February update of unpackers

kao

Enigma Virtual Box unpacker v0.51

  • Hopefully solved the UI-freeze issues.
  • Improved loading speed for big files (100+ MB).
  • Added a warning for the user when loading big file:
     Loading large file, it might take some time...
  • Added support for Enigma Virtual Box v8.00.
  • Enigma Virtual Box v8.00 finally added support for TLS callbacks. My unpacker will detect such files and will try to fix TLS directory automatically.

Known issue - for x64 executables exception directory is not restored. The unpacked executable will work until an exception happens. If you find any such executable, please send it to me and I'll work to improve the unpacker.

demoleition v0.60

  • Hopefully solved the UI-freeze issues.
  • Fixed bug with certificates and overlays that I introduced few versions ago.
  • Fixed bug with multi-packed files
  • Main form shows that only Molebox v2.x is supported.
  • Improved loading speed for big files (100+ MB) and added warning for users.

demoleition VS v0.01


This is first BETA release of static unpacker for Molebox v4.x. It works for most of the files in my collection but is not well tested by any means. If you notice any bugs (trust me, you will!), please let me know.

Known limitations: way too many. Few most important ones:

  • Error checking is very limited. If something bad happens, it will most likely crash.
  • Main file is saved as _unpacked.bin. Overlay (if present) is saved as overlay.bin.
  • The biggest problem is the "hide files" feature of MoleboxVS. It does not store original filename, just the MD5 hash of it. So, in those cases it's almost impossible to restore original filenames. I added big fat warning for those cases.
  • Loading large files will make the UI freeze. I'll fix it after the bugs in unpacker itself are fixed.

So, why release it? I've had it like this for 5+ years now. It almost works. But without your feedback it will stay in this "almost working" state forever. The more bugs you report, the bigger the chance that I'll finally finish this project.. So, have fun!


Bugs reported by users. I'll work to fix the when I get some free time.

  • Some data files can't be unpacked. Error
    [x] VFSDecrypt: failed to find STELPACK signature
  • Sometimes main EXE file will not be unpacked. No error message but _unpacked.bin file won't be created.
  • Mysterious unpacking problem on some files. Error
    [x] SPack catalog not found or invalid. vfsrootsize=00000000
  • Very large data files can't be unpacked. Error
    [x] Exception loading extra box file

49 thoughts on “February update of unpackers

  1. Frikin hell! 2nd best day of 2018! 😀

    I'll run all the files I have thru it and if I find any bugs I'll be sure to let you know.

    1. Man RE is hard stuff for the short minded.
      Even after passing the thru De-mole-ition VS. The resulting .exe file can't be unpacked thru exe2aut or myaut2exe.

      Can one ask how did you find out the name of the background32.jpg file? I could find out that the other 3 are wave files.

      Also, and this might be a strange question. Could you check on your test files, if I haven't send you a file named Programador V6.exe or similar a year or so ago? I did actually lose it :/

      1. #1 - I don't want to be nasty but running ready-made tools is not really RE. 🙂
        #2 - Just verified: myAut2Exe 2.12 build 197 works fine with _unpacked.bin from your v6.exe package and can decompile the script.
        #3 - Finding correct names is very hard but not impossible. That's why it's not implemented in the unpacker. When I unpacked your files last time, I did it by checking what filenames are used in AutoIt script.
        #4 - Sorry, I don't archive all the files that people send to me.

        1. Many thanks. When I said RE I wasn't talking about using de-mole-ition or other ready2use tools. I did try unpacking it using some tutorials and ollydbg and what not, having downloaded a shitton of RE tools in the process. Anyway, no nastyness perceived on your message as I understood it perfectly.

          I finally managed to unpack it, and now I'm in the process of learning autoit so I can remove the shit-ton of protection on those files. I've managed to remove it from the main .exe (v6.exe as I suspected) but it seems to load some of the other ones which I'll have to unprotect and decompile to fix too. Fun times.

          The names for the files, it seems I'll have to guess them from the script names. The v6.exe had no reference to one of the files it extracted.. It'll be mostly fiddle-and-test.

          And no worries, I managed to use the license checking process to create a license-file creator, so no more need for the programador_v6 file.

          All of this all thanks to you, so again, many many thanks.

  2. Kao, ive sent you an email you regarding all the Bugs ive found today, Thanks 🙂

  3. hi, kao
    I can not open it with the software, hope you look over for me, thanks you
    link: {hidden link}

      1. thanks kao, can you tell me what file is this protected by ?, i use ollydbg but can not open it
        link: {hidden link}

        1. That is not an executable file. Look at EXE and other DLL files to find out how it is used.

          1. Thank kao, good day.
            I use Ollydbg to edit the bin file, but open up it says EBX: DEADCODE, How to fix, I try to find on the net but not effective, you can see through it help me. thanks you
            pic ex: {hidden link}
            file: {hidden link}

    1. All 3 links work just fine.

      Great Firewall of China seems to be blocking MEGA but that is not my problem. You will need to find a VPN or other solution to bypass it.

  4. I'm having trouble with this file:
    {hidden link}

    It says that the signature seems to be invalid. Thanks in advance for your help!

    1. Could you please upload a full game, so I can check it? I'm not sure if your file is modified or it's some feature of Molebox I haven't seen before.

      You can use hex editor and change last 4 bytes of the file to

      BE BA FE CA

      After that my unpacker will work just fine.

  5. Hi, Enigma 0.60 for file {hidden link} show me warning: "[!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!"

  6. Professor Kaos

    You such expert and you can only unpack molebox and virtual box.

    Why don't you write an unpacker for VMprotect or Themida?

