Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-16-2022, 21:56
Zeokat Zeokat is offline
Friend
 
Join Date: Dec 2017
Posts: 81
Rept. Given: 0
Rept. Rcvd 14 Times in 10 Posts
Thanks Given: 378
Thanks Rcvd at 227 Times in 56 Posts
Zeokat Reputation: 14
Post VMProtect Devirtualization - Experimental dynamic approach

VMProtect Devirtualization

An experimental dynamic approach to devirtualize pure functions protected by VMProtect 3.x

Credits: Jonathan Salwan

Github link:
Code:
https://github.com/JonathanSalwan/VMProtect-devirtualization
Reply With Quote
The Following User Says Thank You to Zeokat For This Useful Post:
tonyweb (02-19-2022)
  #2  
Old 02-17-2022, 00:32
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
vmprotect is under attack from all.

no thanks !
Reply With Quote
  #3  
Old 02-17-2022, 04:30
Trit0n Trit0n is offline
Family
 
Join Date: Sep 2011
Location: +47.xxxx / +8.xxxx
Posts: 230
Rept. Given: 57
Rept. Rcvd 88 Times in 48 Posts
Thanks Given: 85
Thanks Rcvd at 132 Times in 54 Posts
Trit0n Reputation: 88
@User1
Because of vmprotect :
- Actually protects intellectual property.
- Protects software developers.
- But also protects all software crackers who may have something to hide.
So a double edged sword, if you know what I mean.
Reply With Quote
The Following 5 Users Say Thank You to Trit0n For This Useful Post:
Apuromafo (02-18-2022), niculaita (02-17-2022), p4r4d0x (02-18-2022), qzr (02-18-2022), val2032 (02-17-2022)
  #4  
Old 02-17-2022, 19:02
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
developer of vmprotect NOT taken yet any legal steps for github.
Reply With Quote
  #5  
Old 02-17-2022, 21:54
val2032 val2032 is offline
Friend
 
Join Date: Apr 2010
Posts: 47
Rept. Given: 28
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 104
Thanks Rcvd at 30 Times in 17 Posts
val2032 Reputation: 2
Quote:
Originally Posted by Trit0n View Post
@User1
Because of vmprotect :
- Actually protects intellectual property.
- Protects software developers.
- But also protects all software crackers who may have something to hide.
So a double edged sword, if you know what I mean.
Also many viruses/malwares are protected with vmp...
When all the security companies will be able to devirtualize vmp (of course with the license from vmp), then we can definitely say "no thanks" as @user1 says.
Reply With Quote
  #6  
Old 02-17-2022, 22:29
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
There was a recent talk where the MS antivirus team showed they can devirtualize, I think.
Reply With Quote
  #7  
Old 02-18-2022, 15:05
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
but why not devirtualize Chinese packers and Chinese protections?

why vmp? people paid good genuine $ to have such protection,

now all you protected is going to trash.

not ok in github over 10 reps that suppose to host legitimate genuine src NOT copyrighted protections.

is NOT fine, destroy it so all genuine protected VMP software companies bankrupt all.
Reply With Quote
  #8  
Old 02-18-2022, 16:23
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 125
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 31
Thanks Rcvd at 60 Times in 29 Posts
Conquest Reputation: 29
Unvirtualization is not impossible and some organizations already have such tools. Its just that they are hiding the big guns. what made you guys think that the vmpsoft doesnt have an unvirtualizer of their own?
Reply With Quote
  #9  
Old 02-18-2022, 18:44
DavidXanatos DavidXanatos is offline
Family
 
Join Date: Jun 2018
Posts: 179
Rept. Given: 2
Rept. Rcvd 46 Times in 32 Posts
Thanks Given: 58
Thanks Rcvd at 350 Times in 116 Posts
DavidXanatos Reputation: 46
IMHO no legitimate company selling a legitimate product, has any legitimate busyness protecting their product with such tools. DRM is anti consumer and should be made illegal, as simple as that.
Protection that's why we have laws for, tools like VMP are a sort of vigilantism.
Reply With Quote
The Following User Says Thank You to DavidXanatos For This Useful Post:
sh3dow (02-23-2022)
  #10  
Old 02-18-2022, 20:24
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
Quote:
Originally Posted by user1 View Post
but why not devirtualize Chinese packers and Chinese protections?

why vmp? people paid good genuine $ to have such protection,

now all you protected is going to trash.
When you sell stolen dongle emulators (for software not owned by or licensed to you), then all the time and money invested into the dongle protection by the software's legitimate owners goes to trash.

