Arctic Posted December 12, 2019 Posted December 12, 2019 Language: .NET Platform: Windows OS Version: All Packer/Protector: VMProtect Ultimate 3.4.0 (Build 1155) Description: Unpack the file and get the password (along with some brief explanation). Would like to see if anyone can have a go at VMProtect's new .NET implementation. Good luck VMP Settings used: Anti-Debugger : User+Kernel Anti-VM: No Protections: Memory + Pack Output Screenshot: VMP3.4.zip 1
kao Posted December 15, 2019 Posted December 15, 2019 (edited) The password is: Spoiler 7qvtuUbs Explanation: To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted. It's enough to run protected software under any debugger and search for strings in memory: Spoiler As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment. Edited December 15, 2019 by kao typos 2 2
Arctic Posted December 16, 2019 Author Posted December 16, 2019 (edited) On 12/15/2019 at 9:56 AM, kao said: The password is: Reveal hidden contents 7qvtuUbs Explanation: To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted. It's enough to run protected software under any debugger and search for strings in memory: Hide contents As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment. I could've sworn I used VMProtect's SDK and applied it's settings appropriately though. Maybe something didn't go right in the build and VMP never told me. Nicely done though. [VMProtect.BeginUltra] private void button1_Click(object sender, EventArgs e) { if(txtPsw.Text == VMProtect.SDK.DecryptString("7qvtuUbs")) { MessageBox.Show(VMProtect.SDK.DecryptString("Authentication successful!"), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Information); } else { MessageBox.Show(VMProtect.SDK.DecryptString("Sorry, that appears to be incorrect."), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Error); } } Edited December 16, 2019 by Arctic
kao Posted December 17, 2019 Posted December 17, 2019 @Arctic: Well, if you can reproduce the issue, it's definitely a bug in (some combination of) VMProtect options. Worth sending a bugreport to the authors! 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now