NoobStar Posted February 4, 2022 Share Posted February 4, 2022 Nice can you upload the tools in the tutorial, Link to comment Share on other sites More sharing options...
sahteuser Posted March 30, 2022 Share Posted March 30, 2022 On 2/5/2022 at 1:39 AM, NoobStar said: Nice can you upload the tools in the tutorial, https://www.dosyaupload.com/26pz5/VMProtect_v3.5.0.1213_-_UnPackMe_(.NET).rar 1 Link to comment Share on other sites More sharing options...
Ricardo Goodlife Posted May 5, 2023 Share Posted May 5, 2023 On 1/19/2022 at 7:59 PM, BlackHat said: How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat Tutorial : Reveal hidden contents Step 1. Start KSDumper and Dump the Challenge from Memory by running it. Download Here - https://github.com/EquiFox/KsDumper from GitHub. You can also use any Kernel base Dumper or JIT Dumper https://github.com/Anonym0ose/JitDumper (When You use KSDumper, You may have to Load Unsafe Driver which you can do by running them using Command Prompt if only You are getting Access Denied error by running normally) Step 2. Fix Sections Header of your Dumped File using CFF Explorer. Download from - https://ntcore.com/?tag=cff-explorer here and Fix the Broken value and Untick the IL only check in .NET section. Step 3. Now Clean the Mutations of VMProtect using Demutation Tool made by wwh1004. You can read here - https://github.com/wwh1004/blog/tree/master/[.NET]反混淆VMP.NET之Mutation (You can also download the Compiled file from this Link - https://disk.yandex.com/d/Zq2q-6YnkrDWiQ ) Step 4. Clean the File using de4dot. Use the Official de4dot without any mod. You can Download from Here - https://github.com/de4dot/de4dot (Use --keep-names ntpfg while cleaning the file using de4dot) Step 5. Use VMP Killer by DarkBullNull. Download Here - https://github.com/DarkBullNull/VMP.NET-Kill/releases/download/2.1/Release.rar (Use Option 2 First and Fix CRC and Debug Check and after this use Option 4 to uncover the Hide Call Method) Step 6. Open the Unpacked File in dnSpy and go to Module.cctor and nop the call. Step 7. Crack the Validation Method and Get Profit. Video Tutorial : Reveal hidden contents VMprotect 3.5 - BlackHat.mp4 14.79 MB · 1 download Best Regards BlackHat awesome.vmp35_BH_unp.exe 95 kB · 29 downloads Hell0 Mr @BlackHat, I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing? VMP has changed them and I belive that might have disabled Dem. Anyway, thanks for the info! 1 Link to comment Share on other sites More sharing options...
AarJee Posted July 4, 2023 Share Posted July 4, 2023 (edited) On 5/5/2023 at 2:56 PM, Ricardo Goodlife said: Hell0 Mr @BlackHat, I know this topic is old, but can you provide any logic on the CFF Sections Headers Fixing? VMP has changed them and I belive that might have disabled Dem. Anyway, thanks for the info! I too agree that where the section header of vmp has been changed, Demutation is not working there. @BlackHat can you please suggest how to deal with it? Edited July 4, 2023 by AarJee Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now