Unravel.two-codex

  • Roadmap (v2.0):

    • Modern malware and legacy software often employ multi-layered obfuscation (control-flow flattening, opaque predicates, and dead code insertion). Standard linear disassembly tools (e.g., objdump, IDA Pro) struggle with dynamically computed jump targets and self-modifying code. Unravel.Two-CODEX introduces a hybrid analysis engine combining phase-one dynamic tracing with phase-two symbolic recompilation. The framework unpacks, linearizes, and verifies execution paths, producing a high-purity Intermediate Representation (IR) amenable to formal verification.

    Obfuscated snippet (original intent: if (a > 10) b = 1; else b = 0; )
    Transformed with flattening + opaque predicate: Unravel.Two-CODEX

    start:
    v = 0x12345678
    switch (state) 
        case 0: if (a - 10 > 0x7fffffff) state=2; else state=1; break;
        case 1: b=1; state=3; break;
        case 2: b=0; state=3; break;
        case 3: exit;

    Unravel.Two-CODEX execution:

  • Recovered IR: b = (a > 10) ? 1 : 0.

    • The release itself, typically labeled Unravel.Two-CODEX, is a binary artifact of a specific moment in time. It usually includes: Roadmap (v2

    What made the Unravel.Two-CODEX release special was the timing. By mid-2018, Denuvo had released version 4.8, which introduced "VMProtect" integration, making the DRM effectively a black box. Many smaller groups gave up. CODEX, however, used Unravel Two as a proof-of-concept.

    The crack did not remove Denuvo; it emulated it. The CODEX crack intercepted the Denuvo license server calls and returned a positive "valid" signal constantly. This required deep kernel-level hooks—modifying how Windows processes system calls. For a game as seemingly innocent as Unravel Two, the crack was overkill. But that was the point. CODEX was showing EA that no game, regardless of budget, was safe. Unravel

    The release of Unravel.Two-CODEX on June 9, 2018 (just one day after the official launch) caused a stir in both the cracking and gaming communities. Here is why:

    Modern "AAA" games often require online checks. Unravel Two, especially on the Switch and PC, has a fragile online co-op component. The CODEX crack strips out the phone-home requirement, meaning that if EA’s servers for this niche title go dark in 2030, the Unravel.Two-CODEX version will still run local co-op perfectly. Piracy, in this case, becomes a form of software preservation.