Tarnkappe.infoDec 7
πŸ“¬ Scott Pilgrim vs. The World: The Game trotz Denuvo gecrackt
#Denuvo #Warez #Buzzheavier #FitGirlRepacks #M4CKD0GERepack #SteamUnderground #Vikingfile #VMProtect #voices38 https://sc.tarnkappe.info/61f519
Scott Pilgrim vs. The World: The Game trotz Denuvo gecrackt

Anfang 2023 brachte Ubisoft das Retro-PrΓΌgelgame Scott Pilgrim vs. The World: The Game auf den Markt. Nun erschien der Denuvo-Crack.

TARNKAPPE.INFO
Tarnkappe.infoOct 14
πŸ“¬ Trials Rising trotz Denuvo von RUNE gecrackt
#Denuvo #Gaming #RedLynx #RUNE #TrialsRising #UbisoftKiew #VMProtect https://sc.tarnkappe.info/7dc474
Trials Rising trotz Denuvo von RUNE gecrackt

Das Rennspiel Trials Rising stammt aus Februar 2019. Gestern hat RUNE trotz Denuvo in Kombination mit VMProtect einen Crack verΓΆffentlicht.

TARNKAPPE.INFO
Show threadAdam β™ΏSep 16, 2025
@gamingonlinux The devs are using a #VMProtect packer on one of the patched files which is a) shady and b) making antivirus light up.
0xor0neOct 12, 2024

In depth analysis of VMProtect 2 internals (2021)

Part 1: https://blog.back.engineering/17/05/2021/
Part 2: https://blog.back.engineering/21/06/2021/

#vmprotect #cybersecuriy

VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture

VMProtect 2 is a virtual machine based x86 obfuscator which converts x86 instructions to a RISC, stack machine, instruction set. Each protected binary has a unique set of encrypted virtual machine instructions with unique obfuscation. This project aims to disclose very significant signatures which are in every single VMProtect 2 binary with the intent to aid in further research...

Private Group Of Back Engineers
HabrAug 13, 2024

Анализ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ VMProtect. Π§Π°ΡΡ‚ΡŒ 2

Π’ ΠΏΠ΅Ρ€Π²ΠΎΠΉ части ΡΡ‚Π°Ρ‚ΡŒΠΈ ΠΌΡ‹ рассмотрСли ΠΎΠ±Ρ‰ΠΈΠΉ Π²ΠΈΠ΄ Ρ€Π°Π±ΠΎΡ‚Ρ‹ ΠΊΠΎΠ½Π²Π΅ΠΉΠ΅Ρ€Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹, Π° Ρ‚Π°ΠΊΠΆΠ΅ Π½Π΅ΠΌΠ½ΠΎΠ³ΠΎ ΠΊΠΎΡΠ½ΡƒΠ»ΠΈΡΡŒ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½Ρ‹Ρ… ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ΠΎΠ² для Π°Π½Π°Π»ΠΈΠ·Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹. Π’ этой части ΡΡ‚Π°Ρ‚ΡŒΠΈ Π½Π΅ приводится Π³Π°Ρ€Π°Π½Ρ‚ΠΈΡ€ΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ способа снятия Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΠΈΠ·Π°Ρ†ΠΈΠΈ, я просто Ρ…ΠΎΡ‡Ρƒ ΠΏΠΎΠ΄Π΅Π»ΠΈΡ‚ΡŒΡΡ ΠΎΠΏΡ‹Ρ‚ΠΎΠΌ Π°Π½Π°Π»ΠΈΠ·Π° Π’Πœ ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ позволяСт Π±ΠΎΠ»Π΅Π΅-ΠΌΠ΅Π½Π΅Π΅ ΠΏΠΎΠ½ΡΡ‚ΡŒ Ρ‡Ρ‚ΠΎ-Ρ‚ΠΎ ΠΎ Ρ€Π°Π±ΠΎΡ‚Π΅ Π’Πœ ΠΈ ΠΌΠΎΠΆΠ΅Ρ‚ Π±Ρ‹Ρ‚ΡŒ ΠΏΠΎΠ»Π΅Π·Π΅Π½ ΠΏΡ€ΠΈ Π°Π½Π°Π»ΠΈΠ·Π΅ схоТих Ρ€Π΅Π°Π»ΠΈΠ·Π°Ρ†ΠΈΠΉ. ΠΠ½Π°Π»ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ!

