Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwave: here

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
import idaapi
import binascii
print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
import idaapi
import binascii
dumped_netnode_value ='111insert_your_hex_value_here111'
idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info
idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. [转]How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. IDA Pro使用(静态分析+动态调试)

    链接:http://skysider.com/?p=458 IDA Pro使用(静态分析+动态调试) 1.静态分析 IDA FLIRT Signature Database —— 用于识别静态编译的可 ...

  7. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  8. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  9. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

随机推荐

  1. javascript 中的console.log和弹出窗口alert

    主要是方便你调式javascript用的.你可以看到你在页面中输出的内容. 相比alert他的优点是: 他能看到结构话的东西,如果是alert,淡出一个对象就是[object object],但是co ...

  2. openSUSE 13.1 Milestone 4 发布

    openSUSE 13.1 发布第四个里程碑版本,下载地址: openSUSE-Factory-KDE-Live-Build0652-x86_64.iso (949MB, MD5, torrent) ...

  3. QSS总结以及最近做的Qt项目

    什么是QSS QSS称为Qt Style Sheets也就是Qt样式表,它是Qt提供的一种用来自定义控件外观的机制.QSS大量参考了CSS的内容,只不过QSS的功能比CSS要弱很多,体现在选择器要少, ...

  4. 你的联动够快够小吗——基于Telerik(ASP.NET平台)

    一.目的 这篇文章主要是以如何实现联动下拉为核心,其要原理是利用两个下拉控件.默认两个下拉均为未选择状态,并且 父下拉中存在数据,子下来中没有数据.只有当用户选择某一个父下拉中的某条数据后,子下拉中才 ...

  5. 消灭ASP.NET CachedPathData.ValidatePath引起的HttpException异常

    在博客程序的日志中经常会出现这样的错误日志: Url: http://www.cnblogs.com/cmt/p/sokcet_memory_leak.html (这个URL仅是示例)UserAgen ...

  6. Android UI开发【开篇导航】

    如今移动互联网正处于飞速发展的时期,正式看中这个行业的发展势头,本人在2011年从.NET转行做了移动应用开发这块,接触了android和ios开发,到今已快3个年头,先前忙于学习各种基础知识和语法方 ...

  7. oracle数据库中varchar2陷阱

    oracle数据库相信大家都比较熟悉,数据库中有一种非常常用的数据类型:字符串型. 对应该类型,在oracle中有三种比较常用的类型:varchar2(byte).varchar2(char).nva ...

  8. Sql Server2005恢复备份数据库问题-Error:3154 3219

    解决办法: 1.新建一个同名数据库New_HeasySchoolDB2.执行下面的sql语句: restore database New_HeasySchoolDB from disk = 'D:/N ...

  9. springMVC乱码问题-转

    彻底解决Spring MVC 中文乱码 问题     1:表单提交controller获得中文参数后乱码解决方案 注意:  jsp页面编码设置为UTF-8 form表单提交方式为必须为post,get ...

  10. 两两组合覆盖测试用例设计工具:PICT

    两两组合覆盖测试用例设计工具:PICT 2016-08-31 目录 1 成对测试简介2 PICT使用  2.1 安装 PICT  2.2 使用PICT3 PICT算法  3.1 准备阶段  3.2 产 ...