Description
Imagine... Now 2017 year...
Hacker group leaks Windows vulnerabilities from the White House
And later, a massive cyberattack using Petya hits the world.
So, you decided to help the world and defeat this virus (in this case, CrackMe) and write a program that would get the right key.
Good luck!
Sources: https://en.wikipedia.org/wiki/Petya_and_NotPetya
devsoft on 11:01 AM 04/27/2023: Hello fiend. Iv been trying to sort this out, but this is way too virtualized for my head. Iv hooked UnsafeInvoke method in order to watch the Huge ammout of instructions, but no logic can be sorted out of this = https://pastebin.com/qvs2HN62.
Can you provide the name of the Obfuscator, or some Hint to help me solve this Crackme? So far is one of the hardest iv found in .NET. Thanks and Gratz on the good work.
devsoft on 10:38 AM 05/04/2023: This version of VMP is not DeMutable by the current tool. Has someone unpacked this? Regards
thebovl on 3:51 AM 05/05/2023: Hello, I'm using VMPRotect 3.6 and I dont know any working tool \_(ツ)_/
devsoft on 1:16 PM 05/08/2023: Not quite sure this one depends on a solution. Since Unpacking was outside hands, I used Harmony to Hook the call and print it further more than VMUnpacker[Tracer]. As the log shows the Key is Random(), so the only way to reverse this without bruteforce, is to grab the key on the fly. I'll leave the Unvirtualized log and wait for a correct solution for this one.
= https://filebin.net/fbbye561twfrgqp8
devsoft on 4:26 PM 05/08/2023: The call to Hook is = AesCryptoServiceProvider.CreateEncryptor(key,iv).
After this is a matter of file parsing until IV and Key produce results on the file. Again, I don't think there is a 100% correct solution on this Crackme, but using Harmony and DotNetHooker may be enough to resolve the challenge.
GL Everyone.
devsoft on 2:14 PM 06/01/2023: I'm posting one possible solution, nice job again @thebovl!
thebovl on 3:56 PM 06/01/2023: @devsoft Thanks ;)
devsoft on 4:09 PM 06/05/2023: @thebovl did I missed something with this solution? Just to be sure it works since on VM throws a memory overflow and i don't want to test outside on VM :P
thebovl on 5:13 AM 06/06/2023: @devsoft ???
devsoft on 8:02 AM 06/06/2023: @thebovl Aren't you receiving further solutions from me? Maybe it's one per user? :P Not important at all, just trying to understand.
thebovl on 5:39 PM 06/06/2023: @devsoft solutions? What did you mean?
devsoft on 8:27 AM 06/07/2023: @thebovl, I mean the 2º label next to the comments, where we can submit (PDF/Word) files explaining step by step how to solve the Crackme that was posted. For example, I have achieved 4 so far = https://pasteboard.co/yX6mMjwWO8Mr.png
https://pasteboard.co/nGwnXhuy7KKe.png
But you need to agree with the method. Most Crackmes authors don't accept patching, and they love Keygens, but it's up to each one to agree or not. Hope this helps, aiming a strong dev community!