27 Feb

February update of unpackers

Enigma Virtual Box unpacker v0.51

  • Hopefully solved the UI-freeze issues.
  • Improved loading speed for big files (100+ MB).
  • Added a warning for the user when loading big file:
  • Added support for Enigma Virtual Box v8.00.
  • Enigma Virtual Box v8.00 finally added support for TLS callbacks. My unpacker will detect such files and will try to fix TLS directory automatically.

Known issue - for x64 executables exception directory is not restored. The unpacked executable will work until an exception happens. If you find any such executable, please send it to me and I'll work to improve the unpacker.

demoleition v0.60

  • Hopefully solved the UI-freeze issues.
  • Fixed bug with certificates and overlays that I introduced few versions ago.
  • Fixed bug with multi-packed files
  • Main form shows that only Molebox v2.x is supported.
  • Improved loading speed for big files (100+ MB) and added warning for users.

demoleition VS v0.01

This is first BETA release of static unpacker for Molebox v4.x. It works for most of the files in my collection but is not well tested by any means. If you notice any bugs (trust me, you will!), please let me know.

Known limitations: way too many. Few most important ones:

  • Error checking is very limited. If something bad happens, it will most likely crash.
  • Main file is saved as _unpacked.bin. Overlay (if present) is saved as overlay.bin.
  • The biggest problem is the "hide files" feature of MoleboxVS. It does not store original filename, just the MD5 hash of it. So, in those cases it's almost impossible to restore original filenames. I added big fat warning for those cases.
  • Loading large files will make the UI freeze. I'll fix it after the bugs in unpacker itself are fixed.

So, why release it? I've had it like this for 5+ years now. It almost works. But without your feedback it will stay in this "almost working" state forever. The more bugs you report, the bigger the chance that I'll finally finish this project.. So, have fun!

Bugs reported by users. I'll work to fix the when I get some free time.

  • Some data files can't be unpacked. Error
  • Sometimes main EXE file will not be unpacked. No error message but _unpacked.bin file won't be created.
  • Mysterious unpacking problem on some files. Error
  • Very large data files can't be unpacked. Error

40 thoughts on “February update of unpackers

  1. Frikin hell! 2nd best day of 2018! :D

    I'll run all the files I have thru it and if I find any bugs I'll be sure to let you know.

    • Man RE is hard stuff for the short minded.
      Even after passing the thru De-mole-ition VS. The resulting .exe file can't be unpacked thru exe2aut or myaut2exe.

      Can one ask how did you find out the name of the background32.jpg file? I could find out that the other 3 are wave files.

      Also, and this might be a strange question. Could you check on your test files, if I haven't send you a file named Programador V6.exe or similar a year or so ago? I did actually lose it :/

      • #1 - I don't want to be nasty but running ready-made tools is not really RE. :)
        #2 - Just verified: myAut2Exe 2.12 build 197 works fine with _unpacked.bin from your v6.exe package and can decompile the script.
        #3 - Finding correct names is very hard but not impossible. That's why it's not implemented in the unpacker. When I unpacked your files last time, I did it by checking what filenames are used in AutoIt script.
        #4 - Sorry, I don't archive all the files that people send to me.

        • Many thanks. When I said RE I wasn't talking about using de-mole-ition or other ready2use tools. I did try unpacking it using some tutorials and ollydbg and what not, having downloaded a shitton of RE tools in the process. Anyway, no nastyness perceived on your message as I understood it perfectly.

          I finally managed to unpack it, and now I'm in the process of learning autoit so I can remove the shit-ton of protection on those files. I've managed to remove it from the main .exe (v6.exe as I suspected) but it seems to load some of the other ones which I'll have to unprotect and decompile to fix too. Fun times.

          The names for the files, it seems I'll have to guess them from the script names. The v6.exe had no reference to one of the files it extracted.. It'll be mostly fiddle-and-test.