    Too strong for you? Huh. Such expert. Such disappointing. Wow!

    PS. Who utilze molebox or virtual box in 2018? Answer. Nobody.
    PS2. I cannot wait for your UPX unpacker 😛 show your real strength.

    1. [b]@Professor Kaos[/b]
      Can you, please, moderate your tone?

      How did you come to the conclusion kao is able to unpack only molebox and enigma virtual box?
      It just happens he is FREELY sharing his own work on those two protectors.

      kao is a great reverser and he owe NOTHING to me or you. I'm 100% sure he can deal with strong protectors, hard-to-analyze malwares and the like ... and, by the way, he already proved so in previous blog posts.

      Anyway if you think that offending kao this way you'll force him to give you the ready-made unpacker you're looking so desperately for ... well, IMHO you're loosing your time. kao is not so unsophisticated 😀

      No hard feelings of course ... it just disturbes me when people try to take advantage of good persons, like kao, this way.

      Big kudos to kao who ignored the message 😉 ... and, of course, big thanks for his continued knowledge sharing 🙂

      Best Regards,
      Tony

  7. Hi,kao. I use your tool(demoleition VS v0.01) to unpack this file.
    but it don't work.it look protected with molebox 4.x.can you help me?
    Thanks!

    {hidden link}

  8. Hey!
    I've been using your Enigma unpacker for some time already, and it was usually working fine. However recently I met some games I couldn't unpack ( they are new), because of 'Could not find original TLS directory.' In other games I mentioned Unpacker gives TLS error and doesn't unpack anything, but in one it does unpack some files, then it gives error.
    Exe: {hidden link}

    Thanks for your great work!

    1. Ah, my bad! I sent link without key. Here is correct one: {hidden link}

      Have a nice day!

  9. {hidden link}
    Hi,kao.this file look protected with Enigma Virtual Box v9.00.
    Can you support it?
    Have a nice day!

  10. The link for demoleition VS 0.01 is not working. all others are working axcept for this

  11. {hidden link}

    This file is not unpacked. (Enigma Virtual Box unpacker v0.51)

    [!] Unknown EnigmaVB version, cannot guarantee that unpacking will work properly!
    [!] unknown virtual file type 0
    [!] unknown virtual file type 0
    [!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!

  12. {hidden link}

    EnigmaVBUnpacker v0.51, compiled on 27-02-2018 20:18

    [+] EnigmaVB version: UNKNOWN
    [!] Unknown EnigmaVB version, cannot guarantee that unpacking will work properly!
    [!] unknown virtual file type 0
    [!] unknown virtual file type 0
    [!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!
    [+] Unpacked main file: G:\Desktop\SiglusEngine_CHS_unpacked.exe

    Please have a look, thank you.

  13. Do you have plan about new latest version EVB unpacker release?
    It's very nice tool. It's very useful.
    Thanks very much kao.

  14. Guys, who can help, unfortunately demoleitionVS-v0.01 produces the wrong names. Molebox 4

    {hidden link}

      1. Sir i tried to unpack other files but there is warning your files use Molebox VS "hide Files"
        when i click okay failed to extract the files..

        1. What do you mean by "failed to extract the files"?

          Did my unpacker show an error message? Did it crash? Please give me more details and I'll try to fix the problem.

          1. I mean if they will put a password packing in molebox VS 4 there will be a message like this.. and file failed to extract {hidden link}

            here..

            WARNING! This is BETA version of Molebox v4.x unpacker. It is not well tested and may crash. If you find a bug, please report it to me via email or my blog ({hidden link}) and I will fix it.

            de-mole-ition VS v0.1, compiled on 27-02-2018 21:39
            Supports Molebox Virtualization Studio v4.x
            Latest version always on {hidden link}

            [i] Loading file: C:\Users\Launcher.exe
            [+] MD5: c89bc54e4ce06f164a7e907767b5ad5f
            [i] BoxOffset = 18000
            [i] Molebox type: new (v4.4325..v4.5462)
            [i] Exact MoleboxVS version: v4.5462 (4ED59C30)
            [i] VFS.PackageMask = *.DATA
            [i] Total 0 entries:
            [i] Extra BOX File = DATA01.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA02.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA03.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA04.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA05.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA06.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA07.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA08.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA09.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA10.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA11.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA12.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA13.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA14.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA15.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA16.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA17.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA18.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA19.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA20.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA21.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA22.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA23.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA24.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA25.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA26.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA27.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA28.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA29.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA30.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA31.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Extra BOX File = DATA32.DATA
            [x] VFSDecrypt: failed to find STELPACK signature
            [i] Finished! Have a nice day!

  15. Hello sir Kao i tried to unpack this using Demolation vs 0.01 but i cant unpack it could you try sir..
    thank you. please send to my email.
    {hidden link}

    1. Unpacking works just fine. Make sure you unpack HTLauncher.exe first, it will unpack all asset*.dat files automatically.

  16. 'Sup Kao! Thanks for your awesome work on these two unpackers! They have helped me out multiple times mate, and I can't thank you enough. I'm just writing this to you because of an error that I got when extracting a packed rpg maker exe using EVB. The error is: "WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!" and the exe can be downloaded here: {hidden link} Thanks again for all your awesome work, and I hope you have a great week! 🙂

  17. @all: I just released updates for Enigma Virtual Box and Molebox 4.x unpackers: https://lifeinhex.com/september-update-of-unpackers/ - that should solve most of the problems you have reported here. If you have a file that cannot be unpacked correctly by the updated version, please make a comment under the latest post and I will look at it.

    Comments here are closed now.

Comments are closed.