+- الفريق العربي للهندسة العكسية (https://www.at4re.net/f)
+-- قسم : ENGLISH FORUM (https://www.at4re.net/f/forum-6.html)
+--- قسم : General Discussion (https://www.at4re.net/f/forum-13.html)
+--- الموضوع : VMProtect Linux HWID bypass help [Request] (/thread-3130.html)
VMProtect Linux HWID bypass help [Request] - kesfaw - 24-06-2022
Hi mates,
I have an ELF binary that is locked or bound to a specific device by HWID using VMProtect. On the other hand, the binary cannot run on other PC/system. Please help me bypass it. I don't need to unpack it, just want to remove the hardware lock.
Below is the attachment for the ELF binary
https://mega.nz/file/9AIxxAyC#YFEOalPT5OqYkE3l0MvGYZsF2xk6IpTPIbbyZKMg3Dg
My solution
I tried to find the HWID in the binary, and simulate it on my PC to bypass the lock.
What did I do?
The above sample ELF will try to load uuid.so to reckon the HWID of the machine. From this point, I tried to follow that syscall to find out what is HWID of my PC, and what is the existing HWID in the ELF used to compare with. But, no luck. The flow wrapped by VMProtect binary is too complicate for me. Any help that figures it out would be great.
Thanks for reading
RE: VMProtect Linux HWID bypass help [Request] - mohamad - 24-06-2022
link encrypted
RE: VMProtect Linux HWID bypass help [Request] - kesfaw - 27-06-2022
Sorry! The provider Mega locks the attachment somehow. I upload it to mediafire instead.
https://www.mediafire.com/file/d36rwfuhbn44ep3/crackme_pass123.7z/file
Pass to unzip: 123
RE: VMProtect Linux HWID bypass help [Request] - kesfaw - 29-06-2022
[font][font].One glue is that the attached ELF binary will call uuid.so. From there, we are very close to the point of HWID check.[/font][/font]