UnPackMe
The creation of new topics is disabled in these subforum categories.
Please create and post your new challenges in the appropriate subcategory of Downloads > Challenge of Reverse Engineering
A topic will then automagically be created and posted in these forums...
414 topics in this forum
-
(unpackme)Armadillo6.2.4.624
by thisistest- 9 replies
- 9.4k views
Process ID : 3596 Set BreakPoint On VirtualProtect Virtual Protect Address : 7C801AD0 First Patch Address : 008D204 Second Patch Address : 008D264 _unpackme_Armadillo6.2.4.624.rar
-
[ Unpack Me ] Obsidium 1.4
by BLaCkViRuS- 23 replies
- 16k views
Hi To All Friends This is new Obsidium version.if friends can unpack it,please make tutorial Regards BLaCkViRuS Unpack Me Obsidium 1.4.rar
-
[ UnpackMe ] MPress v2.19 Easy
by delldell- 4 replies
- 9.3k views
MPRESS Matcode comPRESSor v2.19 vb6 delldell_UnpackMe.rar
-
[ Unpackme ] Ntkrnl Protector 0.15
by Teddy Rogers- 0 replies
- 4.4k views
NTkrnl Protector 0.15 http://tuts4you.com/download.php?view.1677 Ted.
-
[ Unpackme ] Telock 0.99...
by Teddy Rogers- 1 reply
- 5k views
tElock 0.99 http://tuts4you.com/download.php?view.1678 Ted.
-
[ Unpackme ] Thinstall 2.736...
by Teddy Rogers- 5 replies
- 6k views
Thinstall 2.736 http://tuts4you.com/download.php?view.1679 Ted.
-
- 10 replies
- 12.2k views
UnpackMe - Enigma Protector 2.21 EntryPoint Virtualization Virtual Machine Protection Antidebug Protections WinAPI Emulations WinAPI Redirections Advanced Import Protection Rule : You need to patch "NoWay to "You Won" . Good Luck . KeygenMe is taken from crackmes.de . Thank you . Unpack&PatchMe.rar
-
[CrackMe/UnpackMe] Enigma 4.20++
by Unc3nZureD- 4 replies
- 8.6k views
Hi guys, here's a quite simple crackme and packed with enigma. Let's see if you can unpack it & crack it The "License scheme" Is very simple and only contains numbers. The goal is not to write the License denied message, but the other one Why is it ++? Because I tried to use Enigma as deep as possible I used markers, vm and some more. There are a few stuff which I couldn't figure out how to use, but I think it should be harder than simply unpacking an enigma. Link to download: http://ge.tt/1nlum7F2/v/0?c Good luck guys. Edit: Added file to the post Modified description a bit EnigmaCrackMe_protected.7z
-
[CrackMe/Unpackme]Enigma 4.xx
by danmz- 7 replies
- 8.3k views
Detail : http://prntscr.com/9hav19 Good Luck Salam. CrackMe.rar
-
[DeObfuscateMe] Simple Builder
by 0xNOP- 0 replies
- 7.3k views
Nothing fancy for the app, is a concept to those builders people use in Malware/Server Generators, The Stub is currently missing but you can use literally anything as the Stub xD Just pick any executable, copy it to the builder directory and rename the file to "Stub.exe" it should work as expected. Simple DeObfuscateMe - AznObfuscator Custom (ConfuserEx) For me it's very difficult to deob, If you can do this, then you are all f!@# gods xD Tried everything: Dumping -> Leaves Crashing app, Tried Fixing it, Failed... Used CC tools, None worked. Using UnConfuserEx Seems to work, but leaves app crashing -> Tried Fixing and still crashes... …
-
[DevirtualizeMe] CodeVirtualizer 2.0.8.0 DEMO
by HellSpider- 1 follower
- 2 replies
- 6.9k views
Hi. I made some UnpackMe styled executables protected by the latest demo version of CodeVirtualizer (2.0.8.0). Each executable contains one function virtualized by a different virtual machine setting. The different virtual machines used are: - FISH32 Black - TIGER32 Black - PUMA32 Black - SHARK32 Black The virtualized functions are very short, approximately 20 asm instructions. No other protections are used. The virtualized function will execute when F1 is pressed. codevirtualizer_2.0.8.0_demo_devirtualizeme.rar
-
[DevirtualizeMe] Obsidium 1.5.2 Build 11
by HellSpider- 1 follower
- 4 replies
- 8.8k views
Difficulty : 7 Language : C/C++ Platform : Windows 32-bit and 64-bit OS Version : All Packer / Protector : Obsidium 1.5.2 Build 11 Description : The objective is to interpret and reconstruct 1 single procedure that has been virtualized. No additional options have been used. The virtualized function will execute when key 'P' is pressed. Detailed information of the interpreting procedure/internals or a complete solution paper is preferable. I will post similar challenges for other protectors if someone supplies me with a recent version (CodeVirtualizer, Themida, VMProtect, Enigma ...). Screenshot : devirtualizeme_o…
-
[DevirtualizeMe] Oreans Virtualizer
by Pancake- 10 replies
- 9.8k views
Updated 30/6 Inspired by HellSpider's topic i upload a simple unvirtualizeme protected with latest licensed Oreans Code Virtualizer, for research purposes. It supports 4 types of VMs, each can be "white" , "red" or "black" (small, bigger, biggest). Pressing buttons 1-4 will pop up 2 messageboxes. Source: int Func1(int a, int b, int c){ VIRTUALIZER_FISH_RED_START MessageBoxA(0, "Fish Red", "UnvirtualizeMe", 0); Sleep((a + b + c) % 1000); MessageBoxA(0, "Complexity 2/10 Speed 9/10 Size 260", "Fish Red", 0); return GetTickCount(); VIRTUALIZER_FISH_RED_END }void* Func2(int* a, int* b, int* c){ VIRTUALIZER_PUMA_BLACK_START MessageBoxA(0,…
