UnPackMe
24 files
-
Eclipse Runtime Obfuscator
By C5Hackr
Hey everyone,
I’m sharing an UnpackMe challenge that combines VMProtect packing with runtime function obfuscation using Eclipse Runtime Obfuscator. This should be an interesting challenge for those who enjoy working with dynamic obfuscation and anti-debugging techniques.
Protection Details:
VMProtect is used for basic packing, with import protection and anti-debug enabled. Eclipse Runtime Obfuscator dynamically obfuscates function execution, making dumped analysis and debugging difficult. Function code is relocated to a new memory region at runtime and accessed through vectored exception handling (VEH) instead of direct execution. Eclipse Runtime Obfuscation Features in this UnpackMe: Exception-Based Execution Handling – Execution is redirected via VEH, preventing direct tracing. Junk Code Injection – Adds meaningless instructions to mislead disassembly and make static analysis harder. Dynamic Function Relocation – Functions are moved at runtime, disrupting predictable memory access. Control Flow Obfuscation – Execution flow is broken up and redirected via exception handling. Anti-Debugging Protection – The binary throws access violations and illegal instructions to interfere with debuggers. Goals:
Unpack the binary (remove VMProtect and restore the original imports). Defeat runtime function relocation and deobfuscate the function logic by resorting the original function code. Reconstruct a clean, runnable (optional) version of the executable with original control flow. Explain how you unpacked and fixed the program, detailing the approach to defeating VEH-based execution and restoring the function code. Bonus points if you can crack the password in the console application demo code. Notes:
VMProtect is only used for packing, not virtualization. The main challenge comes from Eclipse’s runtime function relocation and exception-based redirections. Dumping the process isn’t enough, as function code is dynamically obfuscated in memory. The obfuscated functions are exported and named "testCCode", "testCCode2", and "DemoFunction" (this function has the crackme code in it). Would love to see a write-up on defeating the VEH-based execution and restoring the original function code! More information can be found about the Eclipse Runtime Obfuscator project on GitHub.
Looking forward to seeing your approaches. Good luck and happy reversing!
9 downloads
0 comments
Updated
-
Themida x32 v3.1.8.0
By lovejoy226
The Entry Point is virtualized.
2 Parts of the codes are also virtualized.
[Your Mission]
Just unpack this file and make it run well without any errors or termination.
No devirtualiztion are necessary.
45 downloads
0 comments
Submitted
-
The Enigma Protector v7.70 (x32 & x64)
By lengyue
This is an example program I used to shell The Enigma 7.7. You can shell it, bypass it, PatchHWID, KeyGen to make it run normally. Of course, it would be best if the shell could be peeled off.Have fun!
https://workupload.com/file/EGgppWamMA6
Cracked:
59 downloads
0 comments
Updated
-
Fatmike's Crackme #5
By Fatmike
..::[FaTmiKE 2o24]::..
Welcome to my 5th crackme!
It took a long time implementing this, i hope it is hard to solve!
Sorry for the long load time of the crackme
Here are the goals:
1. The main goal is to unpack and uncrypt this crackme.
2. Find a valid serial or write a keygen.
If you only succeed in 1. or 2. it's fine, i am happy to read every solution.
(e.g. if you can find a valid serial without unpacking, please write a tutorial how you did it!)
The crackme was tested on windows 10.
Have fun!
PS:
1.) Windows Defender returns a false positive due to my custom protection. If you do not trust me, please use a VM for reversing the crackme.
2.) The crackme has to be started from explorer.exe
The crackme can also be found here:
https://crackmes.one/crackme/66ca5b91b899a3b9dd02af52
27 downloads
0 comments
Updated
-
ASProtect SKE 2.56 SDK Sample (x32)
By boot
Coded by boot / Tuts4you,
ASProtect SKE 2.56 | UnPackMe x86 32-bit
Medium Protections + SDK
September 16, 2024
If you unpack it write a tutorial...
