Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[unpackme] UnpackMe VMprotect Ultimate v2.12.3

Asian Dragon
Asian Dragon
in UnPackMe

Featured Replies

Posted

UnpackMe VMprotect Ultimate v2.12.3


 


crackme.vmp.rar

unpacked using a script by lcf-at




0040124D    0BC0            OR EAX,EAX

0040124F    75 16           JNZ SHORT crackme_.00401267

00401251    6A 00           PUSH 0x0

00401253    68 7E304000     PUSH crackme_.0040307E                   ; ASCII "Correct!"

00401258    68 5E304000     PUSH crackme_.0040305E                   ; ASCII "You entered the right password!"

0040125D    FF75 08         PUSH DWORD PTR SS:[EBP+0x8]

00401260    E8 8D000000     CALL crackme_.004012F2

00401265    EB 21           JMP SHORT crackme_.00401288

00401267    6A 00           PUSH 0x0

00401269    68 87304000     PUSH crackme_.00403087                   ; ASCII "Nope!"

0040126E    68 8D304000     PUSH crackme_.0040308D                   ; ASCII "Maybe, you should try again, it's sooo easy!!"

00401273    FF75 08         PUSH DWORD PTR SS:[EBP+0x8]

00401276    E8 77000000     CALL crackme_.004012F2

Edited by converse

  • Author

@converse


OK, after unpack the file but does not work


How to fix?


rebuild oep


  • Author

rebuild oep

 

 

rebuild oep

OEP rebuild like?

 

 

OEP rebuild like?

 

 

Look at the stack when you reach oep. Mostly the first value there is the code the rebuild oep.

oep under the VM

  • Author

thank you TomaHawk and converse


I will try now

needed example of code near OEP for this compiler(win32asm)


 


1st call - 


GetModuleHandleA

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

  • 4 weeks later...

你不该反虚拟机!表示本机X64 调试不动! 


Do you get high mate?


Why the password is


cannabis

 



?

  • 2 weeks later...

there is a result?


 

Do you get high mate?

Why the password is

?

 


0040122C    6A 1E           PUSH 0x1E

0040122E    68 37304000     PUSH crackme_.00403037

00401233    FF35 04314000   PUSH DWORD PTR DS:[0x403104]

00401239    E8 A2000000     CALL crackme_.004012E0

0040123E    68 55304000     PUSH crackme_.00403055                   ; ASCII "cannabis"

00401243    68 37304000     PUSH crackme_.00403037

00401248    E8 E7000000     CALL crackme_.00401334







			

			
		


		

	

	
	





                    
                    
					
					
					

					
					
					
				

					

					
					








	
		
	
	

	



	

		

			
			
			
    
				
				
				
				
                
				
			

			
			
		

		

		

		

		
		


			
			

				
rebuild OEP



Push 0         // Handle for GMHA API | 0 used for target itself

CALL 00D70072 // Here my call to jmp dword [ADDR] ; GetModuleHandleA

jmp 00489A47 // Jump back to return value after API

P.S. thanks LCF-AT

unpacked.rar



			

			
		


		

	

	
		

			
				
					
					
					
					
                    
						

                    
				
				
  • 
					
				
    • 
			    
			
				

	
    	
		
			
			
    
				
					

	
	
      
		
		
			
				
				
    • 
					
						
					
							
								Like
							
							
								1
							
					
						
					
				
      • 
			
		
	
    

				
			
    
		
		
		
	
    

			
		
    
	
	

    

    

                    
                    
					
					
					

					
					
					
				
			
			



		
    
		
	
    
	
	
	
	
		
    
			
				
				


    
	
	
		
    
			
				
    Create an account or sign in to comment
    
			
	
			
    
				
				
			
    
		
    
	

    
			
		
    
	

	
		
    
			
				


    
    

			
			
			


		
    
	

    


    
	
    
		
			
				Go to topic listing
			
		
	
    
	

    




     




									



    
    






								
    
								


							
    
							
								

							
							
							
						
    
					
    
				
    
				
					
    
						
						
					
    
				
				
			
    	
		
    
		
		
			

	
















	
	

		
		
		


	
		
    
			
    
				
				
			
    
			
    
				
    
					
    
						
						
					
    
				
    
				
    
					
					
    
						
						
					
    
				
    
				
    
					
					
    
						
						
					
    
				
    
				
				
    
					
					
    
						
						
					
    
				
    
			
    
		
    
	    
    

		

	
	
    
		
    
			
    Configure browser push notifications
    
			
		
    
		
    
			
				
    
					
					
					
					
				
    
				

    
	
	

    
			    
			
    
				
    
					
    
						
    
							
    Chrome (Android)
    
							
      
								
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
      4. 
							
    
						
    
						
    
							
    Chrome (Desktop)
    
							
      
								
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.
      4.