This is a simple UnpackMe using VMProtect Ultimate v2.13.5.

I also used vmp's licensing system in this UnackMe, and locked one function with key.

I have provided 3 different keys for this bin.

A blocked key ,a valid key locked with a hwid(which i suppose no one has th same hwid) and an expire key.

I also added 2 anti-debug thread to this file.

Using VMProtectIsDebuggerPresent(if you have sod, i guess you can bypass this one pretty easy) and VMProtectIsValidImageCRC(crc).

Didn't use VMProtectDecryptString feature.

 

 

Several things I expect from this UM:

Simply unpack it.

Bypass the blacklist key.

Bypass the expired situation.

Patch hwid.

 

Better create a tut for it.

Thanks.

 

Have fun,

Kido.

 

UnpackMe VMP Ultimate v2.13.5.7z

Edited November 29, 201311 yr by Kido

just unpacked i dont like vmp

 

VMProtect.vmp.rar

Hi,

 

so what is this with the 3 keys?If you enter any of them should then something happen etc?

 

@ Dreamer

 

Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump.

Here some of your direct APIs 

-----------------------------------------------------------

00CD001E   JMP 7C910537     ; ntdll.7C910537

00CD0042   JMP 7C934192     ; ntdll.7C934192

00CD00F6   JMP 7C90FE30

00CD01E0   JMP 7C90FE21

00CD0246   JMP 7C90FF2D

00CD028E   JMP 7C9100C4     ; ntdll.7C9100C4  <- 1. Crash

00CD02FA   JMP 7C90FE21

etc...
2 Anti-Debug threads can you patch to ret 4

-----------------------------------------------------------

ThreadFunction = VMProtec.004011A4

ThreadFunction = VMProtec.00401201

greetz

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Anti-Debug threads - is it new for vmprot?

Hi,

 

so what is this with the 3 keys?If you enter any of them should then something happen etc?

 

@ Dreamer

 

Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump.

Here some of your direct APIs -----------------------------------------------------------00CD001E   JMP 7C910537     ; ntdll.7C91053700CD0042   JMP 7C934192     ; ntdll.7C93419200CD00F6   JMP 7C90FE3000CD01E0   JMP 7C90FE2100CD0246   JMP 7C90FF2D00CD028E   JMP 7C9100C4     ; ntdll.7C9100C4  <- 1. Crash00CD02FA   JMP 7C90FE21etc...2 Anti-Debug threads can you patch to ret 4-----------------------------------------------------------ThreadFunction = VMProtec.004011A4ThreadFunction = VMProtec.00401201

greetz

For VMP's vm. it has this called VMProtectBeginVirtualizationLockByKey

What it really means is, you need a key to let the vmed code run normally.

The 3 keys I put is three different type of invalid keys we might have encounter while cracking a vmprotected file.

I've already add the description to ReadMe.txt

 

 

 

LockHWID.key

is a no limited key locked to a specific hwid

uEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA==

 

Blacklisted.key

as it shows is a blocked key with no hwid lock and no other limitation.

 

Exipred.key

is an exipired one with no hwid lock.

 

After you readkey,and click Register, if success,

The label should be "Registered" and the "Function" button should be enabled.

When you click the "Function" button, it will give you a MessageBox shows what your hwid is.

I have vmed the messagebox part and lock it with key.

So if not succefully registered, it will pop a messagebox created by vmp says that you need a key to run this function.

So hope you can bypass that part too.

 

BTW, the anti-debug thing is just a kid play, all you need to do is to ret it. LOL.

 

Best wishes,

Kido

Edited November 30, 201311 yr by Kido

Anti-Debug threads - is it new for vmprot?

No , vmprotect has several sdk fr anti-debug

i just used them ....

Edited November 30, 201311 yr by Kido

just unpacked i dont like vmp

 

VMProtect.vmp.rar

For me is do not start. 

OS XP SP3

for me start  and run for 3-4  sec  then crash  xp sp3

for me start  and run for 3-4  sec  then crash  xp sp3

Zeus?

yep 

@ Kido

 

Ah ok so you mean I have also to patch my HWID xy to

 

uEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA==

 

and then it should work to get a successfully register etc or?So I am getting a little confused with all these key stuff what is not really my specialty so the unpack process was easier.

 

greetz

K大，2楼用Zeus插件脱壳，还没修复IAT，   顺便求2.13.5发我邮箱，嘎嘎！

Guys, does anyone have VMProtect 2.13.X (registered) for share???

Edited August 8, 201411 yr by NewBHack

@Kido

You want us to bypass the authorization?

 

K牛 怎么有时间跑到Tuts4来闲逛啊

Edited August 9, 201411 yr by kuazi GA

     vmp

is there any paper for this version?