freddy Posted February 11 Posted February 11 View File VMProtect HWID CrackMe I have put all important information in HWID-License.txt. I hope you all come up with some fascinating solutions. If you want leave the solution and also if you want to show off you can do that as well! Submitter freddy Submitted 02/07/2025 Category CrackMe 1
0xret2win Posted February 13 Posted February 13 Hey @boot and @New Year - New Mind, It looks like you actively follow these challenges. When it comes to HWID-based crackmes, what exactly are you looking for? Do you aim to generate a valid HWID-key combination, or would patching the validation routine to accept any key be a viable approach as well? 1
0xret2win Posted February 21 Posted February 21 Im pretty sure i have patched most of the things successfully. Results : Screen Recording - Made with FlexClip.webm 1 1
lovejoy226 Posted February 22 Posted February 22 (edited) 10 hours ago, 14yoKID said: Im pretty sure i have patched most of the things successfully. Results : Screen Recording - Made with FlexClip.webm 2.66 MB · 0 downloads @14yoKID How to find the conditional jump after the VMProtectSetSerialNumber function? Regards. sean. Edited February 22 by New Year - New Mind 1
0xret2win Posted February 22 Posted February 22 @New Year - New Mind Hey New Year! You will have to trace it through VM,i used CE and basically logged all of the things from start to end,im pretty sure i saved CE log on pc,if not ill see to do it again and send it to you so you can observe the things i did. 1
lovejoy226 Posted February 22 Posted February 22 6 minutes ago, 14yoKID said: @New Year - New Mind Hey New Year! You will have to trace it through VM,i used CE and basically logged all of the things from start to end,im pretty sure i saved CE log on pc,if not ill see to do it again and send it to you so you can observe the things i did. @14yoKID hey, man. can you send me the log? Regards. sean. 1
iced Posted Tuesday at 03:14 PM Posted Tuesday at 03:14 PM Hey guys! I’m iced, a passionate student from Bosnia who’s really into reverse engineering. I decided to join Tuts4You to expand my knowledge and trade insights with people who are way better than me.Im also a friend of @0xret2win and he suggested me to join site and try to tackle couple of nice crackmes posted here. Also i dont think the guy who made this applied full protection settings. Anyways upon investigating this target i found two interesting calls: ( Not entierly sure if i should do step-by-step since if you follow "MessageBoxA" in ret and stack you will eventually get to same place i got ) "vmp-licensing-test.vmp.exe"+A19CAE - E8 B9CB60FF - call "vmp-licensing-test.vmp.exe"+2686C This is upon hitting "VMProtectGetCurrentHWID". RAX => 29 "vmp-licensing-test.vmp.exe"+A19C9C - E8 2550ABFF - call "vmp-licensing-test.vmp.exe"+4CECC6 This is upon hitting on "VMProtectSetSerialNumber". RAX => 20 Using x64dbg : 00007FF665759CAE | E8 B9CB60FF | call vmp-licensing-test.vmp.7FF664D6686C | -> VMProtectGetCurrentHWID 00007FF665759C9C | E8 2550ABFF | call vmp-licensing-test.vmp.7FF66520ECC6 | -> VMProtectSetSerialNumber 5
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now