whoknows 331 Posted May 20, 2020 Share Posted May 20, 2020 (edited) View File VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer Submitter whoknows Submitted 05/20/2020 Category UnPackMe (.NET) Edited May 21, 2020 by whoknows (see edit history) 1 Link to post
Reza-HNA 41 Posted May 20, 2020 Share Posted May 20, 2020 (edited) they've done a really nice job! valid key: Spoiler AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exe Edited May 21, 2020 by Reza-HNA (see edit history) 1 Link to post
CodeExplorer 3,507 Posted May 20, 2020 Share Posted May 20, 2020 @Reza-HNA, with all the respect there isn't any tutorial on how you did it. Link to post
whoknows 331 Posted May 21, 2020 Author Share Posted May 21, 2020 (edited) @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Edited May 22, 2020 by whoknows (see edit history) Link to post
Reza-HNA 41 Posted May 21, 2020 Share Posted May 21, 2020 @CodeExplorer hi, added some info Link to post
Teddy Rogers 1,510 Posted May 21, 2020 Share Posted May 21, 2020 10 hours ago, Reza-HNA said: @CodeExplorer hi, added some info That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted. Link to post
whoknows 331 Posted May 22, 2020 Author Share Posted May 22, 2020 without debugger detection awesome.vmp_nodbg.rar 1 Link to post
BlackHat 72 Posted May 28, 2020 Share Posted May 28, 2020 On 5/21/2020 at 1:33 PM, whoknows said: @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? Link to post
whoknows 331 Posted May 28, 2020 Author Share Posted May 28, 2020 asking me ? hope @Reza-HNA PM u. 1 Link to post
N0P/ribthegreat99 22 Posted May 29, 2020 Share Posted May 29, 2020 16 hours ago, BlackHat said: Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized. Link to post
system24 0 Posted June 29, 2020 Share Posted June 29, 2020 Please share the solution through PM Link to post
vietnguyen09 0 Posted July 3, 2020 Share Posted July 3, 2020 You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect? Link to post
bruhware2811 5 Posted July 6, 2020 Share Posted July 6, 2020 Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful. Link to post
BlackHat 72 Posted November 2, 2020 Share Posted November 2, 2020 (edited) awesome_cracked.exe My Solution Details - https://telegra.ph/VMP-Unpacking-11-02 Edited November 2, 2020 by BlackHat (see edit history) Link to post
kao 2,184 Posted November 2, 2020 Share Posted November 2, 2020 @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? Link to post
BlackHat 72 Posted November 3, 2020 Share Posted November 3, 2020 (edited) 5 hours ago, kao said: @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 - Edited November 3, 2020 by BlackHat (see edit history) 1 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now