Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwave: here

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
import idaapi
import binascii
print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
import idaapi
import binascii
dumped_netnode_value ='111insert_your_hex_value_here111'
idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info
idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. [转]How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. IDA Pro使用(静态分析+动态调试)

    链接:http://skysider.com/?p=458 IDA Pro使用(静态分析+动态调试) 1.静态分析 IDA FLIRT Signature Database —— 用于识别静态编译的可 ...

  7. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  8. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  9. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

随机推荐

  1. C语言中scanf()的用法!

    好文章转自:http://blog.tianya.cn/blogger/post_show.asp?BlogID=287129&PostID=3668453 scanf详解 scanf 原型: ...

  2. halcon摄像机标定

    摄像机标定程序: 注意:E:/calibration_image :为标定图像文件路径       'E:/calibration_description/caltab_123mm.descr:为标定 ...

  3. asp.net的JSON数据进行序列化和反序列化

    先要引用在程序集 System.Web.Extensions.dll 的类库,在类中 using System.Web.Script.Serialization 命名空间. 1.定义一个强类型的类(m ...

  4. 360[警告]跨站脚本攻击漏洞/java web利用Filter防止XSS/Spring MVC防止XSS攻击

    就以这张图片作为开篇和问题引入吧 <options>问题解决办法请参考上一篇 如何获取360站长邀请码,360网站安全站长邀请码 首先360能够提供一个这样平台去检测还是不错的.但是当体检 ...

  5. java封装性

    原先是class Person{ public string name; public  int age } public void main{ Person person=new person(); ...

  6. asp.net mvc通过预处理实现数据过滤和数据篡改。

    需求特别简单.在 Controller加过滤器.实现在所有的方法上增加id=12312321312.另外将price篡改为price+5. 这样做可以最大的减少代码的改动量,人员变动厉害,业务也模糊了 ...

  7. 阅读开发高手的代码 分享二则.NET开发框架的技巧

    最近阅读了一套ERP开发框架的源代码,对开发框架的理解又深入一层,也为其将知识点运用的如此灵活而自叹不如. 郎咸平教授说,国际金融炒家对国际金融知识的理解与运用程序,是不可想像的.1997年的亚洲金融 ...

  8. Bruce Eckel:编程生涯(转载)

    Bruce Eckel:编程生涯(转载) 说明:Bruce Eckel 著有大名鼎鼎的<Thinking in C++>和<Thinking in Java>.本文是他对程序员 ...

  9. android: 使用 IntentService

    9.5.2 使用 IntentService 话说回来,在本章一开始的时候我们就已经知道,服务中的代码都是默认运行在主线程 当中的,如果直接在服务里去处理一些耗时的逻辑,就很容易出现 ANR(Appl ...

  10. 手机APP和WAP版的区别

    一.APP 1.APP安装后可以在手机桌面显示 2.APP可以调用系统硬件如:摄像头,拨号.定位.打印等等. 3.APP可以调用其它APP,比如支付宝.微信等等. 4.APP可以存在系统服务中,可以有 ...