Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Nice  can you upload the tools in the tutorial,

  • 1 month later...
  • 1 year later...
On 1/19/2022 at 7:59 PM, BlackHat said:

How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat

Tutorial :

  Reveal hidden contents

Step 1. Start KSDumper and Dump the Challenge from Memory by running it. Download Here - https://github.com/EquiFox/KsDumper from GitHub. You can also use any Kernel base Dumper or JIT Dumper https://github.com/Anonym0ose/JitDumper
(When You use KSDumper, You may have to Load Unsafe Driver which you can do by running them using Command Prompt if only You are getting Access Denied error by running normally)

Step 2. Fix Sections Header of your Dumped File using CFF Explorer. Download from - https://ntcore.com/?tag=cff-explorer here and Fix the Broken value and Untick the IL only check in .NET section.

Step 3. Now Clean the Mutations of VMProtect using Demutation Tool made by wwh1004. You can read here - https://github.com/wwh1004/blog/tree/master/[.NET]反混淆VMP.NET之Mutation
(You can also download the Compiled file from this Link - https://disk.yandex.com/d/Zq2q-6YnkrDWiQ )

Step 4. Clean the File using de4dot. Use the Official de4dot without any mod. You can Download from Here - https://github.com/de4dot/de4dot
(Use --keep-names ntpfg while cleaning the file using de4dot)

Step 5. Use VMP Killer by DarkBullNull. Download Here - https://github.com/DarkBullNull/VMP.NET-Kill/releases/download/2.1/Release.rar
(Use Option 2 First and Fix CRC and Debug Check and after this use Option 4 to uncover the Hide Call Method)

Step 6. Open the Unpacked File in dnSpy and go to Module.cctor and nop the call.

Step 7. Crack the Validation Method and Get Profit.

Video Tutorial : 

 

Best Regards

BlackHat

awesome.vmp35_BH_unp.exe 95 kB · 29 downloads

 

Hell0 Mr @BlackHat,

I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing?

VMP has changed them and I belive that might have disabled Dem.

Anyway, thanks for the info!

 

  • 1 month later...
On 5/5/2023 at 2:56 PM, Ricardo Goodlife said:

 

Hell0 Mr @BlackHat,

I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing?

VMP has changed them and I belive that might have disabled Dem.

Anyway, thanks for the info!

 

I too agree that where the section header of vmp has been changed, Demutation is not working there.  @BlackHat  can you please suggest how to deal with it?

Edited by AarJee

  • 1 year later...
On 7/4/2023 at 12:33 PM, AarJee said:

I too agree that where the section header of vmp has been changed, Demutation is not working there.  @BlackHat  can you please suggest how to deal with it?

maybe you can try VMUnprotect.Dumper (https://github.com/void-stack/VMUnprotect.Dumper) first then do Demutation

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.