Jump to content
Tuts 4 You

VMProtect 3.4

Arctic

By Arctic
in UnPackMe (.NET)

 Share

Recommended Posts

Arctic

Arctic

Posted
Posted

Language: .NET
Platform: Windows
OS Version: All
Packer/Protector: VMProtect Ultimate 3.4.0 (Build 1155)

Description:

Unpack the file and get the password (along with some brief explanation). Would like to see if anyone can have a go at VMProtect's new .NET implementation. Good luck :)

VMP Settings used:

Anti-Debugger : User+Kernel

Anti-VM: No

Protections: Memory + Pack Output

Screenshot:

UnpackMe.vmp_iVNsnvAuGr.png.e3deff276bd7329ee0ccf26098b54d4d.png

 

 

VMP3.4.zip

  • Thanks 1
kao

kao

Posted
Posted (edited)

The password is:

Spoiler

7qvtuUbs

 

Explanation:

To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted.

It's enough to run protected software under any debugger and search for strings in memory:

Spoiler

spacer.png

 

As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment.

 

Edited by kao
typos
  • Like 2
  • Thanks 2
Arctic

Arctic

Posted
  • Author
Posted (edited)
On 12/15/2019 at 9:56 AM, kao said:

The password is:

  Reveal hidden contents

7qvtuUbs

 

Explanation:

To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted.

It's enough to run protected software under any debugger and search for strings in memory:

  Hide contents

spacer.png

 

As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment.

 

I could've sworn I used VMProtect's SDK and applied it's settings appropriately though. Maybe something didn't go right in the build and VMP never told me. Nicely done though. 

   [VMProtect.BeginUltra]
        private void button1_Click(object sender, EventArgs e)
        {
            if(txtPsw.Text == VMProtect.SDK.DecryptString("7qvtuUbs"))
            {
                MessageBox.Show(VMProtect.SDK.DecryptString("Authentication successful!"), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Information);
            }
            else
            {
                MessageBox.Show(VMProtect.SDK.DecryptString("Sorry, that appears to be incorrect."), VMProtect.SDK.DecryptString("Validation"), MessageBoxButtons.OK, MessageBoxIcon.Error);
            }
        }

image.png.8823f08cf364c0b716907907308637fa.png

Edited by Arctic
kao

kao

Posted
Posted

@Arctic: Well, if you can reproduce the issue, it's definitely a bug in (some combination of) VMProtect options. Worth sending a bugreport to the authors! ;)

 

 

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...