December update for unpackers

kao

This month brings us not one but two updated unpackers! πŸ™‚

Updated Molebox unpacker

  • Fixes a crash with double-packed files. Thanks to whoknows for reporting the issue!

Updated Enigma Virtual Box unpacker

  • Support for Enigma Virtual Box v7.90
  • Detection of Enigma Protector. The feature was added long time ago but accidentally removed later.

I still need to work on the UI-freeze issue. When unpacking very large files, UI will appear to be frozen until unpacking process completes. It may take 5+ minutes on very large files, please be patient!

64 thoughts on “December update for unpackers

  1. good morning, kao
    you help me get its running file, i use your molebox software, can only get the files inside it, i need this original .exe file, thank you
    link: {link_removed]

    1. Hi,
      My unpacker creates file gamebox_unpacked.exe - that is the unpacked .exe file and it seems to work fine for me. When I run it, it shows error message "Game file not found" because it cannot open file SOLMusc.pak.

      If it doesn't work for you, please make some screenshots and tell me what exactly is not working.

      1. I opened it thank you, so I want to ask you a little more if you do not mind?
        - Currently the font of the file "gamebox_unpacked.exe" in the "china" language, how to change it to language "vietnamese", I have a sample file and game client that you can see it help me.
        - sample font vietnam file "game.exe"
        - the file I want to change the font file "game_unpack.exe"
        If you are busy, can guide me, I can learn, Wish you a good day ^^
        link: {link_removed}

  2. Hi Kao,
    i hope you could add support to Molebox Virtualization Solution 4.5235, i tried to unpack but it cannot. Keep it up


    1. As I've said countless times before, this unpacker is only for Molebox version 2.x. πŸ™‚

      I do have an unpacker for Molebox 4.x but it's still not finished. If you send me a link to your file, I'll take a look at it.

        1. Dangerous File Blocked
          The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files.

          Please use Mega.co.nz, they don't have such issues.. πŸ™‚

          1. I had to fix few things in my unpacker but now it works fine. πŸ™‚

            de-mole-ition VS v0.1, compiled on 08-01-2018 21:44
            Supports Molebox Virtualization Studio v4.x
            Latest version always on https://lifeinhex.com
            
            [i] Loading file: F:\1234\HTLauncher.exe
            [+] MD5: 1c55bf404679bc1589663377de1643ab
            [i] Molebox type: new (v4.4325..v4.5462)
            [i] Exact MoleboxVS version: v4.5235 (4E2AEEFD)
            [i] Total 12 entries:
              file: `ANTIHACK.DLL`, size=00030400
              file: `HTDIRECT3D.DLL`, size=0001D000
              file: `___MAIN___.EXE`, size=001CF000
              file: `DBGHELP.DLL`, size=00077A00
              file: `MSS32.DLL`, size=00055600
              file: `HTWEB.DLL`, size=00001400
              file: `D3DX9_28.DLL`, size=002374D0
              file: `HTLAUNCHER.EXE`, size=001CF000
              file: `HTSOUND.DLL`, size=00013000
              file: `BUGSLAYERUTIL.DLL`, size=0000804E
              file: `D3DX9_29.DLL`, size=002396D0
              file: `HT3DHEAVEN.DLL`, size=00077000
            [i] Finished! Have a nice day!
            

            Your files: {link_removed}

  3. this is a great unpacker at alllll
    keep it up sir
    hope you can help me unpacked Molebox Virtualization

    Thank youuu

    1. Yes, HTLauncher.exe is packed by Molebox Virtualization Studio. All *.Atlas files are packed by Molebox Virtualization Studio as well.

      For example, in system.atlas, there are 41 files and 1 directory:

      de-mole-ition VS v0.1, compiled on 12-01-2018 22:10
      Supports Molebox Virtualization Studio v4.x
      Latest version always on https://lifeinhex.com
      