------------------------
HWID:
FBFFC7AD-5EF5
USER:
boot
SN:
YHRQ6C-WVDZ3-4X673-R6QSB-S7PBF-C52DP-WYDXK-RWJAB-2ZXJR-B4MY9-G5VUQ
66 downloads
0 comments
Submitted
-
The Enigma Protector v7.60 (x32 & x64)
By lengyue
Example of Shell Addition for Enigma 7.60.
This is a different example from the past, interested friends please challenge.
Unpack, cracking or Patch HWID. Use your means to make it work correctly.
TheEnigma_7.6_x32&x64Example_protected.rar
36 downloads
0 comments
Updated
-
Safengine NetLicensor v2.3.7.0
By kuazi GA
Based on Safengine Licensor with the combination of:
Safengine Code Protection (Mutation & Virtualization) Safengine Licensor Local License Verification All protection options enabled:
Anti Debug Anti Trace Anti Virtualization Anti Attach Anti Dump Anti API Hooks Self Integrity Check Code & Data Encryption Metamorphic Code Generation Branch Obfuscation Code Mutation Code Virtualization Advanced Code Replace Import Elimination API Relocation Try to unpack it.
Enjoy! ; )
所有保护选项
享受 ! ; )
Safengine NetLicensor v2.3.7.0UnpackMe.exe
13 downloads
0 comments
Updated
-
Obsidium v1.6.9
By CodeExplorer
This is just one of my program protected
The objective is unpack it.
51 downloads
0 comments
Updated
-
The Enigma Protector x64 v7.4 (HWID Lock)
By lovejoy226
Two simple Win x64 GUI applications protected using Enigma x64 v7.4.
Challenge is to;
bypass the hardware ID lock; unpack the application. Let us go together to solve this issue.
206 downloads
0 comments
Updated
-
Safengine Licensor v2.4 (HWID Lock)
By lovejoy226
I coded a simple Win x64 GUI application with a close button and protected it using Safengine Shielden v2.4.
Challenge is to;
bypass the hardware ID lock; unpack the application. Let us go together to solve this issue.
71 downloads
0 comments
Updated
-
The Enigma Protector v7.50 (x32 & x64 DEMO)
By lengyue
This is an encryption example using The Enigma Protector 7.50 encryption.
Enigma 7.5_x64_DEMO.rar TEP_7.5x32_DEMO.rar
20 downloads
0 comments
Updated
-
Safengine Licensor v2.3.4
By kuazi GA
过程式编程语言,所以IAT和资源很少
Safengine License 2.3.4 with medium protection options enabled.
Program is written in assembly language so there are very few IAT and resources.
129 downloads
0 comments
Updated
-
The Enigma Protector x64 v7.40 (Demo Version | All Protection Options)
By boot
Unpackme x64 - Enigma Protector 7.40
(Demo Version | All Protection Options)
Enigma x64 + SDK +HWID Lock + etc...
https://forum.tuts4you.com/
If you unpack it, please make tutorial(s)... I will mark the answers with tutorials as a solution.
The compressed package includes a simple MP4 display, please pay attention to check...
Created by boot / From Tuts4you
2023.08.21
554 downloads
0 comments
Submitted
-
VMProtect x86 v3.81 (Default Protection Options)
By boot
Please debug/unpack in the virtual machine This target is protected by a specially modified version of VMP, with some simple protection measures added It only supports running on x64 operating systems, such as Win7 x64 or Win10 x64, which may also support most Win11 x64 If you unpack it, please make tutorial(s)... I will mark the answers with tutorial(s) as solution.242 downloads
0 comments
Submitted
-
VMProtect x64 v3.6 HWID Lock (All Protection Options)
By boot
Unpackme x64 - VMProtect 3.6 HWID License
(All Protection Options)
VMP x64 SDK + HWID Lock +etc...
WwW.Tuts4you.CoM
https://forum.tuts4you.com/
If you can unpack it, please make a tutorial... I will mark the answers with tutorials as a solution.
