Jump to content
Tuts 4 You

Recommended Posts

Posted

VMProtect HWID CrackMe


I have put all important information in HWID-License.txt.

I hope you all come up with some fascinating solutions.

If you want leave the solution and also if you want to show off you can do that as well! :)


 

  • Thanks 1
0xret2win
Posted

Hey @boot and @New Year - New Mind,

It looks like you actively follow these challenges. When it comes to HWID-based crackmes, what exactly are you looking for? Do you aim to generate a valid HWID-key combination, or would patching the validation routine to accept any key be a viable approach as well?

  • Like 1
  • 2 weeks later...
0xret2win
Posted

@New Year - New Mind Hey New Year! You will have to trace it through VM,i used CE and basically logged all of the things from start to end,im pretty sure i saved CE log on pc,if not ill see to do it again and send it to you so you can observe the things i did.

  • Like 1
lovejoy226
Posted
6 minutes ago, 14yoKID said:

@New Year - New Mind Hey New Year! You will have to trace it through VM,i used CE and basically logged all of the things from start to end,im pretty sure i saved CE log on pc,if not ill see to do it again and send it to you so you can observe the things i did.

@14yoKID hey, man. can you send me the log?

Regards.

sean.

  • Like 1
  • 4 months later...
Posted

Hey guys! I’m iced, a passionate student from Bosnia who’s really into reverse engineering. I decided to join Tuts4You to expand my knowledge and trade insights with people who are way better than me.Im also a friend of @0xret2win and he suggested me to join site and try to tackle couple of nice crackmes posted here. Also i dont think the guy who made this applied full protection settings.

Anyways upon investigating this target i found two interesting calls:

( Not entierly sure if i should do step-by-step since if you follow "MessageBoxA" in ret and stack you will eventually get to same place i got )

"vmp-licensing-test.vmp.exe"+A19CAE - E8 B9CB60FF           - call "vmp-licensing-test.vmp.exe"+2686C
  This is upon hitting "VMProtectGetCurrentHWID".
  RAX => 29

 
"vmp-licensing-test.vmp.exe"+A19C9C - E8 2550ABFF           - call "vmp-licensing-test.vmp.exe"+4CECC6
  This is upon hitting on "VMProtectSetSerialNumber".
  RAX => 20

Using x64dbg :

00007FF665759CAE | E8 B9CB60FF              | call vmp-licensing-test.vmp.7FF664D6686C                            | 
-> VMProtectGetCurrentHWID
00007FF665759C9C | E8 2550ABFF              | call vmp-licensing-test.vmp.7FF66520ECC6                            |
-> VMProtectSetSerialNumber

 

spacer.png

 

 

  • Like 5

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...