https://habr.com/ru/articles/835768/

#malware #vmprotect #reverseengineering #рСвСрсинТиниринг #врСдоносноС_ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ΅_обСспСчСниС #исслСдованиС #обфускация #Π°Π½Ρ‚ΠΈΠΎΡ‚Π»Π°Π΄ΠΎΡ‡Π½Ρ‹Π΅_ΠΏΡ€ΠΈΠ΅ΠΌΡ‹

Анализ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ VMProtect. Π§Π°ΡΡ‚ΡŒ 2

Π’ ΠΏΠ΅Ρ€Π²ΠΎΠΉ части ΡΡ‚Π°Ρ‚ΡŒΠΈ ΠΌΡ‹ рассмотрСли ΠΎΠ±Ρ‰ΠΈΠΉ Π²ΠΈΠ΄ Ρ€Π°Π±ΠΎΡ‚Ρ‹ ΠΊΠΎΠ½Π²Π΅ΠΉΠ΅Ρ€Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹, Π° Ρ‚Π°ΠΊΠΆΠ΅ Π½Π΅ΠΌΠ½ΠΎΠ³ΠΎ ΠΊΠΎΡΠ½ΡƒΠ»ΠΈΡΡŒ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½Ρ‹Ρ… ΠΏΠΎΠ΄Ρ…ΠΎΠ΄ΠΎΠ² для Π°Π½Π°Π»ΠΈΠ·Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹. БлСдуя описанной Π² ΠΊΠΎΠ½Ρ†Π΅ ΠΏΠ΅Ρ€Π²ΠΎΠΉ части...

Π₯Π°Π±Ρ€
HabrDec 19, 2023

Анализ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ VMProtect. Π§Π°ΡΡ‚ΡŒ 1

Π’ этой ΡΡ‚Π°Ρ‚ΡŒΠ΅ ΠΌΡ‹ рассмотрим, ΠΊΠ°ΠΊ ΠΌΠΎΠΆΠ΅Ρ‚ Π²Ρ‹Π³Π»ΡΠ΄Π΅Ρ‚ΡŒ Ρ€Π°Π±ΠΎΡ‚Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ VMProtect , Π° Ρ‚Π°ΠΊΠΆΠ΅ посмотрим, Ρ‡Ρ‚ΠΎ ΠΌΠΎΠΆΠ½ΠΎ ΡΠ΄Π΅Π»Π°Ρ‚ΡŒ для понимания Π·Π°Ρ‰ΠΈΡ‰Π΅Π½Π½ΠΎΠ³ΠΎ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΎΠ½Π°Π»Π° (Π² зависимости ΠΎΡ‚ Ρ‚ΠΎΠ³ΠΎ, ΠΊΠ°ΠΊ Π΄Π°Π»Π΅ΠΊΠΎ Π²Ρ‹ Π³ΠΎΡ‚ΠΎΠ²Ρ‹ Π·Π°ΠΉΡ‚ΠΈ Π² этом Π½Π΅ всСгда Π±Π»Π°Π³ΠΎΠ΄Π°Ρ€Π½ΠΎΠΌ Π΄Π΅Π»Π΅). ΠžΠΆΠΈΠ΄Π°Π΅Ρ‚ΡΡ, Ρ‡Ρ‚ΠΎ Π΄Π°Π½Π½Ρ‹ΠΉ ΠΌΠ°Ρ‚Π΅Ρ€ΠΈΠ°Π» ΠΏΠΎΠΌΠΎΠΆΠ΅Ρ‚ Ρ‚Π΅ΠΌ, ΠΊΡ‚ΠΎ Π² Ρ…ΠΎΠ΄Π΅ рСагирования Π½Π° ΠΊΠΎΠΌΠΏΡŒΡŽΡ‚Π΅Ρ€Π½Ρ‹ΠΉ ΠΈΠ½Ρ†ΠΈΠ΄Π΅Π½Ρ‚ ΠΈΠ»ΠΈ исслСдования ΠΊΠ°ΠΊΠΎΠΉ-Π»ΠΈΠ±ΠΎ врСдоносной активности столкнулся с Π·Π°Ρ‰ΠΈΡ‚ΠΎΠΉ Π² Π²ΠΈΠ΄Π΅ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹. ΠΠ½Π°Π»ΠΈΠ·ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ!

