Jump to content
Tuts 4 You

VMProtect v3.4.0.1155


whoknows
Go to solution Solved by BlackHat,

Recommended Posts

VMProtect v3.4.0.1155


Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection.

Protections used:

  • Debugger detection (User-mode + Kernel-mode)
  • Ultra (Mutation + Virtualization)

Disabled protections:

  • Virtual Machine
  • Packer

 

Edited by whoknows
  • Like 2
Link to comment

they've done a really nice job!
ScreenShot_20200520224109.png.63bc13bb1b9463a8c56ea95bd23ba299.png


valid key:

Spoiler

AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm

how:

simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them.
some other info you can find here & here.

awesome.vmp-devirtualized.exe

Edited by Reza-HNA
  • Like 1
Link to comment
Teddy Rogers
10 hours ago, Reza-HNA said:

@CodeExplorer hi, added some info

That is still light on with detail and context. It basically links to a tool you used and someone else's post...

Ted.

Link to comment
On 5/21/2020 at 1:33 PM, whoknows said:

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

Link to comment
N0P/ribthegreat99
16 hours ago, BlackHat said:

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.

Link to comment
  • 5 weeks later...
  • 3 weeks later...
  • 3 months later...
5 hours ago, kao said:

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?

 

This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 

 

Image 1 - KTxsQsJ.png

Image 2 - qItHHIv.png

 

 

Edited by BlackHat
  • Thanks 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...