whoknows Posted May 20, 2020 Share Posted May 20, 2020 (edited) View File VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer Submitter whoknows Submitted 05/20/2020 Category UnPackMe (.NET) Edited May 21, 2020 by whoknows 2 Link to comment
Reza-HNA Posted May 20, 2020 Share Posted May 20, 2020 (edited) they've done a really nice job! valid key: Spoiler AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exe Edited May 21, 2020 by Reza-HNA 1 Link to comment
CodeExplorer Posted May 20, 2020 Share Posted May 20, 2020 @Reza-HNA, with all the respect there isn't any tutorial on how you did it. Link to comment
whoknows Posted May 21, 2020 Author Share Posted May 21, 2020 (edited) @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Edited May 22, 2020 by whoknows Link to comment
Reza-HNA Posted May 21, 2020 Share Posted May 21, 2020 @CodeExplorer hi, added some info Link to comment
Teddy Rogers Posted May 21, 2020 Share Posted May 21, 2020 10 hours ago, Reza-HNA said: @CodeExplorer hi, added some info That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted. Link to comment
whoknows Posted May 22, 2020 Author Share Posted May 22, 2020 without debugger detection awesome.vmp_nodbg.rar 1 Link to comment
BlackHat Posted May 28, 2020 Share Posted May 28, 2020 On 5/21/2020 at 1:33 PM, whoknows said: @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? Link to comment
whoknows Posted May 28, 2020 Author Share Posted May 28, 2020 asking me ? hope @Reza-HNA PM u. 1 Link to comment
N0P/ribthegreat99 Posted May 29, 2020 Share Posted May 29, 2020 16 hours ago, BlackHat said: Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized. Link to comment
system24 Posted June 29, 2020 Share Posted June 29, 2020 Please share the solution through PM Link to comment
vietnguyen09 Posted July 3, 2020 Share Posted July 3, 2020 You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect? Link to comment
bruhware2811 Posted July 6, 2020 Share Posted July 6, 2020 Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful. Link to comment
MaslovKK Posted July 22, 2020 Share Posted July 22, 2020 awesome.vmp_dump-cleaned.exe Link to comment
Solution BlackHat Posted November 2, 2020 Solution Share Posted November 2, 2020 awesome_cracked.exe My Solution Details - https://telegra.ph/VMP-Unpacking-11-02 VMP Unpacking - Telegraph.html 1 Link to comment
kao Posted November 2, 2020 Share Posted November 2, 2020 @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? Link to comment
BlackHat Posted November 3, 2020 Share Posted November 3, 2020 (edited) 5 hours ago, kao said: @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 - Edited November 3, 2020 by BlackHat 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now