Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwavehere

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
1

2

3

import idaapi

import binascii

print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
1

2

3

4

5

import idaapi

import binascii

dumped_netnode_value ='111insert_your_hex_value_here111'

idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info

idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

 

[转]How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  7. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  8. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

  9. Ubuntu下安装IDA pro

    预备 由于IDA pro只能装在32位环境下,如果是64位Ubuntu,需要运行如下命令安装32位的必备库. sudo dpkg --add-architecture i386 sudo apt-ge ...

随机推荐

  1. (一)spring MVC基本概念和流程

    MVC的概念 Model(模型):包含数据和行为.不过现在一般都分离开来:Value Object(数据) 和 服务层(行为). View(视图):负责进行模型的展示,一般就是展示给用户的界面. Co ...

  2. iOS程序 # 启动过程

    [ App 应用 ] 中文名:缺省 外文名:default 拼音:quē shěng 释义:系统默认状态 全称:缺省状态 -------------- 1.程序启动顺序 1> main.m程序入 ...

  3. CentOS采用grub进 single状态

    当系统文件错误,有可能无法进入系统.或者您忘记了原来的系统password. 用这种方法可以,进single状态,编辑系统启动文件或更改的错误password. 1.重新启动系统. 2.按" ...

  4. javascript常用知识点集

    javascript常用知识点集 目录结构 一.jquery源码中常见知识点 二.javascript中原型链常见的知识点 三.常用的方法集知识点 一.jquery源码中常见的知识点 1.string ...

  5. IOS中UIDatePicker

    UIDatePicker 1.常见属性 /* 样式 UIDatePickerModeTime,时间 UIDatePickerModeDate,日期 UIDatePickerModeDateAndTim ...

  6. 解决Win7下一个VC++6.0您不能直接打开多个project问题

    于Win7操作系统,只需双击打开多个VC ++6.0的project当文件,前方和后方的工作区将关闭工作区,这项.VC++6.0仅仅通过文件-->开放式工作区-->找到磁盘project档 ...

  7. 红米1S Mokee4.4.4 本人编译版耳机线控改动调音量以及上下曲方法

    改动的文件为,用Re管理器编辑: system/usr/keylayout/msm8226-tapan-snd-card_Button_Jack.kl 默认的耳机线控的上下键是切换上下曲功能,因此此文 ...

  8. 安卓MonkeyRunner源码分析之工作原理架构图及系列集合

    花了点时间整理了下MonkeyRunner的工作原理图,请配合本人博客里面MonkeyRunner其他源码分析文章进行阅读.下面整理成相应系列列表方便大家阅读: MonkeyRunner源码分析之-谁 ...

  9. Installshield停止操作系统进程的代码 --IS6及以上版本适用

    原文:Installshield停止操作系统进程的代码 --IS6及以上版本适用 setup.rul的代码 Code;end;///////////////////////////////////// ...

  10. oracle中导入导出数据备份数据库

    原文:oracle中导入导出数据备份数据库 数据库所在位置                         将数据导出到的文件名                    用户名 备份数据库 :exp c ...