Update of unpackers

kao

Enigma Virtual Box unpacker

There are plenty of changes.

  • Properly detect versions 9.50..9.90
  • Unpacks files packed with 9.80 and 9.90
  • Added command-line parameter "/nodiskspace", as requested by some users. If it crashes during unpacking because it ran out of disk space, it's your problem.
  • Unpacker properly handles invalid input filename

Molebox 2.x unpacker

  • Support more versions of very old Molebox
  • Unpacking files with digital signatures should be improved
  • Some rare bugs have been fixed

Autoplay Media Studio unpacker

  • Added support for AMS version 8.5.3.0.
  • Support for Imagine MemoryEx encrypted files, as requested by someone.

What is MemoryEx?

MemoryEx is a plugin released by Imagine Programming, allowing for more advanced operations from within the Lua environment you will find in Autoplay Media Studio 8.

While it's not a very common plugin, there are several niche programs which use this plugin. For example, most programs from dindroid.com use it.

When you unpack such file, please pay attention to the "Found protected file" messages:

As you can see, unpacker created some .luac files.

Next, you will need to find a LUA decompiler and decompile these files. I suggest you try unluac, luadec or whichever LUA decompiler you prefer.

Decompiler should produce .lua file which contains all the interesting stuff. For example, part of G-Nerator code looks like this:

return {
  info = {
    name = "Anderson M Santos",
    author = "dindroid.com",
    contact = "andersonnsantos36@gmail.com"
  },
  functions = {
    Install = function()
      function Stile_Sonbre_P()
        sHandl = Application.GetWndHandle()
        DLL.CallFunction(_SystemFolder .. "\\User32.dll", "SetClassLongA", sHandl .. ",-26," .. 131072, DLL_RETURN_TYPE_LONG, DLL_CALL_STDCALL)
        if Label.GetText("local") == "C:\\" then
          Label.SetText("local", _ProgramFilesFolder .. "\\Dindroid")
        end
        Image.Load("imico", _TempFolder .. "\\icon.tmp")
        Image.Load("imc", _TempFolder .. "\\bts_01.tmp")
      end
      function Install()
        Folder.Create(_ProgramFilesFolder .. "\\Dindroid" .. "\\G-Nerator")
        File.Copy(_SourceFolder .. "\\Install\\*.*", _ProgramFilesFolder .. "\\Dindroid" .. "\\G-Nerator", true, true, false, true, nil)
        sP = System.EnumerateProcesses()
        for j, file_path in pairs(sP) do
          file = String.SplitPath(file_path)
          if file.Filename .. file.Extension == "GNerator.exe" then
            File.Copy(file_path, _ProgramFilesFolder .. "\\Dindroid" .. "\\G-Nerator\\")
          end
        end
        Shell.CreateShortcut(String.Replace(_WindowsFolder, "Windows", "") .. "\\Users\\Public\\Desktop", "G-Nerator", _ProgramFilesFolder .. "\\Dindroid" .. "\\G-Nerator\\GN.exe", "", "", _ProgramFilesFolder .. "\\Dindroid\\G-Nerator\\GN.exe", 0, SW_SHOWNORMAL, nil, "")
....

That's all folks, have fun using it!

As always - if you notice any bugs, please report them. And most importantly - Happy New Year everybody! 🙂

Update of unpackers

kao

I'm trying to get back into reversing. Slowly.

So, here's a long-promised update to Molebox unpacker. It fixes unpacking of very, VERY, VERY old Molebox versions. The only file I have ever seen packed with it, is SCWU role playing game.

Enigma Virtual Box unpacker

This was done long time ago but I never posted it publicly. Support for Enigma Virtual Box 9.30/9.40. Should support 9.50 but it's not tested.

April update of unpackers

kao

Molebox VS unpacker

This is a quite big update for Molebox VS unpacker. It fixes most of the bugs I'm aware of:

  • Supports Molebox GPL version
  • Removes "anti-hacking" protection
  • Supports BOX files in sub-directories
  • Shows embedded command-line
  • Main executable will be named {yourfile}_unpacked.exe
  • Fix calculation of SizeOfImage in edge cases
  • Fix decryption in edge cases

It's still not perfect and will fail in some situations - but I didn't want to postpone the release any longer. Please let me know if it crashes for you and I'll try to fix the problem. 🙂
Read More

March update of unpackers

kao

Enigma VirtualBox unpacker

  • Unpacker will refuse to run if there is not enough space in TMP folder and/or in working directory
  • PE header size was calculated incorrectly in some cases
  • TLS directory was not detected correctly for some files

Setting TMP folder to a RAM drive was a good idea in 1990s. Now it's year 2019 and you can't manage virtual memory better than Windows already do. But some people apparently still try, so I added checks to stop them from shooting themselves in the foot.

