whoknows 293 Posted May 20 Share Posted May 20 (edited) View File VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer Submitter whoknows Submitted 05/20/2020 Category UnPackMe (.NET) Edited May 21 by whoknows (see edit history) 1 Link to post
Reza-HNA 39 Posted May 20 Share Posted May 20 (edited) they've done a really nice job! valid key: Spoiler AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exe Edited May 21 by Reza-HNA (see edit history) Link to post
CodeExplorer 3,466 Posted May 20 Share Posted May 20 @Reza-HNA, with all the respect there isn't any tutorial on how you did it. Link to post
whoknows 293 Posted May 21 Author Share Posted May 21 (edited) @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Edited May 22 by whoknows (see edit history) Link to post
Teddy Rogers 1,471 Posted May 21 Share Posted May 21 10 hours ago, Reza-HNA said: @CodeExplorer hi, added some info That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted. Link to post
whoknows 293 Posted May 22 Author Share Posted May 22 without debugger detection awesome.vmp_nodbg.rar 1 Link to post
BlackHat 65 Posted May 28 Share Posted May 28 On 5/21/2020 at 1:33 PM, whoknows said: @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? Link to post
whoknows 293 Posted May 28 Author Share Posted May 28 asking me ? hope @Reza-HNA PM u. 1 Link to post
N0P/ribthegreat99 20 Posted May 29 Share Posted May 29 16 hours ago, BlackHat said: Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized. Link to post
vietnguyen09 0 Posted July 3 Share Posted July 3 You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect? Link to post
bruhware2811 5 Posted July 6 Share Posted July 6 Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful. Link to post
BlackHat 65 Posted November 2 Share Posted November 2 (edited) awesome_cracked.exe My Solution Details - https://telegra.ph/VMP-Unpacking-11-02 Edited November 2 by BlackHat (see edit history) Link to post
kao 2,143 Posted November 2 Share Posted November 2 @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? Link to post
BlackHat 65 Posted November 3 Share Posted November 3 (edited) 5 hours ago, kao said: @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 - Edited November 3 by BlackHat (see edit history) 1 Link to post
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now