View Single Post
  #22  
Old 01-12-2018, 10:40
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 786
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 806
Thanks Rcvd at 2,064 Times in 595 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by Sakaroz View Post
You can verify your system file with this :
https://github.com/LordNoteworthy/al-khaser

...
Yes, I'd shared that on this very forum at least twice ... Here and here for example



Quote:
Originally Posted by Sakaroz View Post
there are two main difficulty .. assigning actual hard drive to virtual machine to avoid using the VMWare IDE/SCSI/SATA Controller

and BIOS patching .. you need to extract the BIOS and Change the VMWare values in the BIOS , modify the .vmx file to read your modified BIOS ..
..
Yes, not only me but many others are also aware of these practical difficulties ... After all, this is a forum for members advanced in RE

What I ( and I presume others following this thread) are looking for, is mainly an account of how you actually managed to achieve it, so that we could possibly replicate it .

Articles are numerous and while they are useful, since you'd specifically stated earlier in this thread that "I was unable to get this software to work but by Modifying Vmware using a Custom BIOS I was able to defeat all the targets with virtual machine detection in VMWare Environment .. " , we are looking to see a practical example of how you managed to accomplish it...

In fact, content from this repo is still relevant but seems to fail when attempting to bypass the VM Check of VMP 3.1 ..
These steps still continue to work on a majority of targets...

As I said earlier, a good PoC would be if you could show us an example of how a VM Check of an executable protected with VMProtect >v3.1 could be bypassed without any modification to the executable (or to its image in memory using a loader etc) itself, as we are already well aware of how to do so when we are allowed to patch the executable or its memory space.

Thank you

Last edited by TechLord; 01-12-2018 at 11:13.
Reply With Quote
The Following 5 Users Say Thank You to TechLord For This Useful Post:
gsaralji (01-12-2018), Indigo (07-19-2019), Sakaroz (01-12-2018), Stingered (01-12-2018), tonyweb (01-15-2018)