Posted November 29, 201311 yr This is a simple UnpackMe using VMProtect Ultimate v2.13.5.I also used vmp's licensing system in this UnackMe, and locked one function with key.I have provided 3 different keys for this bin.A blocked key ,a valid key locked with a hwid(which i suppose no one has th same hwid) and an expire key.I also added 2 anti-debug thread to this file.Using VMProtectIsDebuggerPresent(if you have sod, i guess you can bypass this one pretty easy) and VMProtectIsValidImageCRC(crc).Didn't use VMProtectDecryptString feature. Several things I expect from this UM:Simply unpack it.Bypass the blacklist key.Bypass the expired situation.Patch hwid. Better create a tut for it.Thanks. Have fun,Kido. UnpackMe VMP Ultimate v2.13.5.7z Edited November 29, 201311 yr by Kido
November 29, 201311 yr Hi, so what is this with the 3 keys?If you enter any of them should then something happen etc? @ Dreamer Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump. Here some of your direct APIs ----------------------------------------------------------- 00CD001E JMP 7C910537 ; ntdll.7C910537 00CD0042 JMP 7C934192 ; ntdll.7C934192 00CD00F6 JMP 7C90FE30 00CD01E0 JMP 7C90FE21 00CD0246 JMP 7C90FF2D 00CD028E JMP 7C9100C4 ; ntdll.7C9100C4 <- 1. Crash 00CD02FA JMP 7C90FE21 etc... 2 Anti-Debug threads can you patch to ret 4 ----------------------------------------------------------- ThreadFunction = VMProtec.004011A4 ThreadFunction = VMProtec.00401201greetz
November 30, 201311 yr The [unpackme] tag has been added to your topic title. Please remember to follow and adhere to the topic title format - thankyou! [This is an automated reply]
November 30, 201311 yr Author Hi, so what is this with the 3 keys?If you enter any of them should then something happen etc? @ Dreamer Your file does not work so did forget to fix the direct API commands + creating new imports table.Just only a info of course to send you some feedback about your dump.Here some of your direct APIs -----------------------------------------------------------00CD001E JMP 7C910537 ; ntdll.7C91053700CD0042 JMP 7C934192 ; ntdll.7C93419200CD00F6 JMP 7C90FE3000CD01E0 JMP 7C90FE2100CD0246 JMP 7C90FF2D00CD028E JMP 7C9100C4 ; ntdll.7C9100C4 <- 1. Crash00CD02FA JMP 7C90FE21etc...2 Anti-Debug threads can you patch to ret 4-----------------------------------------------------------ThreadFunction = VMProtec.004011A4ThreadFunction = VMProtec.00401201greetzFor VMP's vm. it has this called VMProtectBeginVirtualizationLockByKeyWhat it really means is, you need a key to let the vmed code run normally.The 3 keys I put is three different type of invalid keys we might have encounter while cracking a vmprotected file.I've already add the description to ReadMe.txt LockHWID.keyis a no limited key locked to a specific hwiduEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA== Blacklisted.keyas it shows is a blocked key with no hwid lock and no other limitation. Exipred.keyis an exipired one with no hwid lock. After you readkey,and click Register, if success,The label should be "Registered" and the "Function" button should be enabled.When you click the "Function" button, it will give you a MessageBox shows what your hwid is.I have vmed the messagebox part and lock it with key.So if not succefully registered, it will pop a messagebox created by vmp says that you need a key to run this function.So hope you can bypass that part too. BTW, the anti-debug thing is just a kid play, all you need to do is to ret it. LOL. Best wishes,Kido Edited November 30, 201311 yr by Kido
November 30, 201311 yr Author Anti-Debug threads - is it new for vmprot? No , vmprotect has several sdk fr anti-debug i just used them .... Edited November 30, 201311 yr by Kido
November 30, 201311 yr just unpacked i dont like vmp VMProtect.vmp.rar For me is do not start. OS XP SP3
November 30, 201311 yr @ Kido Ah ok so you mean I have also to patch my HWID xy to uEYb+aEAlZ9zdllf7qM52i60s9qWrHNoXhNOHA== and then it should work to get a successfully register etc or?So I am getting a little confused with all these key stuff what is not really my specialty so the unpack process was easier. greetz
August 8, 201411 yr Guys, does anyone have VMProtect 2.13.X (registered) for share??? Edited August 8, 201411 yr by NewBHack
August 9, 201411 yr @KidoYou want us to bypass the authorization? K牛 怎么有时间跑到Tuts4来闲逛啊 Edited August 9, 201411 yr by kuazi GA
Create an account or sign in to comment