Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

VMProtect v3.4.0.1155

Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection.

Protections used:

  • Debugger detection (User-mode + Kernel-mode)
  • Ultra (Mutation + Virtualization)

Disabled protections:

  • Virtual Machine
  • Packer

File Information

Submitter whoknows

Submitted 05/19/2020

Category UnPackMe (.NET)

View File

VMProtect v3.4.0.1155

Edited by whoknows

Solved by BlackHat

Go to solution

they've done a really nice job!
ScreenShot_20200520224109.png.63bc13bb1b9463a8c56ea95bd23ba299.png


valid key:

Spoiler

AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm

how:

simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them.
some other info you can find here & here.

awesome.vmp-devirtualized.exe

Edited by Reza-HNA

@Reza-HNA, with all the respect there isn't any tutorial on how you did it.

 

  • Author

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Edited by whoknows

@CodeExplorer hi, added some info

10 hours ago, Reza-HNA said:

@CodeExplorer hi, added some info

That is still light on with detail and context. It basically links to a tool you used and someone else's post...

Ted.

  • Author

without debugger detection

awesome.vmp_nodbg.rar

On 5/21/2020 at 1:33 PM, whoknows said:

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

  • Author

asking me ? hope @Reza-HNA PM u.

16 hours ago, BlackHat said:

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.

  • 5 weeks later...

Please share the solution through PM

You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect?

Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful.

  • 3 weeks later...
  • 3 months later...

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?

5 hours ago, kao said:

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?

 

This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 

 

Image 1 - KTxsQsJ.png

Image 2 - qItHHIv.png

 

 

Edited by BlackHat

  • 1 year later...

Thank you

Edited by jezani

  • 5 months later...

l have small exe l needed unpack code.. Posible?

  • 3 months later...

thxx

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.