Thread: VMProtect Source Code Potentially Leaked
View Single Post
  #9  
Old 08-31-2022, 17:31
Jupiter's Avatar
Jupiter Jupiter is offline
Lo*eXeTools*rd
  
Join Date: Jan 2005
Location: Moscow, Russia
Posts: 234
Rept. Given: 43
Rept. Rcvd 62 Times in 37 Posts
Thanks Given: 38
Thanks Rcvd at 191 Times in 57 Posts
Jupiter Reputation: 62
Cool VMProtect != DeVMProtect
Potential VMProtect code leak could offer a possibility to easily build something like "MyVMProtect", but not a possibility to quickly develop something like "DeVMProtect".

The reason is very simple: VMProtect contains a code to virtualise, but it contains no code to devirtualise.

One could check existing researches about virtual machines and VMProtect to explore existing possibilities to devirtualise VMProtect'ed code. Some tools (like based on VTIL, for example) provide enough details about structure of VM internals, so VMProtect source code will just prove some assumptions and reveal additional details about these VMProtect internals, but basic information is already available in VMProtect research papers and articles, accomplished by source code (see VTIL project and its tools).

This means that researchers already have enough information to devirtualise at least some blocks of virtualised code.

The only missing thing is a 'one click solution for dummies' to quickly unpack and devirtualise VMProtect.

But leakage of actual VMProtect sources, with greater probability, it will lead to the appearance of VMProtect clones rather than appearance of DeVMProtect (VMProtect devirtualiser) for dummies.
__________________
EnJoy!
Reply With Quote
The Following 2 Users Gave Reputation+1 to Jupiter For This Useful Post:
papi (09-01-2022), user1 (08-31-2022)
The Following 9 Users Say Thank You to Jupiter For This Useful Post:
Artic (09-02-2022), bolo2002 (08-31-2022), Kurapica (08-31-2022), Mendax47 (08-31-2022), niculaita (09-01-2022), nulli (08-31-2022), tonyweb (09-02-2022), user1 (08-31-2022), Vosiyons (09-01-2022)