VMProtect v3.5.0.1213 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) File Information Submitter whoknows Submitted 08/06/2020 Category UnPackMe (.NET) View File

How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat Tutorial : Video Tutorial : Best Regards BlackHat awesome.vmp35_BH_unp.exe

VMProtect v3.5.0.1213

February 4, 20223 yr

Nice can you upload the tools in the tutorial,

March 30, 20223 yr

On 2/5/2022 at 1:39 AM, NoobStar said:

Nice can you upload the tools in the tutorial,

https://www.dosyaupload.com/26pz5/VMProtect_v3.5.0.1213_-_UnPackMe_(.NET).rar

1

May 5, 20232 yr

On 1/19/2022 at 7:59 PM, BlackHat said:

How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat

Tutorial :

Reveal hidden contents

Step 1. Start KSDumper and Dump the Challenge from Memory by running it. Download Here - https://github.com/EquiFox/KsDumper from GitHub. You can also use any Kernel base Dumper or JIT Dumper https://github.com/Anonym0ose/JitDumper
(When You use KSDumper, You may have to Load Unsafe Driver which you can do by running them using Command Prompt if only You are getting Access Denied error by running normally)

Step 2. Fix Sections Header of your Dumped File using CFF Explorer. Download from - https://ntcore.com/?tag=cff-explorer here and Fix the Broken value and Untick the IL only check in .NET section.

Step 3. Now Clean the Mutations of VMProtect using Demutation Tool made by wwh1004. You can read here - https://github.com/wwh1004/blog/tree/master/[.NET]反混淆VMP.NET之Mutation
(You can also download the Compiled file from this Link - https://disk.yandex.com/d/Zq2q-6YnkrDWiQ )

Step 4. Clean the File using de4dot. Use the Official de4dot without any mod. You can Download from Here - https://github.com/de4dot/de4dot
(Use --keep-names ntpfg while cleaning the file using de4dot)

Step 5. Use VMP Killer by DarkBullNull. Download Here - https://github.com/DarkBullNull/VMP.NET-Kill/releases/download/2.1/Release.rar
(Use Option 2 First and Fix CRC and Debug Check and after this use Option 4 to uncover the Hide Call Method)

Step 6. Open the Unpacked File in dnSpy and go to Module.cctor and nop the call.

Step 7. Crack the Validation Method and Get Profit.

Video Tutorial :

Reveal hidden contents

Best Regards

BlackHat

awesome.vmp35_BH_unp.exe 95 kB · 29 downloads

Hell0 Mr @BlackHat,

I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing?

VMP has changed them and I belive that might have disabled Dem.

Anyway, thanks for the info!

2

July 4, 20232 yr

On 5/5/2023 at 2:56 PM, Ricardo Goodlife said:

Hell0 Mr @BlackHat,

I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing?

VMP has changed them and I belive that might have disabled Dem.

Anyway, thanks for the info!

I too agree that where the section header of vmp has been changed, Demutation is not working there. @BlackHat can you please suggest how to deal with it?

Edited July 4, 20232 yr by AarJee

1

August 23, 20241 yr

On 7/4/2023 at 12:33 PM, AarJee said:

I too agree that where the section header of vmp has been changed, Demutation is not working there. @BlackHat can you please suggest how to deal with it?

maybe you can try VMUnprotect.Dumper (https://github.com/void-stack/VMUnprotect.Dumper) first then do Demutation

1

Sign In

VMProtect v3.5.0.1213

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)