June update of unpackers
Molebox VS unpacker
This update fixes unpacking very large embedded files. Before the fix, unpacker would crash with "out of memory" exception when embedded file was larger than ~800MB. Thanks to MMM for reporting the bug.
This update fixes unpacking very large embedded files. Before the fix, unpacker would crash with "out of memory" exception when embedded file was larger than ~800MB. Thanks to MMM for reporting the bug.
Last December I wrote a blog post explaining how some of the AU2 dance games were protected. Apparently, the protection author read the blog post and updated his protection. smile This blog post will explain how the protection was changed and suggest several ways of dealing with the new features.
This analysis covers:
This is a quite big update for Molebox VS unpacker. It fixes most of the bugs I'm aware of:
It's still not perfect and will fail in some situations - but I didn't want to postpone the release any longer. Please let me know if it crashes for you and I'll try to fix the problem. smile
Read More
Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.
The fix was actually implemented a long time ago, I just didn't make the announcement.
I wrote about Moonton game protection in November 2018. It was a pretty boring protection, so I quickly forgot about that. In January 2019 Moonton devs decided to change their protection. I'm not sure if it's a coincidence or not - but here's the update anyway.
This analysis covers:
specifically versions from 1.3.37 upto 1.3.47 (latest at the time of writing). All other games that I mentioned in my previous post haven't been updated, or are still using the old protection mechanism.
Today's story is about dancing games. Specifically, about
These games employ some tricks in the APK file structure as well as modified libmono.so. I will go through each of the protection mechanisms step-by-step and explain how it works. In the end, you will have all the necessary information to implement your own decryption tool that can decrypt AU2 protected DLL files.
Final release in 2018 fixes a bug that was reported by dehola.
This part is more about my own failure than about Unity3D or Mono. I enjoy looking at Android game cheats and how they manage to exploit every single bug in Mono engine used by Unity3D. And then I make equally stupid bug in my fixer tool. How embarrassing! oops
Well, not really. I don't pretend to be perfect. I make mistakes just like everyone else and I have no problem admitting them. And hope that somebody else will learn from my mistakes, too.
So, today we'll look at the Vietnamese app that has a funny way to encrypt DLLs:
First, I'll show how the main module is encrypted in the original app. Then I'll analyze a modded version of the app on which my fixer tool failed miserably. Finally, I'll provide a fixed version for my tool.
This is Part 3 of the series about tricks in PE file format used by Unity3D-based games and cheats.
In Part 1 I analyzed some basic tricks used by Android game modders and ways how to defeat them. In Part 2 I covered more tricks used by modding teams and traced their origins to obscure Chinese Android games.
This part will cover tricks used by game developer Moonton in their games:
All games use modified versions of libmono.so containing few tricks that nobody else uses. Different versions of libraries have slightly different ways of implementing these tricks, most of my analysis is based on Mobile Legends: Bang Bang v1.3.25.3323.
In the first part of the series I explained how some cheat authors try to protect their work against other cheaters. It was a quick introduction to Unity3D and bugs in Mono that cheat authors exploit.
Last week someone emailed me another example of a game cheat. My tool from the previous article failed to fix invalid metadata, so I decided to look at it again.
The cheat I received was made by Mod4U from BlackMod.net team. It appears that Mod4U is one of the most active members of the team, judging by number of the releases. His/her cheats use invalid PE file tricks and are encrypted, as you'll see later in the article.
After looking at different mods from other team members, I've confirmed that Rito, Aurora and Legend also are using invalid PE files for hiding their work. But none of their cheats encrypt Assembly-CSharp.dll.
So, let's look at the cheats and see what new tricks BlackMod team members have found!
Read More