Skip to content

PC Reinforcement - Access Document

image

Note:You need to connect to the IT-VPN to access the UniSec console and command line packaging.

1 Access the UniSec Backend

Contact us to activate [UniSec Console] (https://office.unisdk.nie.netease.com/unisec). Provide the access project code and the corresponding administrator account information.

image

1.1 Method 1: Automatic access through a script and CLI

Environment: Windows cmd and curl

If the message "Revocation check fails because the revoked server has been disconnected." appears during your access process, add the "--ssl-no-revoke" parameter to the command.

Upload File

Format:

curl -X POST "https://unisec-official.nie.netease.com/api/upload" \
            --form "file=@[INPUT_FILEPATH]" \
            --form "taskType"=[TASK_TYPE] \
            --form "reverseDebug=[RDEBUG_TYPE]" \
            --form "antiVirtual=[ENABLE1]" \
            --form "stripDebug=[ENABLE2]" \
            --form "project=\"[PROID]\"" \
            --header "X-UAUTH-TOKEN:[TOKEN]"
Parameter Description Example
[PROID] Project code g0
[TASK_TYPE] Selected hardening solution. You only need to enter the digital code. 1: WinLicense v2.4
2: WinLicense v3.1
4: VMProtect v3.1
5: VMProtect v3.5
7: VMProtect v3.6
[INPUT_FILEPATH] File path that is input Test.exe
[TOKEN] Token for console authentication Contact us to obtain the token.

The table below lists the unique parameters of VMProtect.

VMProtect Parameter Description Example
--protect_antidebugmode VMP shell hardening mode, indicating the anti-debugging feature kernel: Enable the kernel-level anti-debugging.
user: Enable the user-level anti-debugging.
others: Disable anti-debugging.
--protect_antivm VMP shell hardening mode, indicating the anti-VM feature enable: Enable anti-VM. others: Disable anti-VM.
--protect_stripDebug VMP shell hardening mode, indicating whether to skip debugging information erasing enable: Enable debugging information erasing. others: Disable debugging information erasing.

After the preceding file is uploaded, you can view the following response body. (Irrelevant parameters are omitted.)

Note: In the response body, TaskId indicates the unique ID of the task. Remember this value as it will be used in the following steps. 
{
    "code":200,
    "data":{
        "antiVirtual":false,
        "fileName":"vmptest.exe",
        "project":"g0",
        "reverseDebug":"user",
        "status":0,
        "stripDebug":true,
        "taskId":"g0__api*****************_20220407145442_l34Fg",
        "taskType":"vmprotect_3_5",
    },
    "msg":"ok"
}

Query Task Status

Format:

curl "https://unisec-official.nie.netease.com/api/task/[TASKID]?project=[PROID]" --header "X-UAUTH-TOKEN:[TOKEN]"
Parameter Description Example
[TASKID] Value of TaskId in the response body of the previous step g0__api*****************_20220407145442_l34Fg
[TOKEN] Token for console authentication Contact us to obtain the token.

Response body:

{
    "code":200,
    "data":{
        "antiVirtual":false,
        "fileName":"vmptest.exe",
        "project":"g0",
        "reverseDebug":"user",
        "status":0,
        "stripDebug":true,
        "taskId":"g0__api_*************_20220407145442_l34Fg",
        "taskType":"vmprotect_3_5",
    },
    "msg":"ok"
}
Value of Status Meaning
0 The task is waiting in the queue.
1 The task is being processed.
2 The task has been completed.
3 The task has failed.

Download File

Format:

curl "https://unisec-official.nie.netease.com/api/download/[TASKID]?project=[proID]" --header "X-UAUTH-TOKEN:[TOKEN]" --output "[OUTPUT_FILEPATH]"

Parameter:

[OUTPUT_FILEPATH]: Specifies the path for storing the downloaded file.

Sign File

Sign the file using the original signature process of the project.

Important note:
The signature operation must be performed after hardening. Otherwise, hardening will lead to signature failure.

