Results 1 to 5 of 5

Thread: [Question] About C-Dilla SafeCast. Help!

  1. #1
    mikelong
    Guest

    [Question] About C-Dilla SafeCast. Help!

    I`m trying to reverse c-dilla safecast these days. But the protecting system is so strong that I can`t even reset its installation time.
    The size of the execution file is 8M. When executed for the first time, it will extract more than 10 files: CDAC11BA.EXE, CdaC13BA.EXE, CdaC14BA.DLL, CdaC15BA.sys, cdilla52.dll, IDE.csa, S0010409.cfg, Shell001.dll( version 2.11.60.0 ), drvmgt.dll, ~efe2.tmp, ~df394b.tmp, ~de7492.tmp, etc. (In fact, the tmp files are dll) then it`ll start a service named C-DillaCdaC11BA, and put a hidden dat file in C:\C_DILLA\SafeCast Product Licences\. Further more, the service will read sector 0 of physical_drive_0 and read/write the sector at the offset 4000h of physical_drive_0.
    As to clear its installation flag, I deleted all(not sure) the relative key value in registry, renamed the .dat file in C:\C_DILLA\SafeCast Product Licences\, but how should I clear the flags at the offset 4000h sector of physical_drive_0?
    Is there anyone experienced in c-dilla safecast protection system?
    Could you tell me some info about how the protection system works?
    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    licenses stored in hidden directory c:\cdilla
    delete it
    license stored on sector 3xh of the hard disk (the first hard disk i think .. it was c:\ for me)
    erase the sector to all zeros (use a program like hex workshop to do it).. backup the sector before hand (on my pc it was sector 31h)
    if it worked the time will be reset , if it doesnt work, restore the sector data you blanked and try erasing the next sector (you only have 9 max to do).. trial and error

    from there you should have enough time to dump it and rebuild the imports (very similar method to safedisc2.. not surprising tho)

    risc did a tool for an earlier version of safecast, you sould try checking that as well

    have fun

  3. #3
    mikelong
    Guest

    just erase that sector?

    I don`t know what is stored on that sector before I install the prog.
    Does safecast search for an unused sector to store license?
    I`m not familiar with the disk format, so I wonder if I erase that sector, there may be something important to my system lost.
    Thank you very much for your info.
    Any more about the tool of risc? No result at google
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    the sector is typically all zeros (thats why cdilla use it)

    as for riscs tool, try searching for his safedisc suite, inside that is his safecast tool.. try looking harder

    and like i said, backup the sector, so that you wont lose anything

  5. #5
    mikelong
    Guest
    Yes, the installation flags are cleared. Thanks!
    still several entries of IAT not fixed.
    searching the riscs suite harderly
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. SDK for C-dilla SafeCast.
    By Andy in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: January 15th, 2004, 13:11
  2. Unpacking SafeCast [Help]
    By TheBlock in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: November 4th, 2001, 22:11
  3. Unpacking SafeCast [Help]
    By TheBlock in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: November 4th, 2001, 21:56
  4. New C-Dilla?
    By Sphinx in forum Malware Analysis and Unpacking Forum
    Replies: 7
    Last Post: July 28th, 2001, 15:01
  5. C-Dilla LM
    By Cast in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: January 14th, 2001, 06:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •