Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Language: .NET
Platform: Windows
OS Version: All
Packer/Protector: VMProtect Ultimate 3.4.0 (Build 1155)

Description:

Unpack the file and get the password (along with some brief explanation). Would like to see if anyone can have a go at VMProtect's new .NET implementation. Good luck :)

VMP Settings used:

Anti-Debugger : User+Kernel

Anti-VM: No

Protections: Memory + Pack Output

Screenshot:

UnpackMe.vmp_iVNsnvAuGr.png.e3deff276bd7329ee0ccf26098b54d4d.png

 

 

VMP3.4.zip

The password is:

Spoiler

7qvtuUbs

 

Explanation:

To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted.

It's enough to run protected software under any debugger and search for strings in memory:

Spoiler

spacer.png

 

As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment.

 

Edited by kao
typos

  • Author
On 12/15/2019 at 9:56 AM, kao said:

The password is:

  Reveal hidden contents

7qvtuUbs

 

Explanation:

To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted.

It's enough to run protected software under any debugger and search for strings in memory:

  Hide contents

spacer.png

 

As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment.

 

I could've sworn I used VMProtect's SDK and applied it's settings appropriately though. Maybe something didn't go right in the build and VMP never told me. Nicely done though.

   [VMProtect.BeginUltra]
        private void button1_Click(object sender, EventArgs e)
        {
            if(txtPsw.Text == VMProtect.SDK.DecryptString("7qvtuUbs"))
            {
                MessageBox.Show(VMProtect.SDK.DecryptString("Authentication successful!"), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Information);
            }
            else
            {
                MessageBox.Show(VMProtect.SDK.DecryptString("Sorry, that appears to be incorrect."), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }

image.png.8823f08cf364c0b716907907308637fa.png

Edited by Arctic

@Arctic: Well, if you can reproduce the issue, it's definitely a bug in (some combination of) VMProtect options. Worth sending a bugreport to the authors! ;)

 

 

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.