Page 2 of 2

Re: Enigma AutoUnpacker

Posted: Mon Jun 18, 2012 8:11 am
by Enigma
I'm very curious how can you defeat the option Encrypt with Encryption Constant? Or RegCrypt markers? If you do not have valid registration key then it is impossible (of course, everything is possible with bruteforce).

Anyway, new version of Enigma Protector will be soon released, no any tool/tutorial that trans noticed will be working there.
Current pre-release version already defeats all these methods, hope that final one will be even better.

Re: Enigma AutoUnpacker

Posted: Mon Jun 18, 2012 9:48 pm
by scorillo7
YourWorstNightmare wrote:We don't talk about basic protections here.
All options except the "Encrypt target with HWID" is defeated but this feature can't be counted as a real protection feature. Even the Enigma Protector itself isn't protected with that feature so there seem to be some problems about using it.
You are right about the API. The better it's implemented the harder it becomes. But it's wrong to say that it becomes uncrackable. In most cases you can simply modify the return value of a certain function to the value the program wants to have. So that if you call i.e. the IsRegistred function you can simply set the return value to always true.
And since the VM is fully defeated too those VM macros inside your program don't have any effect.
Dude you are right but not entirely.
In fact even if Vm is cracked if the app is protected with HWID particular id any craker will fail because even the app not know what to expect,it is blind.The Enigma will grab the HWID and pass to decryption routine,if valid will execute program host, if not will end.

i assume the enigma use a function which will test if the code after decryption is valid or not,i do not know but i bet on some fingerprint(hash)inserted when program is encrypted and compared with hash from computer where is run it... i 'm only guessing here.
No cracker (who know very good assembly language)in the right mind will not reverse(jne to je or je to jne) that call ,simply because that will generate error on execution.

The only things which can be made against that type of protection is:
-to strip a valid/legit app and remove completely Enigma from that app and release that version to the public.That's it.It is the only solution.
I do not know or understand why developers complaining here don't use that option.STOP crying,implement a routine to get back the id from customer it is just a couple a minutes to do that,and all you're problem is solved.
YourWorstNightmare wrote: Enigma Protector itself isn't protected with that feature so there seem to be some problems about using it.
There is no problem with that feature,i used in every project,the only problem is time because you must have some cron app to generate protected app for every HWID from customers.So i'm guessing is not implemented from lack of time.It is time consuming when you do it manualy,if this can be automated that feature will be a kick a## feature.

Re: Enigma AutoUnpacker

Posted: Thu Jul 19, 2012 11:26 am
by SpyEye
Enigma, can you explain why this script working? It was posted a few days ago.
Enigma 1.x - 3.x VM Unpacker 1.0
****************************************************
( 1.) Unpacking of ENIGMA 1.x - 3.x
( 2.) Overlay Scan & Dump
( 3.) Enigma Version & Extra Data Scan
( 4.) Attached File Dumper
( 5.) Dumping of Clean & Fixed ENIGMA DLL_Loader
( 6.) Read - Log - Labeling of DLL_Loader Exports
( 7.) RegSheme Bypass for Old & New Versions
( 8.) HWID Changer for Old & New Versions
( 9.) Extra File Dumper - VBox
( 10.) VirtualMemory Fixer 1.96 - 3.7+
( 11.) Stolen Code Fixer
( 12.) VM OEP Scan & Move & Adjustment
( 13.) Advanced Code Redirector
( 14.) IAT Scanner
( 15.) Visual Basic API Fixer
( 16.) Visual Basic Dll Function Logger
( 17.) ENIGMA DLL_Loader SDK API Fixer
( 18.) Extra File SDK API Fixer
( 19.) TLS CB FIXER
( 20.) TLS Pointer Scan & Fixer
( 21.) PE Header Size Increase
( 22.) Main File Dumper
( 23.) GetStartupInfo Patcher
( 24.) Special Anti Patcher
( 25.) Supports Exe & Dll Files
( 26.) Supports Very Easy User Handling
****************************************************
will the new version of protector defeating this shit? I'm asking, because i want to buy a protector for my program. But i'm still thinking about other protectors, that don't have unpacking scripts and tools, can you tell me about a new version of protector? When wll it selling?

Re: Enigma AutoUnpacker

Posted: Thu Jul 19, 2012 11:34 am
by Enigma
This is endless war between crackers and protection :) Btw, does this script work?

New version will be release today or tomorrow.

And I would say the protection will be updated more often in future to bypass all known unpacking methods.

Re: Enigma AutoUnpacker

Posted: Wed Sep 26, 2012 3:08 pm
by Sh4DoVV
Hi friends
This script written by by LCF-AT from tuts4you team
it unpack enigma protected file 3.x version and old version but can not unpack version 3.8
I write a plugin that bypass enigma auto unpacker and this script and debuggers
good luck

Re: Enigma AutoUnpacker

Posted: Wed Sep 26, 2012 3:17 pm
by Enigma
Hi Sh4DoVV,

Thanks you for the information. For any details please write to Sh4DoVV directly using PM.

Enigma AutoUnpacker

Posted: Fri Sep 28, 2012 8:05 am
by zfranco
Sh4doVV, You're showing a great partner projects ... I would say a faithful squire. Sorry can I not help, because I am a beginner in programming ... I like the enigma protector and always say that all help are welcome. I look forward to the success of the work! Good luck in your scripts!