Updated Enigma Virtual Box unpacker (again)
Enigma Virtual Box unpacker
There are few minor fixes:
- Now it can unpack Enigma Virtual Box versions 10.20 and 10.30;
- Correctly detects some old and rare versions of Enigma Virtual Box;
05
Mar
2023
Hi master Kao!
I've used this version of EVB tool:
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59 Supports Enigma Virtual Box v4.10..10.30
but the exe it recovered has got wrong EP as well as missed Import table, see below
some pieces from log:
...
[+] x64 executable
[+] Embedded files are compressed
[+] EnigmaVB version: 10.30
...
[!] Warning: cannot fix PE Exception directory. Unpacked file may or may not work. Be careful!
[+] Finished!
so the question is - what does it mean the last warning?
also when I opened up unpacked .exe in exeinfope 0077 it says this:
File is corrupted ---> Entry Point over the file! ***
example screen from the tool -
{hidden link}
general question - are there any reasons that the tool might not unpack exe(s) from EVB successfully?
Hi Alen,
I can't solve your specific issue without seeing the actual file. Please upload it to mega.nz or mediafire.com and send me a link.
I've tried to make the unpacker work reasonably well on most files. However, there are some corner cases which are either not implemented or not well tested because I didn't have enough sample files to work with. Judging from the screenshot, your file is 64-bit .NET executable and it might be one of those cases.
newbee!
And what exactly have you accomplished? :)
"Newbee" in Chinese homonym refers to "niubi" which means very awesome
I don't think he meant any harm, thanks for the file
Thanks for the explanation! :) You must admit, it looks more like an insult to people who don't speak Chinese.
I am trying to unpack an exe that is packed with Enigma Virtual Box but when unpacking I get this:
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59
Supports Enigma Virtual Box v4.10..10.30
Latest version always on {hidden link}
[+] Filename: Luxify 4 - Copy.exe
[+] MD5: cef5723e032181cf5db529d07b4b8c29
[+] x64 executable
[x] Expected section name ".enigma2", found ".rsrc"
[x] This file is not protected with Enigma Virtual Box or is hacked.
Looking at the sections, I see 2 sections with the name .enigma1 and .enigma2
I uploaded the exe if you want to look at it, which can be viewed here: {hidden link}
Thank you!
Hi,
your file is protected using Enigma Protector and/or Themida. That's not what my unpacker is for.
The tool overestimates the space needed to unpack an enigma file. Extracting a file that needs ~1GB of space, the program requested me to prepare well over 6GB of harddisk space.
Yes, that's intentional because there is no efficient way to do it properly. I had to choose between reading the entire file twice, running out of disk space during unpacking, or overestimating the free space requirements. I chose to overestimate.
If you feel adventurous, you can always use the "/nodiskspace" switch to disable the check.
Hi kao , can you check this out , it is packed and i'm not sure if this pack by enigma ..
Thanks
Here is the link : {hidden link}
That appears to be a custom loader used only by imperio-online.com. In addition to standard Tantra client+anticheat, it very likely contains an additional malware file.
I'm not going to do anything with it.
Okay I understand
Kao I appreciate your work, I use it regularly to translate anime games and just wanted to say thank you for making it easy to understand content made by people in other languages.
hey kao, are you related to India somewhat? (your username r.n kao)
No, sorry, I have absolutely no links to India. :)
what's the story behind your username?
There is no story.
But now that I've learned about R.N.Kao, I'm sure I could make one up... :D
Hi I'm using your 0.61 unpacker, and i tried to unpack mz game.
[i] Loading large file, it might take some time...
[+] x64 executable
[x] Expected section name ".enigma2", found ""
[x] This file is not protected with Enigma Virtual Box or is hacked.
I can see this notice. That's literally blank. And i can't see www folder or anything else.
What should i do about this?
{hidden link}
this is the link for my question.
Hi, I can't download your file:
In general - most often this unpacker message indicates that your file is really not packed by Enigma Virtual Box and there is nothing my unpacker can help you with.
Hi,
I successfully unpacked the RPG-Maker MV game using your program.
However, when I run Game.exe in the %DEFAULT FOLDER%, the window is blank. On the other hand, running *._unpacked.exe shows no response. _:(´□`」 ∠):_
Is there any specific process I need to follow to launch the game after unpacking?
Hi,
I can't answer your question without seeing the actual game. Could you please upload it to MEGA.nz or MediaFire and post a link?
I want to change the font, so I need to play it after unpacking. Would appreciate your help.(・A・´)ゞ
{hidden link}
(btw, NSFW game ´ω`)
Could you please rename %DEFAULT FOLDER% to something else and then try running game.exe? Any name without "%" sign should work just fine.
Cheers, kao.
It works! Turns out it was just a path issue (╯°O°)╯┻━┻
Anyway, thanks again for your help!
I seem to vaguely recall posting here quite awhile back asking about differences in V9 format. I don't quite recall if you answered or not.
Anyway, I've run into an odd thing - it's game on Steam (2007980).
The interesting part is that while it's FileSystemV9 packaging, it's offset by 0x20 bytes, that is the header starts at 0x20 bytes later in the .enigma1 section.
That obviously breaks things a bit...
Hi,
sorry, I don't recall that question/answer either.. :)
But from what I can see, my unpacker has no problems with it:
Happy New Year!
It doesn’t work anymore. Please update to a new version.
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59
Supports Enigma Virtual Box v4.10..10.30
Latest version always on {hidden link}
[+] Filename: Y:\BaiduNetdiskDownload\Last Stand Delivery\gamer520.com.exe
[i] Loading large file, it might take some time...
[+] x64 executable
[x] Expected section name ".enigma2", found ""
[x] This file is not protected with Enigma Virtual Box or is hacked.
L ] evb14CA.tmp
0字节
TMP文件
2024/1/4 17:27
De
evb15C5.tmp
1.50 KB
TMP文件
2024/1/4 17:27
[ ] evb1681.tmp
1.50 KB
TMP文件
2024/1/4 17:27
C ] evb16B2.tmp
1.50 KB
TMP文件
2024/1/4 17:27
evb16BE.tmp
0字节
TMP文件
2024/1/4 17:27
evb1B09.tmp
1.50 KB
TMP文件
2024/1/4 17:27
evb273F.tmp
1.50 KB
TMP文件
2024/1/4 17:27
EnigmaVBUnpacker v0.61, compiled on 05-03-2023 22:59
Supports Enigma Virtual Box v4.10..10.30
This is the download link {hidden link}
[+] Filename: G:\1\gamer520.exe
[i] Loading large file, it might take some time...
[+] x64 executable
[x] Expected section name ".enigma2", found ""
[x] This file is not protected with Enigma Virtual Box or is hacked.
Hi, your file is protected with Enigma Protector v6.80. It is a totally different protection and my unpacker does not support it.
Thank you for the programme, it's very useful, but unfortunately the latest version of EVB is no longer available for unpacking... I hope very much that it will continue to be updated, thank you very much.
tried unpacking this {hidden link} but getting an error
[+] x86 executable
[x] Didn't find "EVB" signature.
[x] This file is not protected with Enigma Virtual Box or is hacked.
it have .enigma2 section
Hi, it's protected with the latest Enigma Virtual Box v10.60. Unfortunately my unpacker does not support it yet but I'll be releasing a new version soon.
It doesn't work for version 10.60 of EVB.(The latest version I know)
Thank you for the heads-up. :) New version will be out soon.
New version published here: https://lifeinhex.com/happy-2024/
Please report any issues you find, I did not have many files to test it with.