IDA 9.0 BETA crack

xiaotian1339 发表于 2024-8-10 13:47

本帖最后由 xiaotian1339 于 2024-8-10 17:19 编辑

ida 9.0 BETA 下载地址：https://out5.hex-rays.com/beta90_6ba923/

补丁方式（只适用于Windows版）:
1.将ida64.dll中的 `0x342D8B` 75->74，消除签名检查
2. 然后创建包含内容的license文件`ida.hexlic`
内容如下：
```json
{"header":{"version":1},"payload":{"name":"test","email":"test","licenses":[{"id":"0C-2238-4E5A-7B","product":"IDA","owner":"0C-2238-4E5A-0A","license_type":"named","seats":1,"add_ons":[{"id":"0C-2238-4E5A-01","code":"HEXX86","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-02","code":"HEXX64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-03","code":"HEXARM","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-04","code":"HEXARM64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-05","code":"HEXMIPS","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-06","code":"HEXMIPS64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-07","code":"HEXPPC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-08","code":"HEXPPC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-09","code":"HEXRV64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-10","code":"HEXARC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-11","code":"HEXARC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}],"features":[],"start_date":"2024-08-08 08:08:08","issued_on":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}]}}
```

原帖地址：https://hastebin.com/share/nikilozujo.csharp与 https://x.com/equat0rium/status/1822133526398914788

补一个成功截图以及相关文件

https://static.52pojie.cn/static/image/hrline/4.gif

又来补充了，刚才翻到一个看起来是适用全平台的脚本
自行尝试~
以下是脚本源代码

```python
import json
import hashlib
import os

license = {
"header": {"version": 1},
"payload": {
   "name": "meow :3",
   "email": "hi@hex-rays.com",
   "licenses": [
         {
            "id": "48-2137-ACAB-99",
            "license_type": "named",
            "product": "IDA",
            "seats": 1,
            "start_date": "2024-08-10 00:00:00",
            "end_date": "2033-12-31 23:59:59",# This can't be more than 10 years!
            "issued_on": "2024-08-10 00:00:00",
            "owner": "cracked by alula :3",
            "add_ons": [
               # {
               # "id": "48-1337-DEAD-01",
               # "code": "HEXX86L",
               # "owner": "48-0000-0000-00",
               # "start_date": "2024-08-10 00:00:00",
               # "end_date": "2033-12-31 23:59:59",
               # },
               # {
               # "id": "48-1337-DEAD-02",
               # "code": "HEXX64L",
               # "owner": "48-0000-0000-00",
               # "start_date": "2024-08-10 00:00:00",
               # "end_date": "2033-12-31 23:59:59",
               # },
            ],
            "features": [],
         }
   ],
},
}

def add_every_addon(license):
platforms = [
   "W",# Windows
   "L",# Linux
   "M",# macOS
]
addons = [
   "HEXX86",
   "HEXX64",
   "HEXARM",
   "HEXARM64",
   "HEXMIPS",
   "HEXMIPS64",
   "HEXPPC",
   "HEXPPC64",
   "HEXRV64",
   "HEXARC",
   "HEXARC64",
   # Probably cloud?
   # "HEXCX86",
   # "HEXCX64",
   # "HEXCARM",
   # "HEXCARM64",
   # "HEXCMIPS",
   # "HEXCMIPS64",
   # "HEXCPPC",
   # "HEXCPPC64",
   # "HEXCRV",
   # "HEXCRV64",
   # "HEXCARC",
   # "HEXCARC64",
]

i = 0
for addon in addons:
   i += 1
   license["payload"]["licenses"]["add_ons"].append(
         {
            "id": f"48-1337-DEAD-{i:02}",
            "code": addon,
            "owner": license["payload"]["licenses"]["id"],
            "start_date": "2024-08-10 00:00:00",
            "end_date": "2033-12-31 23:59:59",
         }
   )
# for addon in addons:
# for platform in platforms:
#       i += 1
#       license["payload"]["licenses"]["add_ons"].append(
#          {
#             "id": f"48-1337-DEAD-{i:02}",
#             "code": addon + platform,
#             "owner": license["payload"]["licenses"]["id"],
#             "start_date": "2024-08-10 00:00:00",
#             "end_date": "2033-12-31 23:59:59",
#          }
#       )

add_every_addon(license)

def json_stringify_alphabetical(obj):
return json.dumps(obj, sort_keys=True, separators=(",", ":"))

def buf_to_bigint(buf):
return int.from_bytes(buf, byteorder="little")

def bigint_to_buf(i):
return i.to_bytes((i.bit_length() + 7) // 8, byteorder="little")

# Yup, you only have to patch 5c -> cb in libida64.so
pub_modulus_hexrays = buf_to_bigint(
bytes.fromhex(
   "edfd425cf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
)
)
pub_modulus_patched = buf_to_bigint(
bytes.fromhex(
   "edfd42cbf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
)
)

private_key = buf_to_bigint(
bytes.fromhex(
   "77c86abbb7f3bb134436797b68ff47beb1a5457816608dbfb72641814dd464dd640d711d5732d3017a1c4e63d835822f00a4eab619a2c4791cf33f9f57f9c2ae4d9eed9981e79ac9b8f8a411f68f25b9f0c05d04d11e22a3a0d8d4672b56a61f1532282ff4e4e74759e832b70e98b9d102d07e9fb9ba8d15810b144970029874"
)
)

def decrypt(message):
decrypted = pow(buf_to_bigint(message), exponent, pub_modulus_patched)
decrypted = bigint_to_buf(decrypted)
return decrypted[::-1]

def encrypt(message):
encrypted = pow(buf_to_bigint(message[::-1]), private_key, pub_modulus_patched)
encrypted = bigint_to_buf(encrypted)
return encrypted

exponent = 0x13

def sign_hexlic(payload: dict) -> str:
data = {"payload": payload}
data_str = json_stringify_alphabetical(data)

buffer = bytearray(128)
# first 33 bytes are random
for i in range(33):
   buffer = 0x42

# compute sha256 of the data
sha256 = hashlib.sha256()
sha256.update(data_str.encode())
digest = sha256.digest()

# copy the sha256 digest to the buffer
for i in range(32):
   buffer = digest

# encrypt the buffer
encrypted = encrypt(buffer)

return encrypted.hex().upper()

def generate_patched_dll(filename):
if not os.path.exists(filename):
   print(f"Didn't find {filename}, skipping patch generation")
   return

with open(filename, "rb") as f:
   data = f.read()

   if data.find(bytes.fromhex("EDFD42CBF978")) != -1:
         print(f"{filename} looks to be already patched :)")
         return

   if data.find(bytes.fromhex("EDFD425CF978")) == -1:
         print(f"{filename} doesn't contain the original modulus.")
         return

   data = data.replace(
         bytes.fromhex("EDFD425CF978"), bytes.fromhex("EDFD42CBF978")
   )

   patched_filename = f"{filename}.patched"
   with open(patched_filename, "wb") as f:
         f.write(data)

   print(f"Generated modulus patch to {patched_filename}! To apply the patch, replace the original file with the patched file")

# message = bytes.fromhex(license["signature"])
# print(decrypt(message).hex())
# print(encrypt(decrypt(message)).hex())

license["signature"] = sign_hexlic(license["payload"])

serialized = json_stringify_alphabetical(license)

# write to ida.hexlic
filename = "ida.hexlic"

with open(filename, "w") as f:
f.write(serialized)

print(f"Saved new license to {filename}!")

generate_patched_dll("ida.dll")
generate_patched_dll("ida64.dll")
generate_patched_dll("libida.so")
generate_patched_dll("libida64.so")
generate_patched_dll("libida.dylib")
generate_patched_dll("libida64.dylib")
```
使用方式：
1. 编辑许可证信息，注意到期时间不要超过10年
2. 将ida/ida64 dll/so/dylib放在与script相同的目录下
3. 运行脚本生成license
4. 复制生成的license，并将dll替换为补丁
5. 运行激活
来源：[来源1](https://x.com/__alula/status/1822106728630034776)
[来源2](https://x.com/whatdahopper/status/1822035852744331484)