Molebox VS unpacker

  • Added support for a very old version on Molebox VS, as reported by death

The fix was actually implemented a long time ago, I just didn't make the announcement.

September update of unpackers

kao

Last few months have been... extra busy. I survived HDD crash, participated in Flare-On reversing contest (and finished 4th!), had quite fun projects at work - but all that is a matter of another story. Today I want to share with you a long-overdue update for unpackers.

Enigma Virtual Box unpacker

  • Added support for Enigma Virtual Box v8.10, v8.20, v9.00 and v9.10.
  • Unpacker now restores file attributes and date/time. Be careful, unpacked files might have attributes "read only", "hidden", etc.!
  • Added validation of extracted folder/file names to prevent directory traversal attacks. It was on my todo list for a long time and all the media-craziness around Zip Slip finally forced me to do something about it.
  • Fixed warning message about TLS directory. Mea culpa.

Molebox Virtualization Studio unpacker

  • Fixed error "VFSDecrypt: failed to find STELPACK signature" on some data files;
  • Fixed error "SPack catalog not found or invalid. vfsrootsize=00000000" on some EXE files;
  • Fixed out-of-memory error when unpacking huge data files;
  • Loads possible filenames from mole_dictionary.txt;

How to use mole_dictionary.txt

If you have a file which uses "hide files" feature of Molebox VS, it only stores hash of the filename - original filenames are not stored anywhere. But if you have a good idea what the filename might be, you can add it to mole_dictionary.txt and my unpacker will use that for intelligent guessing.
Read More

February update of unpackers

kao

Enigma Virtual Box unpacker v0.51

  • Hopefully solved the UI-freeze issues.
  • Improved loading speed for big files (100+ MB).
  • Added a warning for the user when loading big file:
     Loading large file, it might take some time...
  • Added support for Enigma Virtual Box v8.00.
  • Enigma Virtual Box v8.00 finally added support for TLS callbacks. My unpacker will detect such files and will try to fix TLS directory automatically.

Known issue - for x64 executables exception directory is not restored. The unpacked executable will work until an exception happens. If you find any such executable, please send it to me and I'll work to improve the unpacker.

demoleition v0.60

  • Hopefully solved the UI-freeze issues.
  • Fixed bug with certificates and overlays that I introduced few versions ago.
  • Fixed bug with multi-packed files
  • Main form shows that only Molebox v2.x is supported.
  • Improved loading speed for big files (100+ MB) and added warning for users.

demoleition VS v0.01


This is first BETA release of static unpacker for Molebox v4.x. It works for most of the files in my collection but is not well tested by any means. If you notice any bugs (trust me, you will!), please let me know.

Known limitations: way too many. Few most important ones:

  • Error checking is very limited. If something bad happens, it will most likely crash.
  • Main file is saved as _unpacked.bin. Overlay (if present) is saved as overlay.bin.
  • The biggest problem is the "hide files" feature of MoleboxVS. It does not store original filename, just the MD5 hash of it. So, in those cases it's almost impossible to restore original filenames. I added big fat warning for those cases.
  • Loading large files will make the UI freeze. I'll fix it after the bugs in unpacker itself are fixed.

So, why release it? I've had it like this for 5+ years now. It almost works. But without your feedback it will stay in this "almost working" state forever. The more bugs you report, the bigger the chance that I'll finally finish this project.. So, have fun!


Bugs reported by users. I'll work to fix the when I get some free time.

  • Some data files can't be unpacked. Error
    [x] VFSDecrypt: failed to find STELPACK signature
  • Sometimes main EXE file will not be unpacked. No error message but _unpacked.bin file won't be created.
  • Mysterious unpacking problem on some files. Error
    [x] SPack catalog not found or invalid. vfsrootsize=00000000
  • Very large data files can't be unpacked. Error
    [x] Exception loading extra box file

December update for unpackers

kao

This month brings us not one but two updated unpackers! 🙂

Updated Molebox unpacker

  • Fixes a crash with double-packed files. Thanks to whoknows for reporting the issue!

Updated Enigma Virtual Box unpacker

  • Support for Enigma Virtual Box v7.90
  • Detection of Enigma Protector. The feature was added long time ago but accidentally removed later.

I still need to work on the UI-freeze issue. When unpacking very large files, UI will appear to be frozen until unpacking process completes. It may take 5+ minutes on very large files, please be patient!