13 Apr

Unity3D protection in “AU2” dance games, part 2

Last December I wrote a blog post explaining how some of the AU2 dance games were protected. Apparently, the protection author read the blog post and updated his protection. smile This blog post will explain how the protection was changed and suggest several ways of dealing with the new features.

This analysis covers:

Read More

13 Apr

April update of unpackers

Molebox VS unpacker

This is a quite big update for Molebox VS unpacker. It fixes most of the bugs I'm aware of:

  • Supports Molebox GPL version
  • Removes "anti-hacking" protection
  • Supports BOX files in sub-directories
  • Shows embedded command-line
  • Main executable will be named {yourfile}_unpacked.exe
  • Fix calculation of SizeOfImage in edge cases
  • Fix decryption in edge cases

It's still not perfect and will fail in some situations - but I didn't want to postpone the release any longer. Please let me know if it crashes for you and I'll try to fix the problem. smile
Read More

01 Mar

March update of unpackers

Enigma VirtualBox unpacker

  • Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory
  • PE header size was calculated incorrectly in some cases
  • TLS directory was not detected correctly for some files

Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.

Molebox VS unpacker

  • Added support for a very old version on Molebox VS, as reported by death

The fix was actually implemented a long time ago, I just didn't make the announcement.

13 Feb

uBlock silently enables Acceptable Ads for everyone

Few days ago I started seeing ads on ebay. Weird.. confused I blocked the ad manually and forgot about it. The next time I visited ebay, the ad was showing again. I blocked it again. Third time.. Yes, you guessed right, the ad was back. So, I started to investigate why my filter rule was not working.

Few minutes later, the culprit was found:

This rule disables all cosmetic filters for eBay. But where does it come from?

I went to examine my filter lists. And then I went into full WTF mode:

Why the fuck I have "Acceptable Ads" list enabled?
Read More

11 Feb

Unity3D protection in Moonton games, part 2

I wrote about Moonton game protection in November 2018. It was a pretty boring protection, so I quickly forgot about that. In January 2019 Moonton devs decided to change their protection. I'm not sure if it's a coincidence or not - but here's the update anyway.

This analysis covers:

specifically versions from 1.3.37 upto 1.3.47 (latest at the time of writing). All other games that I mentioned in my previous post haven't been updated, or are still using the old protection mechanism.

Read More

29 Dec 2018

Unity3D protection in “AU2” dance games

Today's story is about dancing games. Specifically, about

These games employ some tricks in the APK file structure as well as modified libmono.so. I will go through each of the protection mechanisms step-by-step and explain how it works. In the end, you will have all the necessary information to implement your own decryption tool that can decrypt AU2 protected DLL files.

Read More

11 Dec 2018

Changes in the blog

My last posts about Unity3D/Mono protections gained a lot of attention. Unfortunately, they gained the wrong kind of attention and low quality comments. So, I decided to make changes in a way these posts are made.

This is a place to describe HOW the protection works.

I have no agenda against game authors or any of the Android MOD teams. They just happen to use interesting protection mechanisms. And I like to take protections apart and describe HOW they work. So, the posts will be even more focused on HOW the protection works and how it can be defeated. Sometimes I'll make some code snippets available. But in any case, you will have to do your work to defeat the protection.

This is NOT a place for script-kiddies.

I made a big mistake releasing compiled executable. It attracts crowds of asian kids who are only able to drop DLL on the compiled executable and complain that it did not magically fix everything. They have absolutely no interest in how the protection actually works.

To fix that, there will be no more ready-made tools. If you care about the protection, my blog has all the information you need to make your own tool. But if you need a ready-made, compiled tool, go somewhere else.

This is NOT a place for crack requests.

Yes, I'm always interested in new and innovative protections. If you tell me about such protection, I will be very happy. When I get some free time, I will look at it. If it's interesting enough, I will write about it.

But I will not crack the protection for you. And most certainly I will not do it on your schedule. So, don't bug me about that.

I work on this blog in my free time.

My free time is limited. I will read all comments and all emails. Someday. When I have free time.

So, do NOT bump your comments or your emails. If you haven't received a reply, your message was stupid and I decided to ignore it. Or perhaps I just haven't had time to read it and respond to it.

You need to do your homework.

I got plenty of comments like "how do I use your tool?" or "I can't open file in dnSpy. Help!!!111".

First, read the bloody posts, they explain how my tools work and what the limitations are. Second, use Google. Third, read "How to Report Bugs Effectively". I can't magically solve all your problems - I need to see the actual file first.


I hate using ban-hammer. So, first time you do something stupid, I will warn you. But if you continue doing that, I'll ban you. As simple as that.

Thank you for reading to the end, I really appreciate that. Please enjoy your stay here.