; Sentinel envelope cracker/Easy
; by MeteO (meteo@null.net)
; Created 23:56 22.02.2002 (dedicated to MGD)
; Reworked 04:26 09.02.2003 (MGD - fuffyou, DNA - cool)
;
;

P386

MODEL FLAT, StdCall

EXTRN ExitProcess: PROC
;
DATASEG
dwSeed dd 0h ; Current Seed code
;-------------------------------------------------------------------------
; Store here original bytes of encrypted by Sentinel DataEnvelope section bytes
;
OriginalBytes label dword
;db 046h,0aeh,0d8h,0d0h ; .data RATING.EXE
db 0E7h,03Ah,0FFh,069h ; Intermech licsrv .data
;-------------------------------------------------------------------------
; Store here requred section bytes
;
EncryptedBytes label dword
;db 004h,010h,040h,000h ; Delphi startup .code
db 032h,013h,08bh,0c0h ; Delphi startup .data
;-------------------------------------------------------------------------
.code
Main:

@@total_l:
mov ecx, dwSeed

mov eax, [EncryptedBytes]
mov edx, [OriginalBytes]
@@loop1st:
inc ecx

or ecx, ecx
jz @@done

push ecx ; Save it
push eax

; Easy decrypt
mov edi, ecx
mov ebx, ecx ; 20 EBX:=seed
shl ecx, 4 ; 30
shl ebx, 5 ; 40
add ecx, edi ; 50
shr ecx, 9 ; 60
xor ecx, ebx ; 70
add edi, ecx ; 80
xor eax, edi ;100

; push eax edx
; and eax, 0ffffffh
; and edx, 0ffffffh

cmp eax, edx ; only 4 bytes compare
; pop edx eax

pop eax
pop ecx
jne @@loop1st
xor eax, eax
cdq
xor ebx, ebx
; [Stop here!]------------------------------------------------------------
; On stop here ecx contain
; true value of ssPro Query
int 3
@@done:
push 0
call ExitProcess

END Main

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)