whoknows Posted May 20, 2020 Share Posted May 20, 2020 (edited) View File VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer Submitter whoknows Submitted 05/20/2020 Category UnPackMe (.NET) Edited May 21, 2020 by whoknows 2 Link to comment Share on other sites More sharing options...
Reza-HNA Posted May 20, 2020 Share Posted May 20, 2020 (edited) they've done a really nice job! valid key: Spoiler AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exe Edited May 21, 2020 by Reza-HNA 1 Link to comment Share on other sites More sharing options...
CodeExplorer Posted May 20, 2020 Share Posted May 20, 2020 @Reza-HNA, with all the respect there isn't any tutorial on how you did it. Link to comment Share on other sites More sharing options...
whoknows Posted May 21, 2020 Author Share Posted May 21, 2020 (edited) @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Edited May 22, 2020 by whoknows Link to comment Share on other sites More sharing options...
Reza-HNA Posted May 21, 2020 Share Posted May 21, 2020 @CodeExplorer hi, added some info Link to comment Share on other sites More sharing options...
Teddy Rogers Posted May 21, 2020 Share Posted May 21, 2020 10 hours ago, Reza-HNA said: @CodeExplorer hi, added some info That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted. Link to comment Share on other sites More sharing options...
whoknows Posted May 22, 2020 Author Share Posted May 22, 2020 without debugger detection awesome.vmp_nodbg.rar 1 Link to comment Share on other sites More sharing options...
BlackHat Posted May 28, 2020 Share Posted May 28, 2020 On 5/21/2020 at 1:33 PM, whoknows said: @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? Link to comment Share on other sites More sharing options...
whoknows Posted May 28, 2020 Author Share Posted May 28, 2020 asking me ? hope @Reza-HNA PM u. 1 Link to comment Share on other sites More sharing options...
N0P/ribthegreat99 Posted May 29, 2020 Share Posted May 29, 2020 16 hours ago, BlackHat said: Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized. Link to comment Share on other sites More sharing options...
system24 Posted June 29, 2020 Share Posted June 29, 2020 Please share the solution through PM Link to comment Share on other sites More sharing options...
vietnguyen09 Posted July 3, 2020 Share Posted July 3, 2020 You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect? Link to comment Share on other sites More sharing options...
bruhware2811 Posted July 6, 2020 Share Posted July 6, 2020 Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful. Link to comment Share on other sites More sharing options...
MaslovKK Posted July 22, 2020 Share Posted July 22, 2020 awesome.vmp_dump-cleaned.exe Link to comment Share on other sites More sharing options...
Solution BlackHat Posted November 2, 2020 Solution Share Posted November 2, 2020 awesome_cracked.exe My Solution Details - https://telegra.ph/VMP-Unpacking-11-02 VMP Unpacking - Telegraph.html 2 Link to comment Share on other sites More sharing options...
kao Posted November 2, 2020 Share Posted November 2, 2020 @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? Link to comment Share on other sites More sharing options...
BlackHat Posted November 3, 2020 Share Posted November 3, 2020 (edited) 5 hours ago, kao said: @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 - Edited November 3, 2020 by BlackHat 1 Link to comment Share on other sites More sharing options...
jezani Posted September 16, 2022 Share Posted September 16, 2022 (edited) Thank you Edited September 16, 2022 by jezani Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now