      [i] Loading file: F:\HTLauncher.exe
      [+] MD5: d924b015a76f16e6a2bfe5c9a7a0ebea
      [i] Molebox type: new (v4.4325..v4.5462)
      [i] Exact MoleboxVS version: v4.5462 (4ED59C30)
      ...
      [i] Extra BOX File = system.Atlas
      [i] Total 42 entries:
        file: `system\ParoksyaObj.txl`, size=00001739
        file: `system\Kathana3Obj.txl`, size=0000894E
        file: `system\Jina4th_NPC.txl`, size=000479D8
        file: `system\HTScript.sys`, size=0003B710
        file: `system\MysticalLand.txl`, size=0000305C
        file: `system\ForgeObj.txl`, size=00006383
        file: `system\IntroObj.txl`, size=0000008C
        file: `system\Jina1st_NPC.txl`, size=00296095
        file: `system\Chaturanga_NPC.txl`, size=00026516
        file: `system\TantraOtimizeData.tan`, size=0001F701
        file: `system\Kathana3_NPC.txl`, size=001AF297
        FOLDER: `system`, size=00000000
        file: `system\ArenaObj.txl`, size=0000302F
        file: `system\RuinObj.txl`, size=00006356
        file: `system\Kathana1Obj.txl`, size=000093AD
        file: `system\ArenaDurga_NPC.txl`, size=0003C92B
        file: `system\Kathana4CaveObj.txl`, size=00000BCC
        file: `system\NewMandaraObj.txl`, size=000093AD
        file: `system\Paroksya_NPC.txl`, size=0011D58F
        file: `system\MaranaObj.txl`, size=0000032F
        file: `system\HTSSettingScr.txl`, size=0000A7C5
        file: `system\Paroksya2Obj.txl`, size=000033E0
        file: `system\Mandara_NPC.txl`, size=0043768C
        file: `system\Invernalia_NPC.txl`, size=00026516
        file: `system\Jina7thCave_NPC.txl`, size=0014BF98
        file: `system\HTMessage.txl`, size=0016E316
        file: `system\MysticalLand_NPC.txl`, size=0003A222
        file: `system\Kathana4Obj.txl`, size=000028FA
        file: `system\Jina4th2_NPC.txl`, size=0003AD5E
        file: `system\InvernaliaObj.txl`, size=0000DC46
        file: `system\ShambalaAnu_NPC.txl`, size=002C8270
        file: `system\Jina3rd_NPC.txl`, size=001C7809
        file: `system\VediKrumaObj.txl`, size=0000DC46
        file: `system\HTQuest.sys`, size=000004E0
        file: `system\MobInfo.tan`, size=0000164F
        file: `system\Kathana2Obj.txl`, size=0000DC46
        file: `system\Forge_NPC.txl`, size=00067166
        file: `system\NewMandaraObj27.txl`, size=0000232D
        file: `system\fxPC.txl`, size=0008137E
        file: `system\Mudha_NPC.txl`, size=00089BEE
        file: `system\AnakaKrumaObj.txl`, size=0000997A
        file: `system\Kathana4_NPC.txl`, size=000E4F98
      
    1. This is not "Please unpack my file for me" thread.

      I will look at your files if and when I have some free time. Begging in the comments will not help you in any way.

    1. Your files unpacked: {link_removed}

      WARNING: unpacked EXE and DLL files are infected with Ramnit virus. That is not my fault, blame owners of that Tantra server!

  4. sir how about the other file because this is not the complete file of atlas i think this is packed in their launcher files but the other files like packed in Data01.atlas Data02.atlas are not there..

    1. Unpacked: {link_removed}

      WARNING: some of the unpacked EXE and DLL files are infected with Ramnit virus. That is not my fault, blame owners of Tantra server!

  5. good day sir thanu remove the link of your post sir thank you and this is the last request for unpack client sir

    {link_removed}

  6. EnigmaVBUnpacker v0.44
    Windows 10 Pro

    A couple of things:
    * You're already working on the UI freeze and total lack of real-time progress indicators, but they should be a much higher development priority.
    * The name of the created resource folder is "%DEFAULT FOLDER%. The games I've unpacked so far can not handle having the '%' characters in the path and will not run either from the _unpacked.exe in the original folder nor the "game.exe" in the new resource folder. If you change the folder name to something without those '%' characters, _unpacked.exe will still not work because there is no way to tell it the new resource folder name, but the "game.exe" in the resource folder will now work.
    The resource folder name should be changed to something that does not use any special characters. The best solution would be to make the resource folder name configurable before starting to unpack, and to add a command line option to the _unpacked.exe to tell it what name to use if you've changed it (like: -f ).

    And one question:
    Is this application open-source?

    1. I think you misunderstand some things.

      It's my project and I do it in my free time. If you ask nicely for some feature or improvement, I will consider it but you're in no position to tell me what I should do and with what priorities.

      %DEFAULT FOLDER% is not something I invented. It's a feature of Enigma VirtualBox and means "folder where main protected module is located". Read more at http://enigmaprotector.com/en/help/manual/038e8b3e05434cbb3e96d4de3531d840. Since Enigma VirtualBox uses it internally, it's here to stay, just like all the other special folder names (%SYSTEM FOLDER%, %My Documents FOLDER%, %Temp FOLDER%, etc.). Reason is very simple - when unpacking files, I need to keep the correct folder structure. Nobody will appreciate if my unpacker suddenly starts overwriting files in folders like C:\Windows or C:\Program Files\.