          And no worries, I managed to use the license checking process to create a license-file creator, so no more need for the programador_v6 file.

          All of this all thanks to you, so again, many many thanks.

  2. hi, kao
    I can not open it with the software, hope you look over for me, thanks you
    link: {hidden link}

      • thanks kao, can you tell me what file is this protected by ?, i use ollydbg but can not open it
        link: {hidden link}

          • Thank kao, good day.
            I use Ollydbg to edit the bin file, but open up it says EBX: DEADCODE, How to fix, I try to find on the net but not effective, you can see through it help me. thanks you
            pic ex: {hidden link}
            file: {hidden link}

  3. I'm having trouble with this file:
    {hidden link}

    It says that the signature seems to be invalid. Thanks in advance for your help!

    • Could you please upload a full game, so I can check it? I'm not sure if your file is modified or it's some feature of Molebox I haven't seen before.

      You can use hex editor and change last 4 bytes of the file to

      After that my unpacker will work just fine.

  4. Hi, Enigma 0.60 for file {hidden link} show me warning: "[!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!"

  5. You such expert and you can only unpack molebox and virtual box.

    Why don't you write an unpacker for VMprotect or Themida?

    Too strong for you? Huh. Such expert. Such disappointing. Wow!

    PS. Who utilze molebox or virtual box in 2018? Answer. Nobody.
    PS2. I cannot wait for your UPX unpacker :-P show your real strength.

    • [b]@Professor Kaos[/b]
      Can you, please, moderate your tone?

      How did you come to the conclusion kao is able to unpack only molebox and enigma virtual box?
      It just happens he is FREELY sharing his own work on those two protectors.

      kao is a great reverser and he owe NOTHING to me or you. I'm 100% sure he can deal with strong protectors, hard-to-analyze malwares and the like ... and, by the way, he already proved so in previous blog posts.

      Anyway if you think that offending kao this way you'll force him to give you the ready-made unpacker you're looking so desperately for ... well, IMHO you're loosing your time. kao is not so unsophisticated :D

      No hard feelings of course ... it just disturbes me when people try to take advantage of good persons, like kao, this way.

      Big kudos to kao who ignored the message ;) ... and, of course, big thanks for his continued knowledge sharing :)

      Best Regards,

  6. Hi,kao. I use your tool(demoleition VS v0.01) to unpack this file.
    but it don't work.it look protected with molebox 4.x.can you help me?

    {hidden link}

  7. Hey!
    I've been using your Enigma unpacker for some time already, and it was usually working fine. However recently I met some games I couldn't unpack ( they are new), because of 'Could not find original TLS directory.' In other games I mentioned Unpacker gives TLS error and doesn't unpack anything, but in one it does unpack some files, then it gives error.
    Exe: {hidden link}

    Thanks for your great work!

  8. {hidden link}
    Hi,kao.this file look protected with Enigma Virtual Box v9.00.
    Can you support it?
    Have a nice day!

  9. {hidden link}

    This file is not unpacked. (Enigma Virtual Box unpacker v0.51)

    [!] Unknown EnigmaVB version, cannot guarantee that unpacking will work properly!
    [!] unknown virtual file type 0
    [!] unknown virtual file type 0
    [!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!

  10. {hidden link}

    EnigmaVBUnpacker v0.51, compiled on 27-02-2018 20:18

    [+] EnigmaVB version: UNKNOWN
    [!] Unknown EnigmaVB version, cannot guarantee that unpacking will work properly!
    [!] unknown virtual file type 0
    [!] unknown virtual file type 0
    [!] WARNING! Could not find original TLS directory. Please send me the file and I will fix the unpacker!
    [+] Unpacked main file: G:\Desktop\SiglusEngine_CHS_unpacked.exe

    Please have a look, thank you.

  11. Do you have plan about new latest version EVB unpacker release?
    It's very nice tool. It's very useful.
    Thanks very much kao.

Leave a Reply

Your email address will not be published.

four  −   =  3