Results 1 to 6 of 6

Thread: C-Dilla LM

  1. #1
    Cast
    Guest

    C-Dilla LM

    Hello people,

    Ive been working with this protection for a bit, and ive gotten my target to run when i apply some memory patches, however it would be nice to dump the decrypted cdilla protected executable, or patch in some sort of crack (IAT hooking i was thinking about on the date checks).. Has anyone worked on this? Is there a way to dump the executable somewhat easily or does it require some cracking inside the cdilla decryption drivers?

    Anyone been looking at the Cdilla auth. code system? it seems not too advanced, maybe 100-120 lines of asm code. But i am not sure.

    I'll be interested in any information i can get. Thanks
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    my new hair style :) +SplAj's Avatar
    Join Date
    Feb 2001
    Location
    Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria
    Posts
    373
    I had Lotus Notes 5 30 day trial in 1999
    and it's still running

    Just keep tracing and you'll get to the decrypted
    exe eventually. I'll try and find my reference notes and see what I did. Can't remember just now.
    I don't think there are any tuts etc on this C-Dilla
    LM system. Only game CD protection cdilla and R!sc has that one well covered.

    +SplAj

  3. #3
    Cast
    Guest
    Would be nice if you could give some more info on how to spot the entry point of newly decrypted exe. And yes the Cdilla-LM (also known as SafeCast-LM should be looked more into :-).

    Anyone else ?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    templeofborg
    Guest
    3dstudio max beta4 also now uses cdilla-lm,can anyone tell me if it writes any data to the mbr.
    ive reformated,clean os install,and it still knows its been on before.

    are you guys using sice with any anti detection?
    does ti write tags anywhere else

    any info ?
    manny thnxs
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Cast
    Guest
    The trick is to kill it before it triggers the datecheck is over

    - I tried too with fdisc /mbr and still it knows, donno how exactly though. But i beleave you can still reauthorize 3dsmax 4 beta even though its expired, i succeded to make a keygen for it, and it will still run if it has a valid cdilla keyfile, so i dont think it uses any encryption it must just be dumped before it expires. or in memory patched before the end check and dumped. problem is really fixing the crc, i struggled for a long time to do that, and i did not really succeed (the keyframe controls were still frozen etc)..

    Good luck! (ps. check ereg.dll)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    my new hair style :) +SplAj's Avatar
    Join Date
    Feb 2001
    Location
    Afghanistan, Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria
    Posts
    373
    Hi Cast

    Good news and bad news.... Found the Lotus Notes 5 trial CD. 45 days not 30 day trial (generous Lotus).
    C-Dilla LMS is version 3.18.000. I cracked (?) it in January 2000 with SI & ProcDump 1.6 (the last from G-Rom) .
    Thats the good news. Bad news is I can't get it to work
    to try again even after setting my clock back to early 2000, and re-installing. Could not figure out what it checks with RegMon/FileMon etc ... pretty embarrasing

    The notes I have are that the REAL exe is the same name as the CD-LMS (Safecast) checking program ie NLNOTES.EXE = NLNOTES.CSX (the csx is the real un/encrypted exe) I got to it through BPX CreateProcess after the TRY button was clicked. ....I was in a cdillaXX.dll then cda01aa.dll . I think. Just kept tracing with F10/F8 and eventually got there. I must have just been lucky to land on the OEiP as I was a 'newbie' at unpacking a year ago.
    ............and still am as we all are

    I'll carry on trying to figure out how it knows
    that it's been on my HD before ...... This is really P me off.

    +SplAj

Similar Threads

  1. [Question] About C-Dilla SafeCast. Help!
    By mikelong in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: August 25th, 2003, 01:57
  2. New C-Dilla?
    By Sphinx in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: July 28th, 2001, 15:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •