X0rby Posted April 21, 2023 Posted April 21, 2023 View File VMProtect v3.8.1 Ultra (Mutation + Virtualization) The target is an old software (from 2010) coded in c++, I just apply the VMP protection without any special code as I show in the two screenshots. All available protection features in VMProtect were used with this unpackme. Refer to the attached images for the specific protection settings used. Challenge is to unpack the file, providing an explanation and details on your methodology. Submitter X0rby Submitted 04/17/2023 Category UnPackMe 1
Sean Park - Lovejoy Posted June 7, 2023 Posted June 7, 2023 (edited) It's hard to me. the entry codes are virtualized and mutated and even without titanhide kernel mode anti-debug utility. I can't debug it cause of the vmprotect's anti-debug techniques. Edited June 7, 2023 by windowbase editing some words.
nova789 Posted June 25, 2023 Posted June 25, 2023 Hmm the code is made in c++, one question if it was an .exe made in .net and protected with VMP 3.8.1 would it have been easy?
X0rby Posted June 26, 2023 Author Posted June 26, 2023 5 hours ago, nova789 said: one question if it was an .exe made in .net and protected with VMP 3.8.1 would it have been easy? Yes, I think so - the unpacking of NATIVE APPS is always harder than .NET
Solution X0rby Posted April 2 Author Solution Posted April 2 (edited) Unpacked+devirtualized: unpacked.exe Cleaned (vmp 100% removed): cleaned.exe Edited April 2 by X0rby 6 2
Sean Park - Lovejoy Posted April 2 Posted April 2 11 hours ago, X0rby said: Unpacked+devirtualized: unpacked.exe 28.66 MB · 11 downloads Cleaned (vmp 100% removed): cleaned.exe 202 kB · 14 downloads Please record the process and post it, so we can get benefit from you. Regards. sean. 1
Oliver Posted April 2 Posted April 2 13 hours ago, X0rby said: Unpacked+devirtualized: unpacked.exe 28.66 MB · 31 downloads Cleaned (vmp 100% removed): cleaned.exe 202 kB · 35 downloads @X0rby bro please share the method instead of sharing unpacked files. Regards. 1
ra1n Posted July 17 Posted July 17 Lack of any explanation whatsoever, likely the author just ripped code directly from the source of the original program; which they clearly have access to given the details of the post. For those of you seeking guidance, I'd look elsewhere (old but gold). 1 1 1
RADIOX Posted November 14 Posted November 14 I don't see any solution here fits the requirements ✍️ 2 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now