VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer File Information Submitter whoknows Submitted 05/19/2020 Category UnPackMe (.NET) View File

VMProtect v3.4.0.1155

Posted May 19, 20205 yr

VMProtect v3.4.0.1155

Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection.

Protections used:

Debugger detection (User-mode + Kernel-mode)
Ultra (Mutation + Virtualization)

Disabled protections:

Virtual Machine
Packer

File Information

Submitter whoknows

Submitted 05/19/2020

Category UnPackMe (.NET)

View File

Edited May 21, 20205 yr by whoknows

Solved by BlackHat

November 2, 20204 yr

Go to solution

May 20, 20205 yr

they've done a really nice job!

valid key:

Spoiler

AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm

how:

simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them.
some other info you can find here & here.

awesome.vmp-devirtualized.exe

Edited May 21, 20205 yr by Reza-HNA

May 20, 20205 yr

@Reza-HNA, with all the respect there isn't any tutorial on how you did it.

May 21, 20205 yr

Author

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Edited May 22, 20205 yr by whoknows

May 21, 20205 yr

@CodeExplorer hi, added some info

May 21, 20205 yr

10 hours ago, Reza-HNA said:

@CodeExplorer hi, added some info

That is still light on with detail and context. It basically links to a tool you used and someone else's post...

Ted.

May 22, 20205 yr

Author

without debugger detection

awesome.vmp_nodbg.rar

May 28, 20205 yr

On 5/21/2020 at 1:33 PM, whoknows said:

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ?

May 28, 20205 yr

Author

asking me ? hope @Reza-HNA PM u.

May 29, 20205 yr

16 hours ago, BlackHat said:

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ?

The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.

5 weeks later...

June 29, 20205 yr

Please share the solution through PM

July 3, 20205 yr

You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect?

July 6, 20205 yr

Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful.

3 weeks later...

July 22, 20205 yr

awesome.vmp_dump-cleaned.exe

3 months later...

November 2, 20204 yr

Solution

awesome_cracked.exe

My Solution Details - https://telegra.ph/VMP-Unpacking-11-02

VMP Unpacking - Telegraph.html

November 2, 20204 yr

@BlackHat: thank you, it's a nice tutorial!

But could you please fix images in the tutorial, they are very small and unreadable?

November 3, 20204 yr

5 hours ago, kao said:

@BlackHat: thank you, it's a nice tutorial!

But could you please fix images in the tutorial, they are very small and unreadable?

This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004

Image 1 -