Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwavehere

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
1

2

3

import idaapi

import binascii

print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
1

2

3

4

5

import idaapi

import binascii

dumped_netnode_value ='111insert_your_hex_value_here111'

idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info

idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

 

[转]How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  7. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  8. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

  9. Ubuntu下安装IDA pro

    预备 由于IDA pro只能装在32位环境下,如果是64位Ubuntu,需要运行如下命令安装32位的必备库. sudo dpkg --add-architecture i386 sudo apt-ge ...

随机推荐

  1. Date、DateTime值的格式化扩展函数

    public static class DateTimeExtensions    {        public static DateTime ToUtc(this DateTime time)  ...

  2. ASP.NET MVC+EF框架+EasyUI实现权限管理系列(10)- VSS源代码管理

    原文:ASP.NET MVC+EF框架+EasyUI实现权限管理系列(10)- VSS源代码管理 ASP.NET MVC+EF框架+EasyUI实现权限管系列 (开篇)   (1):框架搭建    ( ...

  3. JS脚本显示当前日期+星期几[转]

    以下的代码提供了显示当前日期和星期几的实现方法: function writeDateInfo() {         var day="";         var month= ...

  4. hdu 1098 Ignatius's puzz

    有关数论方面的题要仔细阅读,分析公式. Problem Description Ignatius is poor at math,he falls across a puzzle problem,so ...

  5. java_log4j 经典配置

    程序加载制定日志文件 public static final String log4j = "log4j.xml"; /** * @declare 加载log4j * @throw ...

  6. FPGA 异步时钟处理方

    1 假设FPGA设计,包括不同的频率的时钟,它会发出涉及异步时钟. 我们需要一些方法来使时钟同步,从而保证FPGA可靠性设计. 2 在建立和保持时间所构成的有效时间窗体内,数据输入到触发器进行转换. ...

  7. POJ 3176-Cow Bowling(DP||记忆化搜索)

    Cow Bowling Time Limit: 1000MS   Memory Limit: 65536K Total Submissions: 14210   Accepted: 9432 Desc ...

  8. asp.net webform easyui

    建议使用   html 页面 和 一般处理程序,一般处理程序 继承 IRequiresSessionState  ,才能用 session .

  9. Web API-路由(二)

    路由匹配主要有三个阶段: 1.将URI匹配到一个路由模版: 2.选择一个controller 3.选择一个action: 可以使用系统提供的拓展点,修改默认的匹配与选择逻辑规则.   路由模版: 路由 ...

  10. Windows WDDM显卡驱动框架及GPUView工具的使用(1)

    也许这个夏天会写一些东西,这里先说说我做过些什么,知道些什么. 过去的五年里,先后在Vista,Win7和Win8上写过显卡驱动,包括umd和kmd的驱动,积累了大量关于WDDM的经验. 我知道WMM ...