Why don't you use "Chinese packers and Chinese protections" instead? There is really no need to revolt every time somebody posts anything about VMProtect just because you fear your revenue from selling stolen software decreases?
Reply With Quote
The Following 2 Users Say Thank You to Kerlingen For This Useful Post:
qzr (02-18-2022)
  #11  
Old 02-19-2022, 06:57
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 194
Rept. Given: 210
Rept. Rcvd 116 Times in 38 Posts
Thanks Given: 195
Thanks Rcvd at 229 Times in 74 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
It very good project. Does the work efficiently and its a great challenge to vmpsoft to update protection.
For anyone interested into devitalization is very good starting point
Reply With Quote
The Following User Gave Reputation+1 to b30wulf For This Useful Post:
user1 (02-20-2022)
The Following 3 Users Say Thank You to b30wulf For This Useful Post:
DavidXanatos (02-19-2022), user1 (02-19-2022), Zeokat (02-19-2022)
  #12  
Old 02-22-2022, 17:00
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 259
Rept. Given: 75
Rept. Rcvd 85 Times in 38 Posts
Thanks Given: 141
Thanks Rcvd at 335 Times in 113 Posts
Fyyre Reputation: 85
Quote:
Originally Posted by DavidXanatos View Post
IMHO no legitimate company selling a legitimate product, has any legitimate busyness protecting their product with such tools. DRM is anti consumer and should be made illegal, as simple as that.
Protection that's why we have laws for, tools like VMP are a sort of vigilantism.
VMP is not vigilantism... it just creates another hoop for any dedicated reverse engineer to jump through.
__________________
Best Wishes,

Fyyre

--

https://github.com/Fyyre
Reply With Quote
The Following 2 Users Say Thank You to Fyyre For This Useful Post:
niculaita (02-23-2022), p4r4d0x (02-22-2022)
  #13  
Old 02-23-2022, 04:22
sh3dow sh3dow is offline
Family
 
Join Date: Oct 2014
Posts: 158
Rept. Given: 113
Rept. Rcvd 79 Times in 24 Posts
Thanks Given: 458
Thanks Rcvd at 202 Times in 75 Posts
sh3dow Reputation: 79
Quote:
Originally Posted by user1 View Post
but why not devirtualize Chinese packers and Chinese protections?
.
Because VMP is quite popular and used everywhere from legit use such as software protection to shady use such as cheats and malware protection.
Fame is like a curse, it's like asking why people still passionately waiting for IDA pro leaks while good alternative like Ghidra/binary ninja exist.
Reply With Quote
  #14  
Old 02-24-2022, 15:54
CryptXor CryptXor is offline
Friend
 
Join Date: Oct 2015
Posts: 68
Rept. Given: 0
Rept. Rcvd 24 Times in 12 Posts
Thanks Given: 34
Thanks Rcvd at 131 Times in 39 Posts
CryptXor Reputation: 24
I mean its not the first anti-vmp project, eg NoVmp (https://github.com/can1357/NoVmp), dunno why this one is upsetting people so much :P

Quote:
Originally Posted by user1 View Post
but why not devirtualize Chinese packers and Chinese protections?
Which ones specifically, asking for a friend
Reply With Quote
  #15  
Old 02-25-2022, 03:32
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
##############################################################################
# NoVmp Copyright (C) 2020 Can Boluk #
# This program comes with absolutely no warranty, and it is free software. #
# You are welcome to redistribute it under certain conditions--for which you #
# can refer to the GNU General Public License v3. #
##############################################################################

[!] Warning: This image has relocations stripped, NoVmp is not 100% compatible with this switch yet.
Press any key to continue . . .
__________________
Decode and Conquer
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 16:57.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )