Can't find marker in golang Binary

Issues related to VMProtect
andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Can't find marker in golang Binary

Postby andyco » Mon Jan 03, 2022 10:56 am

Since there is no official SDK example for golang, I studied it and found that it was feasible.

HWID and serial information can be successfully detected through CGO, but Marker cannot be detected by VMP.

After adding C.VMProtectBeginUltra(C.CString("protect") to my other project, Marker can be detected, but Marker's name cannot be recognized, and the content that needs to be protected cannot be detected.

Code: Select all

package main

// #include <stdbool.h>
// #include <stdlib.h>
// #include "VMProtectSDK.h"
// #cgo LDFLAGS: -L . -lVMProtectSDK
import "C"

import (
   "fmt"
   "unsafe"
)

func main() {
   Cprotect := C.CString("protect")
   defer C.free(unsafe.Pointer(Cprotect))
   //it's not work
   C.VMProtectBeginUltra(Cprotect)
   serial := "CMQz+nTnrgqB4OUBXAwCT9k40JM5qqVCQFSD4IAqega6C3KPidYeqE3iuVNelEbYYykEl2eTrzbjU424kGAsCz+Y478jMVfco6gVWoWDd+FwZrRU06dWdhkBzvzsVxnHmtdpN9An7pKEvH4RCEyqcc19WjBgas4TlSjOBUjXNMtx9txsGVev06nmgOUhx9gELi6R/e9xDMqhnK5Ys58jh52xTjuWUtw58qtRlJyMAnE4YSC8YRH4awnnkOAOFsRqpwMJB2uRIgHjfdkhd5JFUDU1UHFFH8ASZ0w1ti464OSybPB9AmlP+2L/1+ZonvkID3bjHIHPG2Tr55BGE0nxDQ=="
   nSize := C.VMProtectGetCurrentHWID(nil, 0)
   hw := new(C.char)
   C.VMProtectGetCurrentHWID(hw, nSize)
   hwid := C.GoString(hw)
   Cserial := C.CString(serial)
   defer C.free(unsafe.Pointer(Cserial))
   kstate := C.VMProtectSetSerialNumber(Cserial)
   var sd C.VMProtectSerialNumberData
   C.VMProtectGetSerialNumberData(&sd, C.sizeof_VMProtectSerialNumberData)
   var user string
   for _, v := range sd.wUserName {
      if v != 0 {
         user += string(v)
      }
   }
   //it's work
   fmt.Println("HWID: ", hwid)
   //it's work
   fmt.Println("Is Protected: ", C.VMProtectIsProtected())
   //it's work
   fmt.Println(kstate)
   //it's work
   fmt.Println(user)
   C.VMProtectEnd()
   return
}

1.png
1.png (625.72 KiB) Viewed 1143 times

1.png
1.png (625.72 KiB) Viewed 1143 times
Attachments
2.png
2.png (123.19 KiB) Viewed 1143 times

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Mon Jan 03, 2022 11:22 am

Unfortunately VMProtect doesn't support binaries compiled with trash compilers like Golang, etc.

andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Re: Can't find marker in golang Binary

Postby andyco » Thu Apr 07, 2022 1:17 pm

Admin wrote:Unfortunately VMProtect doesn't support binaries compiled with trash compilers like Golang, etc.


Hello, admin, I just buy VMProtect Ultimate v3.6.0.1410 today.
After a few days of research, I solved the compatibility of some VMProtect with Golang.
Now VMProtect can recognize the addresses of VMProtectBegin and VMProtectEnd.
However, MarkerName are not recognized, and VMProtectDecryptStringA is doesn't work .
Can solve the problem of protecting Golang?
Other functions seem to be feasible, but I'm not sure. please help me check the Virtualization and Mutation ,Has it played a protect role?
Below are unprotected programs, Mach-o and PE.

NoVMP.zip
(2.95 MiB) Downloaded 26 times

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Thu Apr 07, 2022 1:25 pm

I have already wrote that VMProtect doesn't support Golang. Look at this:

Code: Select all

000000014008E7E9   lea rax, [00000001400C53DF] → string "marker"
000000014008E7F0   mov ebx, 00000007
000000014008E7F5   call 000000014008E100 → VMProtect.CString
000000014008E7FA   call 000000014008F278 → VMProtectBeginUltra
000000014008E7FF   lea rax, [00000001400C66BE] → string "DecryptString"
000000014008E806   mov ebx, 0000000E
000000014008E80B   call 000000014008E100 → VMProtect.CString
000000014008E810   call 000000014008F2A0 → VMProtectDecryptStringA

VMProtect doesn't know what happens here:

Code: Select all

000000014008E7F0   mov ebx, 00000007
000000014008E7F5   call 000000014008E100 → VMProtect.CString

So it doesn't see strings "marker" and "DecryptString"

andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Re: Can't find marker in golang Binary

Postby andyco » Thu Apr 07, 2022 1:31 pm

Okay, I see. Golang call C and needs to be converted many times, but it doesn't matter. Can code virtualization work?

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Thu Apr 07, 2022 1:33 pm

Can code virtualization work?

I don't know because Golang is very strange compiler.

andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Re: Can't find marker in golang Binary

Postby andyco » Thu Apr 07, 2022 1:38 pm

Thank you for your answer. If possible, I hope it will be compatible in the future.

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Thu Apr 07, 2022 1:41 pm

We have no such plans.

andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Re: Can't find marker in golang Binary

Postby andyco » Sat Apr 09, 2022 12:16 pm

update

After some code modify,use some alternative methods of golang,
Now golang is basically compatible with VMP.
MarkerName and string for VMProtectDecryptString can be detected.
After tested,VMProtectDecryptString is work,string is encrypted.
The PE compiled by w64-mingw32 is work,
but mach-o compiled by apple clang 13 also can't detect the MarkerName and string for VMProtectDecryptString.
I will try the GCC for test.

1.png
1.png (1.43 MiB) Viewed 427 times

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Sat Apr 09, 2022 1:06 pm

Please attach the mach-o binary.

andyco
Posts: 13
Joined: Mon Jan 03, 2022 10:20 am

Re: Can't find marker in golang Binary

Postby andyco » Sat Apr 09, 2022 1:13 pm

Admin wrote:Please attach the mach-o binary.

golang.zip
(1.2 MiB) Downloaded 15 times

Admin
Site Admin
Posts: 2201
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Can't find marker in golang Binary

Postby Admin » Sat Apr 09, 2022 2:59 pm

The calling convention is wrong for mach-o:

Code: Select all

000000000408E2C0   lea rcx, [00000000040A89D7] → string "DecryptString"
000000000408E2C7   mov [rax], rcx
000000000408E2CA   call 000000000408ED8C → _VMProtectDecryptStringA

The first parameter for API must be RDI instead of RCX.