Hello people,

Ive been working with this protection for a bit, and ive gotten my target to run when i apply some memory patches, however it would be nice to dump the decrypted cdilla protected executable, or patch in some sort of crack (IAT hooking i was thinking about on the date checks).. Has anyone worked on this? Is there a way to dump the executable somewhat easily or does it require some cracking inside the cdilla decryption drivers?

Anyone been looking at the Cdilla auth. code system? it seems not too advanced, maybe 100-120 lines of asm code. But i am not sure.

I'll be interested in any information i can get. Thanks

I had Lotus Notes 5 30 day trial in 1999
and it's still running

Just keep tracing and you'll get to the decrypted
exe eventually. I'll try and find my reference notes and see what I did. Can't remember just now.
I don't think there are any tuts etc on this C-Dilla
LM system. Only game CD protection cdilla and R!sc has that one well covered.

+SplAj

Would be nice if you could give some more info on how to spot the entry point of newly decrypted exe. And yes the Cdilla-LM (also known as SafeCast-LM should be looked more into :-).

Anyone else ?

3dstudio max beta4 also now uses cdilla-lm,can anyone tell me if it writes any data to the mbr.
ive reformated,clean os install,and it still knows its been on before.

are you guys using sice with any anti detection?
does ti write tags anywhere else

any info ?
manny thnxs

The trick is to kill it before it triggers the datecheck is over

- I tried too with fdisc /mbr and still it knows, donno how exactly though. But i beleave you can still reauthorize 3dsmax 4 beta even though its expired, i succeded to make a keygen for it, and it will still run if it has a valid cdilla keyfile, so i dont think it uses any encryption it must just be dumped before it expires. or in memory patched before the end check and dumped. problem is really fixing the crc, i struggled for a long time to do that, and i did not really succeed (the keyframe controls were still frozen etc)..

Good luck! (ps. check ereg.dll)

Hi Cast

Good news and bad news.... Found the Lotus Notes 5 trial CD. 45 days not 30 day trial (generous Lotus).
C-Dilla LMS is version 3.18.000. I cracked (?) it in January 2000 with SI & ProcDump 1.6 (the last from G-Rom) .
Thats the good news. Bad news is I can't get it to work
to try again even after setting my clock back to early 2000, and re-installing. Could not figure out what it checks with RegMon/FileMon etc ... pretty embarrasing

The notes I have are that the REAL exe is the same name as the CD-LMS (Safecast) checking program ie NLNOTES.EXE = NLNOTES.CSX (the csx is the real un/encrypted exe) I got to it through BPX CreateProcess after the TRY button was clicked. ....I was in a cdillaXX.dll then cda01aa.dll . I think. Just kept tracing with F10/F8 and eventually got there. I must have just been lucky to land on the OEiP as I was a 'newbie' at unpacking a year ago.
............and still am as we all are

I'll carry on trying to figure out how it knows
that it's been on my HD before ...... This is really P me off.

+SplAj