Jump to content
Tuts 4 You

VMProtect v3.4.0.1155


whoknows

Recommended Posts

whoknows
Posted (edited)

VMProtect v3.4.0.1155


Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection.

Protections used:

  • Debugger detection (User-mode + Kernel-mode)
  • Ultra (Mutation + Virtualization)

Disabled protections:

  • Virtual Machine
  • Packer

 

Edited by whoknows (see edit history)
  • Like 1
Link to post
Reza-HNA
Posted (edited)

they've done a really nice job!
ScreenShot_20200520224109.png.63bc13bb1b9463a8c56ea95bd23ba299.png


valid key:

Spoiler

AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyALFitASwYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fIGHRcMBz6P0wXIZTrWJI90jLU8o6lxAeWJxxcF1s2xwm

how:

simply you need to figure out how VM read instructions/Eh etc and restore them. devirtualizing all .net targets are the same so try to write a devirtualizer for simple VM and learn how to deal with them.
some other info you can find here & here.

awesome.vmp-devirtualized.exe

Edited by Reza-HNA (see edit history)
Link to post
Teddy Rogers
10 hours ago, Reza-HNA said:

@CodeExplorer hi, added some info

That is still light on with detail and context. It basically links to a tool you used and someone else's post...

Ted.

Link to post
BlackHat
On 5/21/2020 at 1:33 PM, whoknows said:

@Reza-HNA shared the solution through PM, restore body method and decrypt the string.

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

Link to post
N0P/ribthegreat99
16 hours ago, BlackHat said:

Can you explain bro little bit info regarding removing VMProtect Anti Tamper Remove and restoring Strings ? 

The anti-tamper method is virtualized, so yes you can remove anti-tamper but the app will crash every time because the anti-tamper check method is virtualized.

Link to post
  • 5 weeks later...
vietnguyen09

You guys are amazing, VMProtect still the best? Which is better between DNGuard and VMProtect?

Link to post
bruhware2811

Hey can somebody teach me how to unpack vmprotect for .net? I would be really thankful.

Link to post
  • 3 weeks later...
  • 3 months later...
kao

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?

Link to post
BlackHat
5 hours ago, kao said:

@BlackHat: thank you, it's a nice tutorial! :) 

But could you please fix images in the tutorial, they are very small and unreadable?

 

This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 

 

Image 1 - KTxsQsJ.png

Image 2 - qItHHIv.png

 

 

Edited by BlackHat (see edit history)
  • Thanks 1
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...