virtualguard Posted December 23, 2023 Posted December 23, 2023 View File VirtualGuard v1.0 This file is protected by the first version of VirtualGuard. VirtualGuard is an obfuscator I develop that I am trying to receive some stress testing on I hope this VM makes people think at least a little bit; It's fairly close to 1:1, however I do believe I do some interesting things with comparisons and branching. Haven't seen it anywhere else. Let the record state this is not a "mod" of any other vm, so if you are interested in seeing some new stuff this is for you. This sample contains some fairly simple branch offset mutations, at first glance it may be a slight "wtf moment" (at least I hope), but as soon as you figure out how the comparison system works it should be fairly easy to figure out. Anyways, enough of the kind-of hints. Would love any feedback on this. The crack-me element is fairly basic, just entering a password. Would definitely be a first step to solving though, so would like to see how people work on figuring that out. Good luck! Submitter virtualguard Submitted 12/23/2023 Category UnPackMe (.NET)
Sean Park - Lovejoy Posted December 23, 2023 Posted December 23, 2023 It's difficult to me. Regards. sean. 1
virtualguard Posted December 25, 2023 Author Posted December 25, 2023 I would watch out with using de4dot - make sure you preserve the resources (where the bytecode is stored atm), or you will have not much to work with. 1
Solution Mr-Toms Posted December 27, 2023 Solution Posted December 27, 2023 (edited) My Devirtualized file its not that good about the result because i have some problem while restoring locals you need to see the branch pattern and how they calculate the position, its just need some time to analyze it VirtualGuard.Tests-virt_NoVG.exe Edited December 27, 2023 by Mr-Toms 1
Sean Park - Lovejoy Posted December 27, 2023 Posted December 27, 2023 @Mr-Toms How did you devirtualize it? Can you publish a tutorial for us? Thanks in advance. Regards. sean. 1
Mr-Toms Posted December 27, 2023 Posted December 27, 2023 1 hour ago, windowbase said: @Mr-Toms How did you devirtualize it? Can you publish a tutorial for us? Thanks in advance. Regards. sean. its a longtime journey, you can see my old message in this forum about asking the same thing , but nobody give instant solution the only thing you need to do is learn from the basic, i've started it by looking at open source devirtualizer 1
Sean Park - Lovejoy Posted December 27, 2023 Posted December 27, 2023 Can you link the open source devirtualizer that you started? Regards. sean. 1
Mr-Toms Posted December 27, 2023 Posted December 27, 2023 https://github.com/CursedSheep/MemeVM-Devirt https://github.com/TobitoFatitoRE/HexDevirt 1
Sean Park - Lovejoy Posted December 27, 2023 Posted December 27, 2023 1 minute ago, Mr-Toms said: https://github.com/CursedSheep/MemeVM-Devirt https://github.com/TobitoFatitoRE/HexDevirt Thank you. Regards. sean. 1
virtualguard Posted December 29, 2023 Author Posted December 29, 2023 Awesome job. Creating a new sample shortly. Should be a bit harder to devirtualize; I've added the functionality for multiple vms to be injected, equally distributing the virtualized methods between them. Should add some difficult not in an re sense, but in the way that it'll force you to write something that automatically identifies dynamic values, ie, handler ids and decryption keys. I guess depending on how many vms there are you could just manually input the values, but oh well. Nothing is unbreakable, however I'll try my best to make it a real pain in the butt :).
jackyjask Posted December 29, 2023 Posted December 29, 2023 Could you do nested VM(s)? a VM that is executing another VM that is....
virtualguard Posted December 29, 2023 Author Posted December 29, 2023 I'll consider it, but nested vms imo are just performance hell. If it was just virtualguard layered on virtualguard, the issue would be that it would be a massive performance cost, for really only the benefit of obfuscating the dynamic constant values. A person already has all the code of the publicly exposed vm that's layered, making it so one would just need to locate the constants within the virtualized vm. I published a new sample which is in the process of being verified as I'm writing this. Should be a good bit more challenging than this one.
azufo Posted December 29, 2023 Posted December 29, 2023 On 12/27/2023 at 11:13 AM, windowbase said: Thank you. Regards. sean. See this repo https://github.com/mrT4ntr4/VirtualGuard-Devirt pass for this unpackme is: "olives8" 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now