whoknows Posted October 23, 2021 Posted October 23, 2021 View File VMProtect v3.5.1 Hi all, This is a protected with the TRIAL edition... Mutation / Virtualization w/ the built in VMProtect license system. VMProtect Debugger detection - disabled. (apparently some C# lines added) VMProtect Trial limitation : user has to patch the file to run to his machine. There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... If a valid serial entered on 1st form, is saved to license.diz file. Submitter whoknows Submitted 10/07/2021 Category UnPackMe (.NET) 2
Hadits follower Posted September 27, 2024 Posted September 27, 2024 the exe is not running in my machine , do u have some v3.5 full version protected vm method little sample files 1
CodeExplorer Posted September 27, 2024 Posted September 27, 2024 1 hour ago, Hadits follower said: the exe is not running in my machine , do u have some v3.5 full version protected vm method little sample files On 10/23/2021 at 3:15 AM, whoknows said: VMProtect Trial limitation : user has to patch the file to run to his machine. 1
Hadits follower Posted September 27, 2024 Posted September 27, 2024 hi, thanks but the problem i have failed to do that . i think i need some vmprotect v3.5 full version protected sample little tinny files , which wheres some method have vm marked , actually v3.5 main vm method have perams and also cleaning 0600001 exe after the exe run and also have something which i can not explain in english . 1
Hadits follower Posted September 27, 2024 Posted September 27, 2024 (edited) if anyone have vmp marked methods v3.5 full version protected sample little test files , please post those files if possible , thank u all very much : Edited September 27, 2024 by Hadits follower 1
Hadits follower Posted September 27, 2024 Posted September 27, 2024 (edited) just protect some files in minimum label without cflow marked , and vm all methods, everything should be by v3.5 , thats it , i will try to learn something from it , thank you too much Edited September 27, 2024 by Hadits follower 1
whoknows Posted September 27, 2024 Author Posted September 27, 2024 @Hadits follower dn 473kb @: https://download.ru/files/wzwPRCwM made by : VMProtect Ultimate v3.5.0.1213-WEB0DAY VMProtect Ultimate v3.5.1.1399-crk 2
CodeExplorer Posted October 2, 2024 Posted October 2, 2024 de4vmp - VMProtect unvirtualizer: https://github.com/chickenienRE/de4vmp Demutation https://github.com/xlfj5211/DeMutation For MSIL decryption SMD_for_agile can be used. I didn't complete yet the challenge. 4
CodeExplorer Posted October 15, 2024 Posted October 15, 2024 WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 7 2
whoknows Posted November 30, 2024 Author Posted November 30, 2024 (edited) for the moment I mark @CodeExplorer reply as solution, still needs @Washi / @BlackHat touch for devirtualization! [EDIT] the CC attached, is another release is not this thread. Edited November 30, 2024 by whoknows 1
tiantian Posted January 30 Posted January 30 yes,I also encountered the same problem,I am unable to open it,Until now, there is no way to solve it!I am very distressed 1
lovejoy226 Posted February 1 Posted February 1 On 10/16/2024 at 2:12 AM, CodeExplorer said: WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 39 downloads @CodeExplorer Can it be feasible to unpack this target with your method? Regards. sean.
0x0KernalExploit Posted June 8 Posted June 8 On 10/15/2024 at 6:12 PM, CodeExplorer said: WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar 347.55 kB · 57 downloads Bro is semi-decrypted; it works fine, but is obfuscated. Any Other Solution On 10/15/2024 at 6:12 PM, CodeExplorer said:
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now