 0000 0300  || 0000 |   03   |
| 04 | 02 01 0100 0000  |  04 01 0000 0300  || 0000 |   03   |
| 05 | 00 00 0000 0000  |  3E 00 003D 0100  || 0000 |   01   |
| 06 | 02 01 0100 0000  |  04 01 0000 0300  || 0000 |   03   |
| 07 | 11 00 1100 0000  |  FA 00 00B5 4500  || 0011 |   01   |
| 08 | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 09 | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 0A | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 0B | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 0C | 00 00 0000 0000  |  B8 00 00B8 0000  || 0000 |   00   |
| 0D | 00 00 0000 0000  |  38 00 0038 0000  || 0000 |   00   |
| 0E | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 0F | 02 01 0100 0000  |  08 01 0000 0700  || 0001 |   03   |
| 10 | 1F 00 001F 0000  |  E4 00 F870 007C  || 1F00 |   00   |
| 11 | 00 00 0000 0000  |  00 00 0000 0000  || 0000 |   00   |
| 12 | 00 00 0000 0000  |  8F 00 008F 0000  || 0000 |   00   |
..................................

以下是官方的使用说明
*** SENTINEL **********************************************

... MultiKey\Dumps\0000xxxx] - xxxx - Developer ID

"Type" = dword: 00000000 - model, 0-SuperPro, 1-all other types;
"SntMemory" = hex: - memory for "Type" = 0 - 64 cell, for "Type" = 1, depending on the type of key
"CellType" = hex: - types of cells, and for "Type" = 0 - 64 bytes for the "Type" = 1, depending on the type of key
"Type" = 0 - full internal algorithm to spro, reg-file old-fashioned
"Type" = 1 - only a table emulation for all types of keys in the reg file to add new fields:
"Option" = hex: 02,00,03,80,7F,00,00,00 (for example SPRO with the support of AEC-tunnel)
where: [0 ]...[ 3] - the value type of key, we get functions, the GET_KEYINFO
[4] - the value of a physically readable memory key, usually 7F or FF
[5]...[7] - reserve
"AesKey" = hex: 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 - aes key for AES-tunnel (so far, so get out prog)

Spro default dump the old regime ("Type" = 0).
Table format:
... MultiKey\Dumps\0000xxxx\cell_yy] - yy - number of the cell, for which the table for every Sell your table
"12345678" = hex: 22,33,44,55
"1122334455667788" = hex: 11,12,13,14,15,16,17,18
"11223344556677888877665544332211" = hex: 88,77,66,55,44,33,22,11,11,22,33,44,55,66,77,88

我想问一下"AesKey"的值和cell_yy下的值 是怎样得到的。

[课程]Linux pwn 探索篇！