Last few months have been... extra busy. I survived HDD crash, participated in Flare-On reversing contest (and finished 4th!), had quite fun projects at work - but all that is a matter of another story. Today I want to share with you a long-overdue update for unpackers.
Enigma Virtual Box unpacker
- Added support for Enigma Virtual Box v8.10, v8.20, v9.00 and v9.10.
- Unpacker now restores file attributes and date/time. Be careful, unpacked files might have attributes "read only", "hidden", etc.!
- Added validation of extracted folder/file names to prevent directory traversal attacks. It was on my todo list for a long time and all the media-craziness around Zip Slip finally forced me to do something about it.
- Fixed warning message about TLS directory. Mea culpa.
Molebox Virtualization Studio unpacker
- Fixed error "VFSDecrypt: failed to find STELPACK signature" on some data files;
- Fixed error "SPack catalog not found or invalid. vfsrootsize=00000000" on some EXE files;
- Fixed out-of-memory error when unpacking huge data files;
- Loads possible filenames from mole_dictionary.txt;
How to use mole_dictionary.txt
If you have a file which uses "hide files" feature of Molebox VS, it only stores hash of the filename - original filenames are not stored anywhere. But if you have a good idea what the filename might be, you can add it to mole_dictionary.txt and my unpacker will use that for intelligent guessing.
Read More