Kido Posted November 29, 2013 Posted November 29, 2013 (edited) This is a simple UnpackMe using VMProtect Ultimate v2.13.5.I also used vmp's licensing system in this UnackMe, and locked one function with key.I have provided 3 different keys for this bin.A blocked key ,a valid key locked with a hwid(which i suppose no one has th same hwid) and an expire key.I also added 2 anti-debug thread to this file.Using VMProtectIsDebuggerPresent(if you have sod, i guess you can bypass this one pretty easy) and VMProtectIsValidImageCRC(crc).Didn't use VMProtectDecryptString feature. Several things I expect from this UM:Simply unpack it.Bypass the blacklist key.Bypass the expired situation.Patch hwid. Better create a tut for it.Thanks. Have fun,Kido. UnpackMe VMP Ultimate v2.13.5.7z Edited November 29, 2013 by Kido 1
Dreamer Posted November 29, 2013 Posted November 29, 2013 just unpacked i dont like vmp VMProtect.vmp.rar
LCF-AT Posted November 29, 2013 Posted November 29, 2013 Hi, so what is this with the 3 keys?If you enter any of them should then something happen etc? @ Dreamer Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump. Here some of your direct APIs ----------------------------------------------------------- 00CD001E JMP 7C910537 ; ntdll.7C910537 00CD0042 JMP 7C934192 ; ntdll.7C934192 00CD00F6 JMP 7C90FE30 00CD01E0 JMP 7C90FE21 00CD0246 JMP 7C90FF2D 00CD028E JMP 7C9100C4 ; ntdll.7C9100C4 <- 1. Crash 00CD02FA JMP 7C90FE21 etc... 2 Anti-Debug threads can you patch to ret 4 ----------------------------------------------------------- ThreadFunction = VMProtec.004011A4 ThreadFunction = VMProtec.00401201greetz 3
Teddy Rogers Posted November 30, 2013 Posted November 30, 2013 The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
Kido Posted November 30, 2013 Author Posted November 30, 2013 (edited) Hi, so what is this with the 3 keys?If you enter any of them should then something happen etc? @ Dreamer Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump.Here some of your direct APIs -----------------------------------------------------------00CD001E JMP 7C910537 ; ntdll.7C91053700CD0042 JMP 7C934192 ; ntdll.7C93419200CD00F6 JMP 7C90FE3000CD01E0 JMP 7C90FE2100CD0246 JMP 7C90FF2D00CD028E JMP 7C9100C4 ; ntdll.7C9100C4 <- 1. Crash00CD02FA JMP 7C90FE21etc...2 Anti-Debug threads can you patch to ret 4-----------------------------------------------------------ThreadFunction = VMProtec.004011A4ThreadFunction = VMProtec.00401201greetzFor VMP's vm. it has this called VMProtectBeginVirtualizationLockByKeyWhat it really means is, you need a key to let the vmed code run normally.The 3 keys I put is three different type of invalid keys we might have encounter while cracking a vmprotected file.I've already add the description to ReadMe.txt LockHWID.keyis a no limited key locked to a specific hwiduEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA== Blacklisted.keyas it shows is a blocked key with no hwid lock and no other limitation. Exipred.keyis an exipired one with no hwid lock. After you readkey,and click Register, if success,The label should be "Registered" and the "Function" button should be enabled.When you click the "Function" button, it will give you a MessageBox shows what your hwid is.I have vmed the messagebox part and lock it with key.So if not succefully registered, it will pop a messagebox created by vmp says that you need a key to run this function.So hope you can bypass that part too. BTW, the anti-debug thing is just a kid play, all you need to do is to ret it. LOL. Best wishes,Kido Edited November 30, 2013 by Kido
Kido Posted November 30, 2013 Author Posted November 30, 2013 (edited) Anti-Debug threads - is it new for vmprot? No , vmprotect has several sdk fr anti-debug i just used them .... Edited November 30, 2013 by Kido
GIV Posted November 30, 2013 Posted November 30, 2013 just unpacked i dont like vmp VMProtect.vmp.rar For me is do not start. OS XP SP3
Dreamer Posted November 30, 2013 Posted November 30, 2013 for me start and run for 3-4 sec then crash xp sp3
wgz0001 Posted November 30, 2013 Posted November 30, 2013 for me start and run for 3-4 sec then crash xp sp3 Zeus?
LCF-AT Posted November 30, 2013 Posted November 30, 2013 @ Kido Ah ok so you mean I have also to patch my HWID xy to uEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA== and then it should work to get a successfully register etc or?So I am getting a little confused with all these key stuff what is not really my specialty so the unpack process was easier. greetz
NewBHack Posted August 8, 2014 Posted August 8, 2014 (edited) Guys, does anyone have VMProtect 2.13.X (registered) for share??? Edited August 8, 2014 by NewBHack
kuazi GA Posted August 9, 2014 Posted August 9, 2014 (edited) @KidoYou want us to bypass the authorization? K牛 怎么有时间跑到Tuts4来闲逛啊 Edited August 9, 2014 by kuazi GA
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now