吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 8983|回复: 97
收起左侧

[Disassemblers] IDA 9.0 BETA crack

  [复制链接]
xiaotian1339 发表于 2024-8-10 13:47
本帖最后由 xiaotian1339 于 2024-8-10 17:19 编辑

ida 9.0 BETA 下载地址:https://out5.hex-rays.com/beta90_6ba923/

补丁方式(只适用于Windows版):

  1. 将ida64.dll中的 0x342D8B 75->74,消除签名检查
  2. 然后创建包含内容的license文件ida.hexlic
    内容如下:
    {"header":{"version":1},"payload":{"name":"test","email":"test","licenses":[{"id":"0C-2238-4E5A-7B","product":"IDA","owner":"0C-2238-4E5A-0A","license_type":"named","seats":1,"add_ons":[{"id":"0C-2238-4E5A-01","code":"HEXX86","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-02","code":"HEXX64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-03","code":"HEXARM","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-04","code":"HEXARM64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-05","code":"HEXMIPS","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-06","code":"HEXMIPS64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-07","code":"HEXPPC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-08","code":"HEXPPC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-09","code":"HEXRV64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-10","code":"HEXARC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-11","code":"HEXARC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}],"features":[],"start_date":"2024-08-08 08:08:08","issued_on":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}]}}

原帖地址:https://hastebin.com/share/nikilozujo.csharp  与 https://x.com/equat0rium/status/1822133526398914788



补一个成功截图以及相关文件

Snipaste_2024-08-10_14-42-57.png

ida64.zip (2.25 MB, 下载次数: 502)




又来补充了,刚才翻到一个看起来是适用全平台的脚本
自行尝试~
以下是脚本源代码

import json
import hashlib
import os

license = {
    "header": {"version": 1},
    "payload": {
        "name": "meow :3",
        "email": "hi@hex-rays.com",
        "licenses": [
            {
                "id": "48-2137-ACAB-99",
                "license_type": "named",
                "product": "IDA",
                "seats": 1,
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",  # This can't be more than 10 years!
                "issued_on": "2024-08-10 00:00:00",
                "owner": "cracked by alula :3",
                "add_ons": [
                    # {
                    #     "id": "48-1337-DEAD-01",
                    #     "code": "HEXX86L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                    # {
                    #     "id": "48-1337-DEAD-02",
                    #     "code": "HEXX64L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                ],
                "features": [],
            }
        ],
    },
}

def add_every_addon(license):
    platforms = [
        "W",  # Windows
        "L",  # Linux
        "M",  # macOS
    ]
    addons = [
        "HEXX86",
        "HEXX64",
        "HEXARM",
        "HEXARM64",
        "HEXMIPS",
        "HEXMIPS64",
        "HEXPPC",
        "HEXPPC64",
        "HEXRV64",
        "HEXARC",
        "HEXARC64",
        # Probably cloud?
        # "HEXCX86",
        # "HEXCX64",
        # "HEXCARM",
        # "HEXCARM64",
        # "HEXCMIPS",
        # "HEXCMIPS64",
        # "HEXCPPC",
        # "HEXCPPC64",
        # "HEXCRV",
        # "HEXCRV64",
        # "HEXCARC",
        # "HEXCARC64",
    ]

    i = 0
    for addon in addons:
        i += 1
        license["payload"]["licenses"][0]["add_ons"].append(
            {
                "id": f"48-1337-DEAD-{i:02}",
                "code": addon,
                "owner": license["payload"]["licenses"][0]["id"],
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",
            }
        )
    # for addon in addons:
    #     for platform in platforms:
    #         i += 1
    #         license["payload"]["licenses"][0]["add_ons"].append(
    #             {
    #                 "id": f"48-1337-DEAD-{i:02}",
    #                 "code": addon + platform,
    #                 "owner": license["payload"]["licenses"][0]["id"],
    #                 "start_date": "2024-08-10 00:00:00",
    #                 "end_date": "2033-12-31 23:59:59",
    #             }
    #         )

add_every_addon(license)

def json_stringify_alphabetical(obj):
    return json.dumps(obj, sort_keys=True, separators=(",", ":"))

def buf_to_bigint(buf):
    return int.from_bytes(buf, byteorder="little")

def bigint_to_buf(i):
    return i.to_bytes((i.bit_length() + 7) // 8, byteorder="little")

