Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/

Probably it’s not secret for you that every .IDB files contains header with your license information.

There are two “netnodes” in every .IDB file that reveals your identity. Basically “netnode” is block with some data, check: idasdk\include\netnode.hpp for more info.

So there are two netnodes:

”$ user1” - contains plaint text info about your license.
”$ original user” - contains encrypted info about your license.

Actually you can freely delete “$ user1” netnode without any consequences, because IDA doesn’t check it at all. But “$ original user” netnode has strategic meaning for IDA PRO. This netnode contains RSA-1024 encrypted license information, same info that you have in “ida.key” file. When you open .IDB database IDA reads “$ original user” value, decrypts it with public RSA-1024 key and checks your license against MD5 hashes of blacklisted “pirated” licenses.

So what we can do? We can’t delete it, because IDA checks this netnode on every opening. We can’t generate own value, because we don’t have private RSA key. But we can copy this value from another .IDB file :)

I googled and found this .IDB file from Trustwave: here

So let’s dump “$ original user” netnode in source .IDB file with following python script:

netnode_dumper.py
import idaapi
import binascii
print(binascii.hexlify(idaapi.netnode('$ original user', 0, False).supval(0)))

After that insert dumped value into this script and run it in IDA in destination .IDB:

netnode_updater.py
import idaapi
import binascii
dumped_netnode_value ='111insert_your_hex_value_here111'
idaapi.netnode('$ user1', 0, False).kill() # deleting netnode with plain text info
idaapi.netnode('$ original user', 0, False).supset(0, binascii.unhexlify(dumped_netnode_value))

Save, re-open database. Let’s check:

Yep, we have .IDB file from Trustwave now :)

And when IDA shows you this message:

or “Sorry, this database has been created by a pirate version of IDA”.

This means that “$ original user” netnode contains banned license info. But you still can copy this value from legit .IDB with hex editor.

How to create an anonymous IDA PRO database (.IDB)的更多相关文章

  1. [转]How to create an anonymous IDA PRO database (.IDB)

    Source: http://www.0xebfe.net/blog/2013/01/13/how-to-create-an-anonymous-ida-pro-database-dot-idb/ P ...

  2. IDA Pro使用技巧

    DA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭头 ...

  3. IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)

    IDA: What's new in 6.8 Highlights This is mainly a maintenance release, so our focus was on fixing b ...

  4. IDA Pro基本简介

    IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行流,Yes箭头默认为绿色,No箭 ...

  5. IDA Pro使用技巧及大杂烩

    IDA Pro使用技巧及大杂烩 IDA Pro基本简介 IDA加载完程序后,3个立即可见的窗口分别为IDA-View,Named,和消息输出窗口(output Window). IDA图形视图会有执行 ...

  6. IDA Pro使用(静态分析+动态调试)

    链接:http://skysider.com/?p=458 IDA Pro使用(静态分析+动态调试) 1.静态分析 IDA FLIRT Signature Database —— 用于识别静态编译的可 ...

  7. 路由器逆向分析------在Linux上安装IDA Pro

    本文博客地址:http://blog.csdn.net/qq1084283172/article/details/69665905 01.在Linux系统上安装Linux版本的IDA Pro Linu ...

  8. 安卓动态调试七种武器之孔雀翎 – Ida Pro

    安卓动态调试七种武器之孔雀翎 – Ida Pro 作者:蒸米@阿里聚安全 0x00 序 随着移动安全越来越火,各种调试工具也都层出不穷,但因为环境和需求的不同,并没有工具是万能的.另外工具是死的,人是 ...

  9. 计算机病毒实践汇总六:IDA Pro基础

    在尝试学习分析的过程中,判断结论不一定准确,只是一些我自己的思考和探索.敬请批评指正! 1. IDA使用 (1)搜索.下载并执行IDA Pro,对可执行程序lab05-01.dll进行装载,分别以图形 ...

随机推荐

  1. haskell debug

    最近在学习haskell这门神奇的语言,但是由于print不方便,程序出错的时候都不知道是怎么回事.网上搜了一把发现有这么一个好东西 import Debug.Trace funct :: Integ ...

  2. MySQL表定义缓存

    表定义 MySQL的表包含表名,表空间.索引.列.约束等信息,这些表的元数据我们暂且称为表定义信息. 对于InnoDB来说,MySQL在server层和engine层都有表定义信息.server层的表 ...

  3. Dynamic CRM 2013学习笔记(四十)流程3 - 对话(Dialog)用法图解

    我们将用对话来实现一个简单的满意度调查,下一个问题依赖于上一个问题.对话是同步的,不同于工作流既可以是同步也可以是异步的:对话可以跟用户互动:对话只能手动开始:对话只支持 .Net Framework ...

  4. [转]DOS特殊字符转义方法

    http://www.robvanderwoude.com/escapechars.php 期望得到的字符 转义后字符 说明 % %% May not always be required in do ...

  5. 多网卡的7种bond模式原理

    多网卡的7种bond模式原理 Linux 多网卡绑定 网卡绑定mode共有七种(0~6) bond0.bond1.bond2.bond3.bond4.bond5.bond6 常用的有三种 mode=0 ...

  6. [ACM_动态规划] ZOJ 1425 Crossed Matchings(交叉最大匹配 动态规划)

    Description There are two rows of positive integer numbers. We can draw one line segment between any ...

  7. Msbuild利用cpu多核加速

    msbuild /t:Rebuild /p:Configuration=Release /m /m 自动检测cpu数量启动对应数量进程

  8. Windows 8.1——将网站固定到开始菜单,自定义图标、颜色和Windows推送通知

    记得在IE 9和Windows 7刚出来那会儿我写过一篇文章来介绍如何自定义网站将其固定到Windows的任务栏上,同时自定义图标及任务内容.那个功能在IE 9中被称之为JumpList.http:/ ...

  9. C#——Dictionary<TKey, TValue> 计算向量的余弦值

    说明:三角函数的余弦值Cos我想,每个学计算机的理工人都知道,但是真的明白它的用途,我也是刚明白.每个人在初中或者高中的时候,都有这么个疑惑,学三角函数干什么用的?很直白的答案就是考试用的.而且当时的 ...

  10. 转载: Qt 学习之路 2归档

    Qt 学习之路 2归档 http://www.devbean.net/2012/08/qt-study-road-2-catelog/