| Don't worry, it didn't. It's just genious move form genious dev. You can simply rename your ida.exe to anything and it won't detect it anymore. |
==> |
| VMProtect is boring :/ You'd better make crackme with your own custom obfuscator.
[!] SPOILER [!]
Key: aDkzUlRjS0JFVHBhYjdKNkh6dE50S0RQNmd3bWRNU3ZHeg!VestigeCrackMe
[!] SPOILER [!] |
==> |
| It's funny that you call simple process name scanner(not even a loop) an "anti debugger".
[!] SPOILER [!]
RVA char comparing: D68F
Pass: asddassdadsa
[!] SPOILER [!] |
==> |
|
[!] SPOILER [!]
00401AAC | 74 35 - 75 35
00401985 | 74 2B - 75 2B
[!] SPOILER [!] |
==> |
| [!] SPOILER [!]
https://pastebin.com/mRdyzL6S
[!] SPOILER [!] |
==> |
| When it asks you for password just check memory strings that are at least 46 chars. |
==> |
| Well the easiest way is to do string scan on Process Hacker |
==> |
| Pass: 5up3rH1dd3nPa55w0rd
This probably is a bit lower than 3.0
|
==> |
| Fully deobfuscated and "keygenned":
VT - https://www.virustotal.com/gui/file/ee438d6345b68b67f151f9492f3c4124f88ee508bd58770630d323db1212264a/detection
DL - https://cdn.discordapp.com/attachments/779466216955707452/961693130141335662/CSharp_CrackMe_pass.exe |
==> |
| Nice crackme! So that's the answer: ILProtectorUnpacker - dnSpy reversing. So I found https://imgur.com/a/UQcEuis and just recompiled it to show me the password.
Pass: sub5195 |
==> |
| bro do you know what does string scan stand for? kekstra:topkek
|
==> |