01 Mar

March update of unpackers

Enigma VirtualBox unpacker

  • Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory
  • PE header size was calculated incorrectly in some cases
  • TLS directory was not detected correctly for some files

Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.

Molebox VS unpacker

  • Added support for a very old version on Molebox VS, as reported by death

The fix was actually implemented a long time ago, I just didn't make the announcement.

13 Feb

uBlock silently enables Acceptable Ads for everyone

Few days ago I started seeing ads on ebay. Weird.. confused I blocked the ad manually and forgot about it. The next time I visited ebay, the ad was showing again. I blocked it again. Third time.. Yes, you guessed right, the ad was back. So, I started to investigate why my filter rule was not working.

Few minutes later, the culprit was found:

This rule disables all cosmetic filters for eBay. But where does it come from?

I went to examine my filter lists. And then I went into full WTF mode:

Why the fuck I have "Acceptable Ads" list enabled?
Read More

11 Feb

Unity3D protection in Moonton games, part 2

I wrote about Moonton game protection in November 2018. It was a pretty boring protection, so I quickly forgot about that. In January 2019 Moonton devs decided to change their protection. I'm not sure if it's a coincidence or not - but here's the update anyway.

This analysis covers:

specifically versions from 1.3.37 upto 1.3.47 (latest at the time of writing). All other games that I mentioned in my previous post haven't been updated, or are still using the old protection mechanism.

Read More

29 Dec 2018

Unity3D protection in “AU2” dance games

Today's story is about dancing games. Specifically, about

These games employ some tricks in the APK file structure as well as modified libmono.so. I will go through each of the protection mechanisms step-by-step and explain how it works. In the end, you will have all the necessary information to implement your own decryption tool that can decrypt AU2 protected DLL files.

Read More

11 Dec 2018

Changes in the blog

My last posts about Unity3D/Mono protections gained a lot of attention. Unfortunately, they gained the wrong kind of attention and low quality comments. So, I decided to make changes in a way these posts are made.

This is a place to describe HOW the protection works.

I have no agenda against game authors or any of the Android MOD teams. They just happen to use interesting protection mechanisms. And I like to take protections apart and describe HOW they work. So, the posts will be even more focused on HOW the protection works and how it can be defeated. Sometimes I'll make some code snippets available. But in any case, you will have to do your work to defeat the protection.

This is NOT a place for script-kiddies.

I made a big mistake releasing compiled executable. It attracts crowds of asian kids who are only able to drop DLL on the compiled executable and complain that it did not magically fix everything. They have absolutely no interest in how the protection actually works.

To fix that, there will be no more ready-made tools. If you care about the protection, my blog has all the information you need to make your own tool. But if you need a ready-made, compiled tool, go somewhere else.

This is NOT a place for crack requests.

Yes, I'm always interested in new and innovative protections. If you tell me about such protection, I will be very happy. When I get some free time, I will look at it. If it's interesting enough, I will write about it.

But I will not crack the protection for you. And most certainly I will not do it on your schedule. So, don't bug me about that.

I work on this blog in my free time.

My free time is limited. I will read all comments and all emails. Someday. When I have free time.

So, do NOT bump your comments or your emails. If you haven't received a reply, your message was stupid and I decided to ignore it. Or perhaps I just haven't had time to read it and respond to it.

You need to do your homework.

I got plenty of comments like "how do I use your tool?" or "I can't open file in dnSpy. Help!!!111".

First, read the bloody posts, they explain how my tools work and what the limitations are. Second, use Google. Third, read "How to Report Bugs Effectively". I can't magically solve all your problems - I need to see the actual file first.


I hate using ban-hammer. So, first time you do something stupid, I will warn you. But if you continue doing that, I'll ban you. As simple as that.

Thank you for reading to the end, I really appreciate that. Please enjoy your stay here.

10 Dec 2018

Changes in Chrome 71 break Gmail.

I've complained about Chrome automatic updates before. I actually stayed on outdated Chrome 45 for a long time because I really needed NPAPI support to perform certain tasks. 

But few months ago I decided to bite the bullet and "live a normal life". So, I enabled Google Chrome updates and crossed my fingers. It worked for some time. I got the awful "modern UI" and managed to turn it off. I got the automatic Chrome sign-in that nobody actually wants and Google retracted later. And I was able to turn it off too.

But now Chrome cannot open my Gmail account. WTF?

Can't sync to account.

When logging into Gmail it just pops up this message "Can't sync to account. Request cancelled."

Read More

19 Nov 2018

Unity3D/Mono protections, part 4

This part is more about my own failure than about Unity3D or Mono. I enjoy looking at Android game cheats and how they manage to exploit every single bug in Mono engine used by Unity3D. And then I make equally stupid bug in my fixer tool. How embarrassing! oops

Well, not really. I don't pretend to be perfect. I make mistakes just like everyone else and I have no problem admitting them. And hope that somebody else will learn from my mistakes, too.

So, today we'll look at the Vietnamese app that has a funny way to encrypt DLLs:

First, I'll show how the main module is encrypted in the original app. Then I'll analyze a modded version of the app on which my fixer tool failed miserably. Finally, I'll provide a fixed version for my tool.

Read More

12 Nov 2018

Unity3D protection in Moonton games

This is Part 3 of the series about tricks in PE file format used by Unity3D-based games and cheats.

In Part 1 I analyzed some basic tricks used by Android game modders and ways how to defeat them. In Part 2 I covered more tricks used by modding teams and traced their origins to obscure Chinese Android games.

This part will cover tricks used by game developer Moonton in their games:

All games use modified versions of libmono.so containing few tricks that nobody else uses. Different versions of libraries have slightly different ways of implementing these tricks, most of my analysis is based on Mobile Legends: Bang Bang v1.3.25.3323.

Read More