deepzero Posted November 6, 2023 Share Posted November 6, 2023 Quote I'm releasing my VMProtect devirtualizer for others to research, learn, and improve. This project started in 2018 as a hobby project and was rewritten at least 4 times. During my research, I've met with awesome people, made friends, and learned a lot. The tool is for educational purposes only, it works for vmprotect < 3.8 but produces less than ideal output. How does it work? The tool uses Triton for emulation, symbolic execution, and lifting. The easiest way to match VM handlers is to match them on the Triton AST level. The tool symbolizes vip and vsp registers and propagates memory loads and stores. Almost every handler ends with the store (to the stack, vm register or memory). We take Triton AST of the value that is being stored and match against known patterns: https://github.com/archercreat/titan 6 Link to comment
hank Posted March 25 Share Posted March 25 Anyone cloned titan repo? It's currently down, please share! Link to comment
Stuttered Posted March 25 Share Posted March 25 13 hours ago, hank said: Anyone cloned titan repo? It's currently down, please share! Here you go: https://mega.nz/file/y4ZGVIiQ#M8OgBUWMwMqzwYH0z0WFA6ihNuYvCDaOtHTN6gT5MNo 3 Link to comment
boot Posted March 25 Share Posted March 25 16 hours ago, hank said: Anyone cloned titan repo? It's currently down, please share! https://github.com/gmh5225/titan-1 4 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now