1.2 Method 2: UniSec console

Note: If you manage the hardening solution access through the UniSec console only, the signature feature is not supported (an unsigned file cannot be published, and a test is recommended). You can add the signature feature separately.

Select Hardening Solution

Open the [PC Hardening] page (https://office.unisdk.nie.netease.com/unisec/g0/unisec/win-license) and select either the WinLicense or VMProtect hardening solution.

image

Click Upload Task

After you select a hardening solution, click Upload Task.

a. WinLicense page

Select a version, click Upload Task, and then upload the file to be hardened in the pop-up window.

image

b. VMProtect page

Select a version, click Upload Task, and then upload the file to be hardened and select desired protection items in the pop-up window.

image

View Hardening Result

View the task result or download the file after the task is completed.

image

Note: After the file is downloaded, **give the file the same name as that before hardening and place the file in the same position to replace the original file.**

Sign File

Sign the file using the original signature process of the project.

Important note:
The signature operation must be performed after hardening. Otherwise, hardening will lead to signature failure.



------------------------------------ Congratulations. You have accessed PC Hardening.------------------------------------

2 Advanced Features (optional)

2.1 Access VM Hardening

A VM shell can directly delete the original code and use a custom byte-code and VM interpreter to implement the same task as the original code, greatly increasing the reverse analysis difficulty. However, it will lead to sharp bloat of executed code. Therefore, VM shells should not be used massively. It is recommended to add VM shells to important sections and functions.

The tools can be founded in the VirtualMachineTools.zip.

VM Hardening Using VMProtect

    1. Import the head file.

Add the directory where the VMProtectSDK.h file resides to the include path in the project configuration.

image

In the code:

#include "VMProtectSDK.h"
    1. Use the following two API functions to mark the code area to be protected.
    VMProtectBegin ("XXXX"/*Any string*/);
    //testVMP(); Code area to be protected
    VMProtectEnd();
    1. Link to the static library VMProtectSDK32 (or 64).lib.

The VMProtectSDK.h file already contains the following code.

#ifdef _WIN64
    #pragma comment(lib, "VMProtectSDK64.lib")
#else
    #pragma comment(lib, "VMProtectSDK32.lib")

Therefore, you can directly add the directory where the .lib file resides to the library path in the project configuration.

image

    1. Compile a program. To debug the program, execute the VMProtectSDK32 (or 64).dll file. Note that VM hardening has not taken effect yet.
    1. Harden the VM. Use the program compiled in the previous step to upload the VM to UniSec for hardening. After that, the VM can run normally without VMProtectSDK32 (or 64).dll. At this time, VM hardening takes effect.

VM Hardening Using WinLicense

    1. Import the head file.

Add the directory where the WinlicenseSDK.h file resides to the include path in the project configuration.

image

In the code:

#include "WinlicenseSDK.h"
    1. Use the following two groups of macro to mark the code area to be protected.
VM_TIGER_RED_START
//your code Code to be protected
VM_TIGER_RED_END

In the preceding macro, TIGER_RED indicates the VM type. WinLicense provides various types of VMs, which differ in speed, complexity, and size, as shown in the following figure.

image

To use other types of VMs, call a VM using the following code.

VM_Name_Color_START
//your code Code to be protected
VM_Name_Color_END//Must correspond to VM_Name_Color_START.

There is no need to contain 32 in the name. For example:

VM_EAGLE_RED_START and VM_PUMA_WHITE_START

    1. Link to the static library WinlicenseSDK32 (or 64).lib.

The WinlicenseSDK.h file already contains the following code.

#ifdef _WIN64
 #pragma comment(lib, "WinLicenseSDK64.lib")
#else
 #pragma comment(lib, "WinLicenseSDK32.lib")
#endif

Therefore, you can directly add the directory where the .lib file resides to the library path in the project configuration.

image

    1. Compile a program. If it is a 32-bit program, execute it directly. If it is a 64-bit program, execute it along with the SecureEngineSDK64.dll file. Note that VM hardening has not taken effect yet.
    1. Harden the VM. Use the program compiled in the previous step to upload the VM to UniSec for hardening. At this time, VM hardening takes effect.