Packer: Enigma

[baconwaifu]

(Why does github submit a new issue when you accidentally hit enter while typing the title?)

Enigma Protector is an EXE packer/wrapper that takes a compiled EXE and wraps it in a convoluted decryption layer that makes use of significant amounts of self-modifying code and RWX segments, and is notably used to provide anti-tamper for DLSite's in-house DRM (serial-number + hardware hash submitted to online service, get hash-specific 'ticket' back, can also be configured to check validity every start for 'rental' games).

Fortunately, regular 'bare enigma' is pretty easy to defeat, at least on the confidentiality side: because it takes a full EXE as input, it can't really do any link-time stub+bytecode shenanigans like certain other protectors, and a simple memory dump of the process after it's started will reveal the contained code segments (but enigma itself erases critical functions before jumping to the contained code to hide how it works)

[TheRogueArchivist]

Hello and thank you for drawing my attention to this! To be sure, is this packer the same as the one being marketed here? https://enigmaprotector.com/

[baconwaifu]

Yep, at least as far as I can tell. They also claim to have more advanced stuff similar to VMProtect, but I haven't personally encountered those (or if I have, I didn't notice).

[TheRogueArchivist]

Perfect, thank you again! 😁