at some point i was bored and started to reverse engineer this junk, and quickly noticed the same vmp misconfiguration xDD
it was easy enough to analyze by quickly writing some code to defuse vmprotect's shitty "0xDEADC0DE" antidebug, after which i could just attach to mc and debug it in ida like usual
i also tried using some bootkit to defeat the anti-debug, but this didn't work, however the antidebug vmp uses here is seemingly very basic, and you can defeat it by simply overwriting the machine code of a method it patches with windows' original version
i got to the point of reimplementing some of the hashing and decryption logic, but lost interest before it really went anywhere
though i'm glad that i guessed all of the algorithms used correctly
i'm a bit sad now seeing how close i was to breaking the encryption when reading your writeup xDDD
but it's really nice that someone finally reverse engineered this fully
good work!!
at some point i was bored and started to reverse engineer this junk, and quickly noticed the same vmp misconfiguration xDD
it was easy enough to analyze by quickly writing some code to defuse vmprotect's shitty "0xDEADC0DE" antidebug, after which i could just attach to mc and debug it in ida like usual
i also tried using some bootkit to defeat the anti-debug, but this didn't work, however the antidebug vmp uses here is seemingly very basic, and you can defeat it by simply overwriting the machine code of a method it patches with windows' original version
i got to the point of reimplementing some of the hashing and decryption logic, but lost interest before it really went anywhere
though i'm glad that i guessed all of the algorithms used correctly
i'm a bit sad now seeing how close i was to breaking the encryption when reading your writeup xDDD
but it's really nice that someone finally reverse engineered this fully
good work!!