      As for your issue with unpacked games, you should keep in mind that not all files are virtualized. Simplest solution would be to take all content of the "%DEFAULT FOLDER" + game_unpacked.exe, copy them to a folder where your game is installed and then run game_unpacked.exe. It should work.

      No, it's not open source.

      1. Thanks for your reply. I'm not one to fill paragraphs with flowery praise or prattle when I'm just trying to provide helpful information to someone who might appreciate it - or not.

        The reason I mentioned priority is because the most common question and complaint I see and answer about this app is the UI freeze and the confusion a lack of progress indicator causes, especially with the lack of usage documentation or help text. This would reasonably indicate these issues need a higher development priority to make the app more useful and less confusing to new users.

        Thanks for the info on the Enigma file structure. However, this still does not solve the issue with the game_unpacked.exe not working. The app creates both the folder and exe in the game directory by default and the game_unpacked.exe does nothing when run. The game.exe file in the folder only displays an empty white windows that does nothing until you rename the folder without the '%' characters. Since these characters must stay to preserve the file structure, it would seem that some additional path handling is needed to allow the executables to work. This problem occurs with games made with RPG Maker MV (I had forgotten to mention that).

        I only mentioned open source because you might find the open source community helpful with any of the coding issues you are experiencing. As you said, you do this in your spare time and, when many of us who do the same contribute to the same project, it can get done a lot quicker. Just a helpful suggestion that has a proven track record.

        1. Please send me the link to that game and I'll take a look. Comments with links are moderated, so only I will be able to see the link.

          My experience with open-sourcing specialized tools has been very negative. See for example, de4dot. People will happily redistribute it in a binary form after fixing "something". But sending pull requests or any other actual help? It's very rare..

  7. Here ya go: {link_removed}
    Your experience with OS (Open Source) is unfortunate. I have been involved with many successful OS projects and value the process. Of course, like any process, it can not be successful if not managed properly. The lead developer always has the power to accept, reject, or alter pull requests to their liking and the code base is not affected by anything they have not deemed appropriate. The OS community can also discuss a pull request that is still pending to help find more appropriate alternatives to the solution presented. When responsibly managed, control always remains in the hands of the managing developer.

    The only exception is when the repository is forked, altered, and distributed. However, those who do either only make one change and do not upkeep management of the app so users will always return to your repository for regular updates, or they manage the fork properly when the original developer is not, giving the app a longer lifetime than the interest or time of the original developer. Keeps 'em honest, like those projects that leave pull requests dangling forever. I don't see the latter happening with you so, if properly managed, I believe you would benefit by the OS process. Again, just a helpful suggestion.

    1. Hey DuDraig,
      I finally had some time to look at your file.

      1) As you stated correctly, unpacked game shows blank screen when executed from a folder named %DEFAULT FOLDER%. So, just rename the folder to Unpacked or whatever.
      2) Then, if you copy My_New_Life_unpacked.exe to the folder Unpacked, it runs perfectly. Game loads.
      3) In addition to that, game authors made a mistake by including the original executable (game.exe) in the %DEFAULT FOLDER%. If you run that, game works fine too.

      Conclusion, the issue with % signs in folder name is an issue with your specific app/framework, and not the issue with my unpacker.

  8. @Abehmy
    Dont worry i already backup the files :), WTF your files are too big 1GB+, youre lucky kao did it for you

    BTW Thanks Kao, keep it Up!

  9. Hi, thank you for the update. I guess you already know Molebox is now open source since some months (GPLv3, on GitHub), maybe this helps with your 4.0 unpacker (and maybe improving previous versions too).

    Regards.

    1. Thank you, I know. πŸ™‚ It's a stripped-down version of the latest Molebox VS build, so it helps a little bit. But it's not a magic wand that will solve all the problems immediately..

  10. Hi Kao, if you are not busy and have time, Can you help me unpacking my files, ive tried to unpack it manually but no luck, thank you and bless you, if you manage to unpacked it just send the link to my email. thanks again @.@ πŸ™‚

    {hidden link}
    {hidden link}
    {hidden link}

  11. Dear all!

    This is my blog, not "please unpack my file" request forum.

    Please do not post any links with your files. I will make my unpacker public when I finish it, I can promise you that. However, I do not have much free time these days, so it might take a while.

    Thank you for understanding,
    kao.

