27 Feb

February update of unpackers

Enigma Virtual Box unpacker v0.51

  • Hopefully solved the UI-freeze issues.
  • Improved loading speed for big files (100+ MB).
  • Added a warning for the user when loading big file:
  • Added support for Enigma Virtual Box v8.00.
  • Enigma Virtual Box v8.00 finally added support for TLS callbacks. My unpacker will detect such files and will try to fix TLS directory automatically.

Known issue - for x64 executables exception directory is not restored. The unpacked executable will work until an exception happens. If you find any such executable, please send it to me and I'll work to improve the unpacker.

Download link: https://mega.nz/#!9g4g2DqD!P0mQz7508QNvg5LuRoE4w39AjL6o9onHK_p2bLXFdZM

demoleition v0.60

  • Hopefully solved the UI-freeze issues.
  • Fixed bug with certificates and overlays that I introduced few versions ago.
  • Fixed bug with multi-packed files
  • Main form shows that only Molebox v2.x is supported.
  • Improved loading speed for big files (100+ MB) and added warning for users.

Download link: https://mega.nz/#!4sgzzKKC!Xci2fYvA6VbFcEdqbWLqV_xsohjNx9-2DmtLe9B_3YM

demolition VS v0.01

This is first BETA release of static unpacker for Molebox v4.x. It works for most of the files in my collection but is not well tested by any means. If you notice any bugs (trust me, you will!), please let me know.

Known limitations: way too many. Few most important ones:

  • Error checking is very limited. If something bad happens, it will most likely crash.
  • Main file is saved as _unpacked.bin. Overlay (if present) is saved as overlay.bin.
  • The biggest problem is the "hide files" feature of MoleboxVS. It does not store original filename, just the MD5 hash of it. So, in those cases it's almost impossible to restore original filenames. I added big fat warning for those cases.
  • Loading large files will make the UI freeze. I'll fix it after the bugs in unpacker itself are fixed.

So, why release it? I've had it like this for 5+ years now. It almost works. But without your feedback it will stay in this "almost working" state forever. The more bugs you report, the bigger the chance that I'll finally finish this project.. So, have fun!

Bugs reported by users. I'll work to fix the when I get some free time.

  • Some data files can't be unpacked. Error
  • Sometimes main EXE file will not be unpacked. No error message but _unpacked.bin file won't be created.
  • Mysterious unpacking problem on some files. Error
  • Very large data files can't be unpacked. Error

Download link: https://mega.nz/#!dgB3GBaK!Few_etmLz8LK7g7Dw9T3orTxaNSm4yCg8vm9hH0fqrI

10 thoughts on “February update of unpackers

  1. Frikin hell! 2nd best day of 2018! :D

    I'll run all the files I have thru it and if I find any bugs I'll be sure to let you know.

    • Man RE is hard stuff for the short minded.
      Even after passing the thru De-mole-ition VS. The resulting .exe file can't be unpacked thru exe2aut or myaut2exe.

      Can one ask how did you find out the name of the background32.jpg file? I could find out that the other 3 are wave files.

      Also, and this might be a strange question. Could you check on your test files, if I haven't send you a file named Programador V6.exe or similar a year or so ago? I did actually lose it :/

      • #1 - I don't want to be nasty but running ready-made tools is not really RE. :)
        #2 - Just verified: myAut2Exe 2.12 build 197 works fine with _unpacked.bin from your v6.exe package and can decompile the script.
        #3 - Finding correct names is very hard but not impossible. That's why it's not implemented in the unpacker. When I unpacked your files last time, I did it by checking what filenames are used in AutoIt script.
        #4 - Sorry, I don't archive all the files that people send to me.

        • Many thanks. When I said RE I wasn't talking about using de-mole-ition or other ready2use tools. I did try unpacking it using some tutorials and ollydbg and what not, having downloaded a shitton of RE tools in the process. Anyway, no nastyness perceived on your message as I understood it perfectly.

          I finally managed to unpack it, and now I'm in the process of learning autoit so I can remove the shit-ton of protection on those files. I've managed to remove it from the main .exe (v6.exe as I suspected) but it seems to load some of the other ones which I'll have to unprotect and decompile to fix too. Fun times.

          The names for the files, it seems I'll have to guess them from the script names. The v6.exe had no reference to one of the files it extracted.. It'll be mostly fiddle-and-test.

          And no worries, I managed to use the license checking process to create a license-file creator, so no more need for the programador_v6 file.

          All of this all thanks to you, so again, many many thanks.

Leave a Reply

Your email address will not be published.

 ×  7  =  thirty five