https://habr.com/ru/articles/781592/

#malware #vmprotect #ida #incident_response #cybersecurity #ΠΊΠΈΠ±Π΅Ρ€Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ #врСдоносноС_ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ΅_обСспСчСниС #информационная_Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡ‚ΡŒ #reverseengineering

Анализ Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ Π½Π° ΠΏΡ€ΠΈΠΌΠ΅Ρ€Π΅ VMProtect. Π§Π°ΡΡ‚ΡŒ 1

Π’ этой ΡΡ‚Π°Ρ‚ΡŒΠ΅ ΠΌΡ‹ рассмотрим, ΠΊΠ°ΠΊ ΠΌΠΎΠΆΠ΅Ρ‚ Π²Ρ‹Π³Π»ΡΠ΄Π΅Ρ‚ΡŒ Ρ€Π°Π±ΠΎΡ‚Π° Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½ΠΎΠΉ ΠΌΠ°ΡˆΠΈΠ½Ρ‹ VMProtect , Π° Ρ‚Π°ΠΊΠΆΠ΅ посмотрим, Ρ‡Ρ‚ΠΎ ΠΌΠΎΠΆΠ½ΠΎ ΡΠ΄Π΅Π»Π°Ρ‚ΡŒ для понимания Π·Π°Ρ‰ΠΈΡ‰Π΅Π½Π½ΠΎΠ³ΠΎ Ρ„ΡƒΠ½ΠΊΡ†ΠΈΠΎΠ½Π°Π»Π° (Π² зависимости ΠΎΡ‚ Ρ‚ΠΎΠ³ΠΎ, ΠΊΠ°ΠΊ Π΄Π°Π»Π΅ΠΊΠΎ Π²Ρ‹...

Π₯Π°Π±Ρ€
Tarnkappe.infoMay 14, 2023
πŸ“¬ Resident Evil 4 trotz Denuvo Version 18 gecrackt
#Denuvo #Empress #Warez #CapcomAntiTamper #Crack #DenuvoSecureDLCv2 #ResidentEvil4 #VMProtect https://tarnkappe.info/artikel/empress/resident-evil-4-trotz-denuvo-version-18-gecrackt-274678.html
Resident Evil 4 trotz Denuvo Version 18 gecrackt

Das Triple A-Game Resident Evil 4 fΓΌr PCs erschien vor wenigen Stunden illegal im Internet. Der Schutz des Spieles ist echt rekordverdΓ€chtig.

Tarnkappe.info
RairiiDec 13, 2022

Oh look, more dubious drivers protected by vmprotect.

A driver protected by vmp should be an indicator of compromise at this point.

#vmprotect

Show threadAndrew 🌻 Brandt πŸ‡Dec 13, 2022

In the course of doing our research, we studied older variants of #BURNTCIGAR #drivers, and compared them to the new ones we were encountering during the incident response.

We found that these new drivers had been obfuscated with a variety of techniques, specifically that the drivers were packed using a commercial runtime #packer called #VMprotect. The packer makes it more difficult for an analyst to reverse-engineer a #malware sample, but we don't see a lot of drivers that are packed, at all. It was kind of unusual.

In addition, the malware drivers requires the threat actor to run an executable called a loader, which simply does the mechanical work of creating Services entries in the Windows Registry, and moving the driver into the %temp% directory. The loader isn't packed.

Alexandre Cheron Nov 18, 2022
Extracting VMProtect handlers with Binary Ninja https://www.lodsb.com/extracting-vmprotect-handlers-with-binary-ninja #VMProtect
Extracting VMProtect handlers with Binary Ninja

I've started looking into the Adylkuzz malware, as mentioned by Tim Blazytko in his article on Automated Detection of Obfuscated Code. Initial analysis shows a TLS entry handler that dumps us straight into a VMProtect VMEnter() function, that looks l...

LODSB