10 May

Update of unpackers

I'm trying to get back into reversing. Slowly.

So, here's a long-promised update to Molebox unpacker. It fixes unpacking of very, VERY, VERY old Molebox versions. The only file I have ever seen packed with it, is SCWU role playing game.

Enigma Virtual Box unpacker

This was done long time ago but I never posted it publicly. Support for Enigma Virtual Box 9.30/9.40. Should support 9.50 but it's not tested.

22 thoughts on “Update of unpackers

  1. Avatar

    Hi sir ! thanks god you're back ! btw can you check this Exe , i can't unpack it using your new version of Demoleition. I just need the file inside for study :) or you can send it to my Email :)
    {hidden link}
    I hope you can check it :)

    Link here: {hidden link}
    Mirror: {hidden link}

    God Bless Sir Kao !

  2. Avatar

    Hi Sir Kao i'm glad that you're back in reverse engr. anyways can you check this one ? i can't unpack it using your tool , can you check it ? and please if you don't mind can you send the files to my email address just for study .
    Thank you sir Kao ! God Bles
    {hidden link}

    • Avatar

      That's because it is a custom launcher and not packed with Molebox or Enigma Virtual Box. It's very easy to unpack, just put a breakpoint on WriteProcessMemory and you'll find both unpacked EXE file and a special DLL.

      I will not send you any files - if you need it, you unpack it yourself. :)

  3. Avatar

    Dear Mister Kao, you just solved a major crisis for M.U.G.E.N. THE SCWU, years and years people suffered to try to find solutions for this game, I ended up getting very close and ended up understanding the situation in which the game was, but I don't have knowledge in reverse engineering, you saved a lot of developers from Mugen and other game MODs, just doing this, THANK YOU VERY MUCH, although I think the creator of the free game (G Sueno) may be very angry when discovering this, but the game has been around since 2003 so I still don't know. ..
    IN ANY WAY THANK YOU!

  4. Avatar

    Nice you're back in action, kao! Great job as always, also for directions to Gordon.

    1 thanks and 1 request till now ... fair enough, I think :)

    • Avatar

      Hi Gino Manzon, "hide files" feature is supported, you just need to have a good mole_dictionary.txt. Please read the description in https://lifeinhex.com/september-update-of-unpackers/ .

      If you have a specific file that cannot be unpacked correctly, please upload it to MEGA or MediaFire and post the link in comments. I will be happy to check it when I have some free time.

  5. Avatar

    ahh i see , thank you sir kao , i hope soon you can update this hide features without using mole dictionary.text i'm willing to pay :)

    • Avatar

      :facepalm: Did you read the explanation in my link?

      Molebox VS [...] stores hash of the filename - original filenames are not stored anywhere

      It works the same way like cracking password hashes - you know the hash and want to find the password (or filename). You can either run MD5 bruteforce - which will take days/months/years, or use a good dictionary and find the password immediately. There is no other way.

  6. Avatar

    Hello Mr Kao, I have been trying to unpack an exe with all versions of your tool, but I have not been successful and I always get a message: [x] EXCEPTION ERangeError

    Peid shows: MoleBox 2.x.x -> Mole Studio [Overlay]

    I'll leave the file in case you have some time and maybe I can look at it.
    Thank you for your time and attention.

    {hidden link}

    • Avatar

      Thank you Cristiano, your uploaded file helps me a lot!

      I know what the problem is and will try to fix it soon™. I'll post an updated version of unpacker when it's done.

  7. Avatar

    [+] Filename: E:\abc\123.exe
    [i] Loading large file, it might take some time...
    [+] x86 executable
    [x] Expected section name ".enigma2", found ".engame2"
    [x] This file is not protected with Enigma Virtual Box or is hacked.

    What does it mean? Why doesn't it work?

    • Avatar

      It means exactly that:

      This file is not protected with Enigma Virtual Box or is hacked.

      If you know how to use hex editor, you can try to find string ".engame2" in the PE header, change it to ".enigma2" and hope that my unpacker will work afterwards.
      Changing .engame2

Leave a Reply to WayneYan Cancel reply

  • Be nice to me and everyone else.
  • If you are reporting a problem in my tool, please upload the file which causes the problem.
    I can`t help you without seeing the file.
  • Links in comments are visible only to me. Other visitors cannot see them.

Your email address will not be published.

six  +   =  15