Posted December 12, 20195 yr Language: .NET Platform: Windows OS Version: All Packer/Protector: VMProtect Ultimate 3.4.0 (Build 1155) Description: Unpack the file and get the password (along with some brief explanation). Would like to see if anyone can have a go at VMProtect's new .NET implementation. Good luck VMP Settings used: Anti-Debugger : User+Kernel Anti-VM: No Protections: Memory + Pack Output Screenshot: VMP3.4.zip
December 15, 20195 yr The password is: Spoiler 7qvtuUbs Explanation: To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted. It's enough to run protected software under any debugger and search for strings in memory: Spoiler As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment. Edited December 15, 20195 yr by kao typos
December 16, 20195 yr Author On 12/15/2019 at 9:56 AM, kao said: The password is: Reveal hidden contents 7qvtuUbs Explanation: To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted. It's enough to run protected software under any debugger and search for strings in memory: Hide contents As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment. I could've sworn I used VMProtect's SDK and applied it's settings appropriately though. Maybe something didn't go right in the build and VMP never told me. Nicely done though. [VMProtect.BeginUltra] private void button1_Click(object sender, EventArgs e) { if(txtPsw.Text == VMProtect.SDK.DecryptString("7qvtuUbs")) { MessageBox.Show(VMProtect.SDK.DecryptString("Authentication successful!"), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Information); } else { MessageBox.Show(VMProtect.SDK.DecryptString("Sorry, that appears to be incorrect."), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Error); } } Edited December 16, 20195 yr by Arctic
December 17, 20195 yr @Arctic: Well, if you can reproduce the issue, it's definitely a bug in (some combination of) VMProtect options. Worth sending a bugreport to the authors!
Create an account or sign in to comment