The compressed package includes a simple MP4 display, please pay attention to check...
Created by boot / From Tuts4you
2023.06.21
619 downloads
0 comments
Submitted
-
Armadillo x64 v9.64 (General/Default Protection Options)
By boot
Unpackme - Armadillo x64 v9.64 | WwW.Tuts4You.CoM
General/Default Protection Options = HWID Lock + etc...
If you can unpack it, please make a tutorial...
The compressed package includes a simple MP4 display, please pay attention to check...
HWID:87DF-0E78
NAME:boot
KEY:000016-M9KY7Y-1PM436-8JKH7H-G8QXCH-3ACEGN-Y5ND6B-TY4VJ2-5FX1WY-WGJBFB
After seeing the dynamic screen, please click the LEFT MOUSE button to exit OR press the "ESC" button once to exit.
Created by boot / From Tuts4you
2023.06.19
171 downloads
0 comments
Submitted
-
Fatmike's Crackme #4
By Fatmike
..::[FaTmiKE 2o23]::..
After a little break i decided to program another little crackme (This is my 4th crackme).
Here are the rules:
1. The main goal is to unpack this crackme or write a loader.
2. If you like, find a valid serial or write a keygen.
The crackme was tested on windows 10.
Have fun!
87 downloads
0 comments
Updated
-
Obsidium v1.69b1 x86 (All Protection Options)
By boot
Obsidium v1.6.9.b1 x86 = All Protection Options = HWID lock + etc.
This unpackme (VB6.0) is created by me.
If you can unpack it, please make a tutorial...
2023.06.07
137 downloads
0 comments
Updated
-
VMProtect v3.8.1 Ultra (Mutation + Virtualization)
By X0rby
The target is an old software (from 2010) coded in c++, I just apply the VMP protection without any special code as I show in the two screenshots. All available protection features in VMProtect were used with this unpackme. Refer to the attached images for the specific protection settings used.
Challenge is to unpack the file, providing an explanation and details on your methodology.
1,067 downloads
0 comments
Updated
-
WinLicense v3.1.3.0 x86 (All Protection Options)
By boot
UnpackMe - WinLicense 3.1.3.0 x86 Full Protect
HWID Lock + Entry Point Virtualization + Etc...
HWID:
1111-2222-3333-4444-5555-6666-7777-8888
Author:boot
From:Tuts4you
Time:2023.04.02
1,027 downloads
0 comments
Submitted
-
Themida x32 v3.0.4.0
By CodeExplorer
One of my tool (CompareInfo v3) protected by Themida x32 v3.0.4.0.
425 downloads
0 comments
Updated
-
PELock DialogBox
By lovejoy226
It's a PELock'ed file. Try to unpack it if you have time, if you are a skilled code reverser or the author, you maybe can do it.
Thank you for your effort in advance.
243 downloads
0 comments
Updated
-
The Enigma Protector v6.9
By GIV
I have protected a simple file with the Enigma Protector 6.9. Try to unpack.
For a skilled reverser will not be as hard as it seems.
HWID: A7707-65A71-43529-A59E1-41C2F-C5AA0-EB308-3F774 Name: tuts4you Key: BG8QC4UMZW3QMTH99U6ZTF8FJJNDAPKY5E2XNL3CMHRVUMLSB2QWRBSYBGF4RNHX7WC26W2GQMNBNPUU3YUTDXDS387A2UURMUVJ88P5PPC9ZCEQHFHW4J6ZQRAK7GW6DRK4QH4CGCEQM7F9K39J89S4CRARX3L3LPABBXU23M8QXP6A85L2CZFJZF66KF5NFTZ557872DA3
1,694 downloads
0 comments
Updated
-
Python CrackMe - FunnyProtector
By Josman
This is an python unpackme for testing my private python obfuscator
You have to unpack it !
Good Luck
277 downloads
0 comments
Submitted
-
Download Statistics