VMProtect v3.5.0.1213 (.NET) Unpack

[vosiyons]

VMProtect v3.5.0.1213 (.NET) Unpack Tutor


UnPackMe (.NET) Solution by BlackHat 

[c0re3]

السلام علیکم و رحمت الله

Please include the tutorial file yourself.

شکرا جزیلا.

[c0re3]

السلام علیکم و رحمت الله

الخطوات والأدوات:

Step 1. Start KSDumper and Dump the Challenge from Memory by running it. Download Here - [url]https://github.com/EquiFox/KsDumper[/url] from GitHub. You can also use any Kernel base Dumper or JIT Dumper [url]https://github.com/Anonym0ose/JitDumper[/url]
(When You use KSDumper, You may have to Load Unsafe Driver which you can do by running them using Command Prompt if only You are getting Access Denied error by running normally)
Step 2. Fix Sections Header of your Dumped File using CFF Explorer. Download from - [url]https://ntcore.com/?tag=cff-explorer[/url] here and Fix the Broken value and Untick the IL only check in .NET section.
Step 3. Now Clean the Mutations of VMProtect using Demutation Tool made by wwh1004. You can read here - [url=https://github.com/wwh1004/blog/tree/master/[.NET]%E5%8F%8D%E6%B7%B7%E6%B7%86VMP.NET%E4%B9%8BMutation]https://github.com/wwh1004/blog/tree/master/[.NET]反混淆VMP.NET之Mutation[/url]
(You can also download the Compiled file from this Link - [url]https://disk.yandex.com/d/Zq2q-6YnkrDWiQ[/url] )
Step 4. Clean the File using de4dot. Use the Official de4dot without any mod. You can Download from Here - [url]https://github.com/de4dot/de4dot[/url]
(Use --keep-names ntpfg while cleaning the file using de4dot)
Step 5. Use VMP Killer by DarkBullNull. Download Here - [url]https://github.com/DarkBullNull/VMP.NET-Kill/releases/download/2.1/Release.rar[/url]
(Use Option 2 First and Fix CRC and Debug Check and after this use Option 4 to uncover the Hide Call Method)
Step 6. Open the Unpacked File in dnSpy and go to Module.cctor and nop the call.
Step 7. Crack the Validation Method and Get Profit.