Safengine Protector 2.4.0.0 Cracked

2 views

Skip to first unread message

Danielle Landes

unread,

Aug 20, 2024, 6:35:36 AM8/20/24

to tighdiforse

The Steam forums have been however very active lately about this issue, the main issue was that Capcom pushed this onto consumers with no warnings on old games, and to make matters worse, the company that made "The Enigma Protector" is sketchy as the company supposedly doesn't exist.

Safengine Protector 2.4.0.0 Cracked

Download File https://pimlm.com/2A3gfg

Now the issue why people are very paranoid about this is that there's this exe file which had the Enigma Protector and it triggered several AV engines including Malwarebytes, I however can't figure out if its tied to Capcom but it was brought up multiple times in the forums.

This could also very well just be blown out of proportion, but I unfortunately lack the skills to do a thorough investigation myself on this matter, what triggered this news to spread was when Capcom tried to implement this in Resident Evil Revelations but screwed up and made people notice. They have reverted the update for this game, however it is still in the other games.

Please reference the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected new threats in the form of disk files.

I'm not an employee of malwarebytes, but I've been exposed to and know about Enigma Protector, so I may be able to be of some help to you.
Enigma Protector is pretty much the same as VMProtect/Themida/Safengine (also known as NoobyProtect), an encryption protection and anti-debugging shell for software.
I don't have access to download the attachments from the Malwarebytes forum, but thanks for the VT link, I can get them from VT using the API.
The first two of the three files you provided are from CAPCOM, no problem, but the third is obviously not from CAPCOM.
It uses a trial version rather than an official version of Enigma Protector, and it's also not digitally signed by CAPCOM, and even more disastrously I can't debug and analyze it because of the presence of Enigma Protector.
It's true that these protectors affect analysis and detection by security software, but I don't think that just because they add encryption/virtualization protection that it's harmful.

Yeah fair enough, wasn't really sure if this would be the right place to post this or not as its speculations, I usually don't mind DRM or packers myself but it did make me a bit anxious that it seemed rather obscure and the whole fearmongering happening in the steam forums. Just wish that someone could put a proper end to the discussion if this is really harmful or not.

All viruses are malware but not all malware are viruses. There is a taxonomy to malware and malware is a portmanteau of MALicious softWARE. Malware consists of all trojans, viruses and exploit code. Just like when it comes to cars; All Fords are automobiles but not all automobiles are Fords. And just like there are no Ford Chryslers, there are no trojan viruses.

So games are often used alongside malware. Unlike a virus which spread autonomously, a trojan needs assistance. Social Engineering (the Human Exploit) and Software Exploits are often used to get the malicious software into your enclave, your computer. Today we are seeing many fake Game Sites being setup offering Free Beta versions of some "game." Using Social Engineering exploiting the gamers' "desire", people go to these sites and download what is malicious software, where the installer is often hosted on Discord's CDN (Content Delivery Network). Another way is to take a legitimate Game Installer Package and wrap another installer around it that will also install malware.

They see information about submitting a file or files to Virus Total where the file(s) can be scanned by a multitude of participating anti malware vendors, which includes the Windows Malwarebytes (Virus Total version) Engine and Signature set.

In the old days when Virus Total was owned by Hspasec Sistemas, the name of the malware was quite indicative to the type of malware and the family it may be a part of. There was a fairly well adopted convention to the naming of malware detections. However Today that is not the case. Thousands upon Thousands of new trojans are introduced daily and it just isn't viable to have a specific naming convention. Anti malware vendors believe what is most important is that the malware is detected and removed, regardless of the name. Additionally each anti malware vendor has their own naming convention for heuristic detections. These are not based upon a particular signature or fingerprint but by a loose analogy logic of "If it walks like a Duck and squawks like a Duck, then it must be a Duck". But that also leads to false detections which are known as False Positive defections.

If I have a given malware file (binary) and release it Today, it may not be detected. However Heuristics may catch some new files. As time goes by and the given malware binary is in-the-wild it will start to be signature detected and it will be shared and the number of anti malware vendors detections will ultimately rise. In many cases this could be in hours but mostly in days.

That's where packers and cryptors come into play. These software utilities allow that malware to run and work as intended but the binary is completely altered. All signatures that may have been reliably been detecting the binary will no longer detect it and thus the game of detections starts all over again.

So that's where he paradox comes in where malicious actors use the software to make their detected malware less or undetected while legitimate software vendors use the software to protect their Intellectual Property.

A true malware file represented on Virus Total will see a large number of detections of mostly signature based detections and not of heuristic detections. If a file has been known to virus Total for months and has a very low number of defections then the file's detections may be only heuristic detections, False Positives or when it comes to Potentially Unwanted Applications/Programs (PUA/PUP) the file could be a case where a vendor's stance of what makes a PUA/PUP detection is based upon their criteria for the decision. For example the criteria for a PUP detection by Eset may not meet the criteria of Malwarebytes.

** Now you, the consumer of said Capcom game(s), should contact the author, and ask if they are to use the Enigma Protector to protect their intellectual property rights, why they don't Digitally Sign their files to avoid such detections and the ensuing confusion.

Why You or Raham refuse to publish an Tutorial how you do this? You publish a good Tut's for vmprotect, themida, winlicense...etc(there are developers behind this protectors)....Raham publish a good Tut for enigma(there are one developer behind this protector too), both of them earn your bread of each day with this work, so, the developer of this protector is different from the others mentioned? Really I don't understand why, this is only a doubt nothing more, leave it clear that I respect the decision of both you, even because until this date I not found any commercial software protected by this packer, maybe there are, but I didn't found until now. I only have an interest that is the desire to learn, I think this isn't wrong, isn't it?
Regards

so as I said already before that a good friend asked me before a longer while not to create a tutorial / Unpack-Script etc for this protection because of the reason "XY" [you know a friend is a friend].So I have no problem with this so its only one protector which I keep untouched in public so far till "XY".Anyway but this should not be the big problem so if you really want to know how to unpack this protection then just grab this or any other UnpackMe [you know there was already postet many of them] and start and also this I told before etc.Just do the first step and then post what you got and the problems where you stuck at some place durring your unpack process etc and then lets see what kind of answers you get then you know.

So if you really want to lern then just start so I think you know the motto "lerning by doing" right and thats true and this I can also promise you that you will definitely lern if you just do also if you do and do again and again and again hundred times etc so at one certain position you will see more than before in your other ninety-nine tries.Maybe this sounds maybe ridiculous for you at the moment but its so and in some cases you will need more tries and in others less.

Just a exsample: So before a long time I did start with unpacking and one of my first HTML tutorial what I did read was a Armadillo 2.x with CopyMem II.So I did read it many many times and followed each step of the tutorial but I did always fail on the CP2 although I did the same as described but it didn't work for me and this was really frustrating and then after some days or a week I tried to do some other ways to handle this problems and after a while it did work and I also have seen that there was a faulty description in the tutorial itself so that this way as described would never work on this way.So this was one of my first own success to handle a problem by myself and this has taken almost a week where I did work on that problem each day for hours.