whoknows Posted May 20, 2020 Posted May 20, 2020 (edited) View File VMProtect v3.4.0.1155 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Disabled protections: Virtual Machine Packer Submitter whoknows Submitted 05/19/2020 Category UnPackMe (.NET) Edited May 21, 2020 by whoknows 2 1
Reza-HNA Posted May 20, 2020 Posted May 20, 2020 (edited) they've done a really nice job! valid key: Reveal hidden contents AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm how: simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them. some other info you can find here & here. awesome.vmp-devirtualized.exeFetching info... Edited May 21, 2020 by Reza-HNA 1
CodeExplorer Posted May 20, 2020 Posted May 20, 2020 @Reza-HNA, with all the respect there isn't any tutorial on how you did it.
whoknows Posted May 21, 2020 Author Posted May 21, 2020 (edited) @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Edited May 22, 2020 by whoknows
Teddy Rogers Posted May 21, 2020 Posted May 21, 2020 On 5/21/2020 at 12:03 PM, Reza-HNA said: @CodeExplorer hi, added some info Expand That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted.
whoknows Posted May 22, 2020 Author Posted May 22, 2020 without debugger detection awesome.vmp_nodbg.rarFetching info... 1
BlackHat Posted May 28, 2020 Posted May 28, 2020 On 5/21/2020 at 8:03 AM, whoknows said: @Reza-HNA shared the solution through PM, restore body method and decrypt the string. Expand Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ?
N0P/ribthegreat99 Posted May 29, 2020 Posted May 29, 2020 On 5/28/2020 at 4:08 PM, BlackHat said: Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? Expand The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.
vietnguyen09 Posted July 3, 2020 Posted July 3, 2020 You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect?
bruhware2811 Posted July 6, 2020 Posted July 6, 2020 Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful.
Solution BlackHat Posted November 2, 2020 Solution Posted November 2, 2020 awesome_cracked.exeFetching info... My Solution Details - https://telegra.ph/VMP-Unpacking-11-02 VMP Unpacking - Telegraph.htmlFetching info... 2
kao Posted November 2, 2020 Posted November 2, 2020 @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable?
BlackHat Posted November 3, 2020 Posted November 3, 2020 (edited) On 11/2/2020 at 11:11 PM, kao said: @BlackHat: thank you, it's a nice tutorial! But could you please fix images in the tutorial, they are very small and unreadable? Expand This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 - Edited November 3, 2020 by BlackHat 1
jezani Posted September 16, 2022 Posted September 16, 2022 (edited) Thank you Edited September 16, 2022 by jezani
phoenixdiag Posted February 21, 2023 Posted February 21, 2023 l have small exe l needed unpack code.. Posible?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now