March 30, 20223 yr On 2/5/2022 at 1:39 AM, NoobStar said: Nice can you upload the tools in the tutorial, https://www.dosyaupload.com/26pz5/VMProtect_v3.5.0.1213_-_UnPackMe_(.NET).rar
May 5, 20232 yr On 1/19/2022 at 7:59 PM, BlackHat said: How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat Tutorial : Reveal hidden contents Step 1. Start KSDumper and Dump the Challenge from Memory by running it. Download Here - https://github.com/EquiFox/KsDumper from GitHub. You can also use any Kernel base Dumper or JIT Dumper https://github.com/Anonym0ose/JitDumper (When You use KSDumper, You may have to Load Unsafe Driver which you can do by running them using Command Prompt if only You are getting Access Denied error by running normally) Step 2. Fix Sections Header of your Dumped File using CFF Explorer. Download from - https://ntcore.com/?tag=cff-explorer here and Fix the Broken value and Untick the IL only check in .NET section. Step 3. Now Clean the Mutations of VMProtect using Demutation Tool made by wwh1004. You can read here - https://github.com/wwh1004/blog/tree/master/[.NET]反混淆VMP.NET之Mutation (You can also download the Compiled file from this Link - https://disk.yandex.com/d/Zq2q-6YnkrDWiQ ) Step 4. Clean the File using de4dot. Use the Official de4dot without any mod. You can Download from Here - https://github.com/de4dot/de4dot (Use --keep-names ntpfg while cleaning the file using de4dot) Step 5. Use VMP Killer by DarkBullNull. Download Here - https://github.com/DarkBullNull/VMP.NET-Kill/releases/download/2.1/Release.rar (Use Option 2 First and Fix CRC and Debug Check and after this use Option 4 to uncover the Hide Call Method) Step 6. Open the Unpacked File in dnSpy and go to Module.cctor and nop the call. Step 7. Crack the Validation Method and Get Profit. Video Tutorial : Reveal hidden contents VMprotect 3.5 - BlackHat.mp4 14.79 MB · 1 download Best Regards BlackHat awesome.vmp35_BH_unp.exe 95 kB · 29 downloads Hell0 Mr @BlackHat, I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing? VMP has changed them and I belive that might have disabled Dem. Anyway, thanks for the info!
July 4, 20232 yr On 5/5/2023 at 2:56 PM, Ricardo Goodlife said: Hell0 Mr @BlackHat, I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing? VMP has changed them and I belive that might have disabled Dem. Anyway, thanks for the info! I too agree that where the section header of vmp has been changed, Demutation is not working there. @BlackHat can you please suggest how to deal with it? Edited July 4, 20232 yr by AarJee
August 23, 20241 yr On 7/4/2023 at 12:33 PM, AarJee said: I too agree that where the section header of vmp has been changed, Demutation is not working there. @BlackHat can you please suggest how to deal with it? maybe you can try VMUnprotect.Dumper (https://github.com/void-stack/VMUnprotect.Dumper) first then do Demutation
Create an account or sign in to comment