Jump to content
Tuts 4 You
  • 0
north123

Borland Delphi

Question

north123

Difficulty :                   5
Language :                 Borland Delphi
Platform :                   Windows x32
OS Version :              Windows XP +
Packer / Protector : VMProtect v 3.x

Description : enter password

Screenshot :

123.exe

123.jpg

Share this post


Link to post

8 answers to this question

Recommended Posts

  • 1
SmilingWolf

So you spam people to do the job for you and simultaneusly post the thing as a challenge?
Ok. You know what? Whatever

Login pass: 65412312345
Attached is the ripped algorithm of the generator, I'm throwing this one in for free for sh*t and giggles.

src.7z

Edited by SmilingWolf (see edit history)
  • Like 1

Share this post


Link to post
  • 1
SmilingWolf
11 hours ago, ragdog said:

Why VMProtected? is your algo to simply that you must protect it?:D

Simple is quite the understatement. 11 lines in asm, and IDA sums it up nicely as:

unsigned int __stdcall Generate(unsigned int inputNum)
{
  return 234567891 * __ROL4__(123456791 * (inputNum ^ 0xABD13D59), 16) % 100000000u;
}

Also, it's neither his algorithm nor a challenge created by him. It came into my inbox as a crack request.

  • Like 1

Share this post


Link to post
  • 0
ragdog

Why VMProtected? is your algo to simply that you must protect it?:D

Share this post


Link to post
  • 0
ragdog

It was a Joke

Share this post


Link to post
  • 0
LiuXing

Oh, wonderful.

I thought VMProtect 3.x is perfect packer for Anti-Reversing.

But SmilingWolf changed my concept.

How did you unpacked VMProtec 3.x easily like this?

I am a beginner of reversing. Please post good article about the VMProtect newest versions.

Share this post


Link to post
  • 0
JohnWho
On 6/11/2017 at 2:59 PM, LiuXing said:

Oh, wonderful.

I thought VMProtect 3.x is perfect packer for Anti-Reversing.

 

VMProtect can be powerful if used properly.

  • Like 1

Share this post


Link to post
  • 0
SmilingWolf

Which implies using virtualized sections of code inside the application, something which this program's author blatantly failed to do.
By the way, I didn't unpack the program. I only had to get around VMProtect's anti debugging (easy with ScyllaHide's preset) and debug it to retrieve both the password and the algorithm.

As a pure packer it's meh IMO. Then again, that's not its main purpose, as the name suggests. It is a really interesting virtualizer.

Edited by SmilingWolf (see edit history)
  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...