Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwavehere

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
1

2

3

import idaapi

import binascii

print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
1

2

3

4

5

import idaapi

import binascii

dumped_netnode_value ='111insert_your_hex_value_here111'

idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info

idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

 

[转]How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  7. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  8. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

  9. Ubuntu下安装IDA pro

    预备 由于IDA pro只能装在32位环境下,如果是64位Ubuntu,需要运行如下命令安装32位的必备库. sudo dpkg --add-architecture i386 sudo apt-ge ...

随机推荐

  1. HttpGet 请求

    import java.net.HttpURLConnection; import java.text.SimpleDateFormat; import java.util.Calendar; imp ...

  2. oracle_彻底删除oracle

    例如ORACLE安装路径为:C:\ORACLE 实现方法: 1. 开始->设置->控制面板->管理工具->服务 停止所有Oracle服务. 2. 开始->程序->O ...

  3. Swift游戏开发实战教程(霸内部信息大学)

    Swift游戏开发实战教程(大学霸内部资料) 试读下载地址:http://pan.baidu.com/s/1sj7DvQH 介绍:本教程是国内第一本Swift游戏开发专向资料. 本教程具体解说记忆配对 ...

  4. C++ Primer中文本查询演示样例Query的实现

    近期在看C++ Primer复习C++的语法,看到书中15.9章中的文本查询演示样例时,认为设计得非常不错,于是便动手照着实现了一个,改动了非常久最终执行成功了,从中也学习到了非常多的语法.以下把实现 ...

  5. 从头开始学JavaScript (五)——操作符(二)

    原文:从头开始学JavaScript (五)--操作符(二) 一.乘性操作符 1.乘法:*      乘法操作符的一些特殊规则: 如果操作数都是数值,按照常规的乘法计算,如果乘积超过了ECMAscri ...

  6. HDU 4873 ZCC Loves Intersection(可能性)

    HDU 4873 ZCC Loves Intersection pid=4873" target="_blank" style="">题目链接 ...

  7. 【高德地图API】从零开始学高德JS API(四)搜索服务——POI搜索|自动完成|输入提示|行政区域|交叉路口|自有数据检索

    原文:[高德地图API]从零开始学高德JS API(四)搜索服务——POI搜索|自动完成|输入提示|行政区域|交叉路口|自有数据检索 摘要:地图服务,大家能想到哪些?POI搜素,输入提示,地址解析,公 ...

  8. Swift # 异常处理

    面向轨道编程 - Swift 中的异常处理 问题 在开发过程中,异常处理算是比较常见的问题了. 举一个比较常见的例子:用户修改注册的邮箱,大概分为以下几个步骤: 接收到一个用户的请求:我要修改邮箱地址 ...

  9. POI导出Excel文档通用工具方法

    import java.lang.reflect.InvocationTargetException; import java.util.List; import java.util.Map; imp ...

  10. Codeforces 474A Keyboard (水

    题目链接:点击打开链接 键盘移位了,问输出相应的字母 #include <cstdio> #include <cstring> char a[105]; char b[3][1 ...