LW404 发表于 2024-8-10 19:37

本帖最后由 LW404 于 2024-8-10 21:39 编辑

统一回复 MAC 端步骤如下：

1. **将所需破解文件与CRACK放置于同一目录并运行**
- 于下面路径中寻找libida64.dylib与libida.dylib文件。
```
/Applications/IDA Professional 9.0.app/Contents/MacOS
```
- 将两个文件复制并置于CRACK同一目录并运行。
- 运行CRACK后，获取生成的`.dylib`文件。

2. **去掉文件后缀**
- 将生成的`.dylib.patch`文件的`.patch`后缀去掉，保留为`.dylib`。

3. **文件放置**
- 将修改后的`.dylib`文件与`ida.hexlic`文件放置在以下目录中：
```
/Applications/IDA Professional 9.0.app/Contents/MacOS
```

4. **文件签名**
- 对放置在上述目录中的`.dylib`文件依次进行签名，参考以下命令：
```
sudo codesign --force --deep --sign - /Applications/IDA\ Professional\ 9.0.app/Contents/MacOS/libida64.dylib
sudo codesign --force --deep --sign - /Applications/IDA\ Professional\ 9.0.app/Contents/MacOS/libida.dylib
```

5. **确认签名成功**
- **删除 /Applications/IDA Professional 9.0.app/Contents/MacOS/plugins/arm_mac_user64.dylib **
- 确认签名操作成功，启动应用。

满不懂 发表于 2024-8-10 14:06

感谢分享！！收藏学习。

52soft 发表于 2024-8-10 14:21

楼主厉害

侃遍天下无二人 发表于 2024-8-10 14:28

啊这，所以许可证内容是明文吗

xiaotian1339 发表于 2024-8-10 14:35

侃遍天下无二人发表于 2024-8-10 14:28
啊这，所以许可证内容是明文吗

可能是beta特色？

feiyu361 发表于 2024-8-10 14:36

太妙了,马上就是一个下载

kmzwyong12 发表于 2024-8-10 14:41

下载试用，感谢！！！

gcode 发表于 2024-8-10 14:49

感谢分享，终于有9可以使用了

donghaostdio 发表于 2024-8-10 14:51

感谢分享！！收藏学习。

wasm2023 发表于 2024-8-10 15:09

插件全吗

页: [1] 2 3 4 5 6 7 8 9 10

吾爱破解 - 52pojie.cn's Archiver

IDA 9.0 BETA crack