  12. Hi Kao,
    I think this is a bug, it does'nt unpack all files ive attached the file so you could check it
    Scanner shows MoleBox v2.4x-v2.6x.
    sorry about the previous link ive post,ill just wait in my mail πŸ™‚ Keep it UP!


    {hidden link}

    1. Thank you, bug reports are always welcome! πŸ™‚

      1) Somebody has changed few bytes in the packed file so that my unpacker can't show the exact Molebox version. It doesn't affect unpacking in any way, all 4 files and main EXE are unpacked correctly.
      2) "Warning: MD5 check failed" is my bug that I introduced in the version 0.52. I'll fix it in my next release. It also doesn't affect unpacking.

  13. Hi Kao,
    Theres a UI-freeze issue. When unpacking very large files on the current molebox unpacker, the result is a success unpack files im not sure if that's a bug πŸ™‚ just reporting ... BTW when u planning to release the Molebox VS unpacker i want to test it on personal use and evaluate it, can i have a copy :))

    1. I mentioned the UI-freeze issue in the post above. So, yes, I know about it. πŸ™‚

      I still need to work on the UI-freeze issue. When unpacking very large files, UI will appear to be frozen until unpacking process completes. It may take 5+ minutes on very large files, please be patient!

  14. I wonder if you could run these on your unpublished Molebox VS Unpacker.
    I believe I've sent you some previous files like these but older a year or so ago.

    {hidden link}

    1. the most important one is named topv6.exe the rest if it bothers you I don't really mind much. I believe what I want to see is inside that topv6.exe.

      Having said that, many thanks even if you don't have time to unpack them. I know what is not to have time to do things we like.

      1. I wonder if anyone knows of a tool that at least detects which protection an EXE has?

        I'm not 100% my files are packed with Molebox 4.x, but they didn't work with de-mole-ition as of the latest version.

        1. Yes, your files are packed with Molebox v4.5235. There is no file Topv6.exe inside your archive, are you sure you uploaded the correct one?

          1. Thank you for having a look. It seems I messed up the filename. It's actually v6.exe

            Feel free to pass the other ones thru your unpacker, I believe most of, if not all of them are packed with Molebox, so you might find a bug or two, but hopefully none.

          2. Just to be sure, since RE is not my strong point, since virtual file system editor 0.3 doesn't extract main files, I wouldn't be able to extract v6.exe by using it, would I?

            I tried, to the best of my limited knowledge, and while it injected it properly, no "new" files showed up on the window. I'm guessing it only has one file inside and as so, VFE won't work on it but I'd love some confirmation.

          3. No, there's a different reason for that.

            1) Your files are packed with "hide files" option in Molebox, so they will not show up in the VFSEditor UI. But if you know the filenames, you can extract them using "Extract by name" feature. See VFSEditor help for more details.
            For example, there's a file FilesV6\V6\BACKGROUND32.JPG in the v6.exe. You could try extracting that. πŸ™‚

            2) There is no way to extract main file using VFSEditor. But since you know it's an AutoIt file, there are tools that can extract the script from running process. For example, Exe2Aut could work (but I didn't test it myself!)

        2. @kao neither myexe2aut nor the other one has option of getting from running process. One lets me paste the script or choose a file, the other one only allows me to decompile a exe.

          Somehow I am not able to reply to your latest comment.

          1. Since it is packed, I cannot drop V6.exe on exe2aut.
            When running v6, there's no option in exe2aut to attach or extract from a running process.
            I'm out of ideas.

          2. If you by any chance pass the v6.exe file thru your unpacker, please do send me a link of the results.
            If not, I'll wait for the public release. I've tried following a Molebox 4.x unpacking tutorial using ollydbg, but it was video only, and I'm guessing, more geared to more "knowledgeable" people as there were no indication on most of what he was doing, nor which options he was pressing.

            I'd ask if you could maybe make a tutorial, so people could try and do it by themselves instead of nagging you to run the files thru your decompiler (like I'm almost doing :D), but I reckon if you don't have time to work on the unpacker, you probably won't have time to write a tutorial.

  15. Hello sir @kao , does demoleition work on all v4.5235? I tried to unpack the .exe but failed, it has the same version v4.5235 . this is the file please check {hidden link}

    {hidden link}

    1. Your question has been answered several times before - Demoleition supports only Molebox v2.x. Next version of unpacker will show that information in main window as well. πŸ™‚

  16. I see. I thought it was added on the last update, i've read the previous images that there was a game file with the same version and was unpacked too. Anyways, I hope there will be a version for 4.x versions in the future πŸ˜€ Thanks and keep it up sir

Leave a Reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

 −  two  =  three