-
[DevirtualizeMe] Themida 2.3.5.0 Full
by HellSpider- 14 replies
- 21.7k views
Hi. My DevirtualizeMe series continue with this entry. I have protected a simple file containing 18 keyboard initiated functions with different virtual machines using a full version of Themida 2.3.5.0 . The file does not have any extra protection as the idea of this challenge is to understand the virtual machines. Also non-virtual machine protection settings are kept to a minimum, meaning no antidebug, no API redirection etc. Basically only antidump is enabled on top of the virtual machines. All of the virtual machine code blocks are identical in sense of instructions. List of function initiators: q = FISH32 White w = FISH32 Red e = FISH32 Bla…
-
[DevirtualizeMe] Themida 2.4.6.0
by HellSpider- 2 followers
- 22 replies
- 29.5k views
Difficulty : 8 Language : C/C++ Platform : Windows 32-bit and 64-bit OS Version : All Packer / Protector : Themida 2.4.6.0 Description : The objective is to interpret and reconstruct 3 procedures in each file that have been virtualized. No additional options have been used. The virtualized functions will execute when keys '1', '2' and '3' are pressed, respectively. 1 = WHITE 2 = RED 3 = BLACK Only one "brand" of VM has been used per file. I will upload additional ones when current challenges have been solved or seriously attempted. Detailed information of the interpreting procedure/internals or a complete solution paper is …
-
[DevirtualizeMe] Themida 3.0.3.0
by DefCon42- 2 followers
- 6 replies
- 27.5k views
Language : C++ Platform : Windows OS Version : Windows 10 Packer / Protector : Themida 3.0.3.0 Description : Looks like Oreans just dropped Themida 3. They've been working on the beta version for more than a year and just announced the initial release, so I'm praying I don't get my personal license revoked :^( Strings are (supposedly) virtualized then encrypted. The main protection is starting at VM_DOLPHIN_RED, though other VMs can be requested. Unpack/devirtualize the file. Screenshot :  Themida Crackme_protected.exe
-
[DevirtualizeMe] VMProtect 2.13.5 1 2
by HellSpider- 1 follower
- 39 replies
- 45.6k views
Hi. I created an unpackme using VMProtect 2.13.5. The only task is to devirtualize the blocks of code that are virtualized. There are 7 short functions. Each will execute when keyboard numbers 1-7 are pressed. The functions are virtualized as follows: 1 - Only mutation with no additional options 2 - Virtualization with no additional options 3 - Virtualization with the VM integrity check option 4 - Virtualization with the register scrambling on VM exit option 5 - Virtualization with the hide constants option 6 - Virtualization with all 3 extra options 7 - Ultra mode (which means mutation + virtualization) with all 3 extra options The pu…
-
[DevirtualizeMe] VMProtect 3.0.9 1 2
by HellSpider- 1 follower
- 42 replies
- 67.6k views
Difficulty : 8 Language : C++ Platform : Windows 32-bit and 64-bit OS Version : All Packer / Protector : VMProtect 3.0.9 Description : The objective is to interpret virtualized functions in the attached binaries. No additional options have been used - no memory protection, no import protection and no compression. The virtualized function(s) will execute when the following key(s) is/are pressed: VMP32 (V1) : P VMP32 (V2) : 1 and 2 VMP64 (V1) : P VMP64 (V2) : 1 and 2 The virtualized functions are not very large. Detailed information of the interpreting procedure/internals or a complete solution paper is pref…
-
[DeVirtualizeMe] VMProtect V2.13.5 DeVirtualizeMe
by GautamGreat- 1 reply
- 7.9k views
Simple DevirtualizeMe Created in VMProtect V2.13.5 Only one Procedure Virtualized DeVirtualized Procedure VA : 004520DC DevirtualizeMe.vmp.rar
-
- 5 replies
- 11.4k views
Simple DevirtualizeMe Created in Oreans Code Virtualizer V2.1.5.0 With attach some files protected by different Modes from Virtual Machine PumaWhite32, all Delphi 7 Compressed and StealthMode have Virtualized strings, the other not. Good luck. StealthModePumaWhite.rar CompressedPumaWhite.rar PumaWhite.rar
-
[ReverseMe] Unpacked 2
by Ownage- 3 replies
- 4.4k views
Another good one, but this time the routine checking the password is a bit harder. I hope you will like it too. Unpacked.rar
-
[Unpack Me] [Crack Me]
by surpriser- 5 replies
- 8.3k views
hi ! This Crack Me has 3 methods for check protection.you shoud Disable 3 Protections mode. First unpack it and then crack it! Warning: Dont Change Strings! Crack_Me_By_Surpriser.zip
-
- 9 replies
- 18k views
Hi all, I made an unpackme. Hope you enjoyed. Tutorials are welcome. 4r1 unpackme.zip
-
- 3 followers
- 15 replies
- 27.7k views
patch HWID and unpackme The Enigma Protector 4.20[single] patch HWID and unpackme password:unpackme enigma 4.2 patch HWID and unpackmeSingle.rar There is not packed.rar
-
[unpack] Unpack PEncrypt 4.0 Protector
by Security.IRAQ- 1 follower
- 6 replies
- 11.4k views
Hi , Unpack The PEncrypt 4.0 Protector Youtube https://www.youtube.com/watch?v=pV7d9Rec-2M Tool : gunpacker GUnPacker.rar