# Yup, you only have to patch 5c -> cb in libida64.so
pub_modulus_hexrays = buf_to_bigint(
    bytes.fromhex(
        "edfd425cf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)
pub_modulus_patched = buf_to_bigint(
    bytes.fromhex(
        "edfd42cbf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)

private_key = buf_to_bigint(
    bytes.fromhex(
        "77c86abbb7f3bb134436797b68ff47beb1a5457816608dbfb72641814dd464dd640d711d5732d3017a1c4e63d835822f00a4eab619a2c4791cf33f9f57f9c2ae4d9eed9981e79ac9b8f8a411f68f25b9f0c05d04d11e22a3a0d8d4672b56a61f1532282ff4e4e74759e832b70e98b9d102d07e9fb9ba8d15810b144970029874"
    )
)

def decrypt(message):
    decrypted = pow(buf_to_bigint(message), exponent, pub_modulus_patched)
    decrypted = bigint_to_buf(decrypted)
    return decrypted[::-1]

def encrypt(message):
    encrypted = pow(buf_to_bigint(message[::-1]), private_key, pub_modulus_patched)
    encrypted = bigint_to_buf(encrypted)
    return encrypted

exponent = 0x13

def sign_hexlic(payload: dict) -> str:
    data = {"payload": payload}
    data_str = json_stringify_alphabetical(data)

    buffer = bytearray(128)
    # first 33 bytes are random
    for i in range(33):
        buffer[i] = 0x42

    # compute sha256 of the data
    sha256 = hashlib.sha256()
    sha256.update(data_str.encode())
    digest = sha256.digest()

    # copy the sha256 digest to the buffer
    for i in range(32):
        buffer[33 + i] = digest[i]

    # encrypt the buffer
    encrypted = encrypt(buffer)

    return encrypted.hex().upper()

def generate_patched_dll(filename):
    if not os.path.exists(filename):
        print(f"Didn't find {filename}, skipping patch generation")
        return

    with open(filename, "rb") as f:
        data = f.read()

        if data.find(bytes.fromhex("EDFD42CBF978")) != -1:
            print(f"{filename} looks to be already patched :)")
            return

        if data.find(bytes.fromhex("EDFD425CF978")) == -1:
            print(f"{filename} doesn't contain the original modulus.")
            return

        data = data.replace(
            bytes.fromhex("EDFD425CF978"), bytes.fromhex("EDFD42CBF978")
        )

        patched_filename = f"{filename}.patched"
        with open(patched_filename, "wb") as f:
            f.write(data)

        print(f"Generated modulus patch to {patched_filename}! To apply the patch, replace the original file with the patched file")

# message = bytes.fromhex(license["signature"])
# print(decrypt(message).hex())
# print(encrypt(decrypt(message)).hex())

license["signature"] = sign_hexlic(license["payload"])

serialized = json_stringify_alphabetical(license)

# write to ida.hexlic
filename = "ida.hexlic"

with open(filename, "w") as f:
    f.write(serialized)

print(f"Saved new license to {filename}!")

generate_patched_dll("ida.dll")
generate_patched_dll("ida64.dll")
generate_patched_dll("libida.so")
generate_patched_dll("libida64.so")
generate_patched_dll("libida.dylib")
generate_patched_dll("libida64.dylib")

使用方式:
1. 编辑许可证信息,注意到期时间不要超过10年
2. 将ida/ida64 dll/so/dylib放在与script相同的目录下
3. 运行脚本生成license
4. 复制生成的license,并将dll替换为补丁
5. 运行激活
来源:

免费评分

参与人数 20吾爱币 +20 热心值 +20 收起 理由
leospring + 1 + 1 谢谢@Thanks!
jzcyj + 1 + 1 鼓励转贴优秀软件安全工具和文档!
rosng + 1 + 1 谢谢@Thanks!
44018723 + 1 + 1 用心讨论,共获提升!
X1a0 + 1 + 1 谢谢@Thanks!
fcml45 + 1 + 1 谢谢!
LuckyClover + 1 + 1 谢谢@Thanks!
RickSanchez + 1 + 1 我很赞同!
浮尘晓梦 + 1 谢谢@Thanks!
xlwllm + 1 + 1 谢谢@Thanks!
MFC + 1 + 1 谢谢@Thanks!
gzhdssj + 1 + 1 谢谢@Thanks!
pales1gh + 1 + 1 谢谢@Thanks!
海水很咸 + 1 + 1 我很赞同!
wholdcat + 1 + 1 速度真快!感谢大佬!
dkmg + 1 + 1 神速!要是有Linux的方法就起飞了
gcode + 1 + 1 谢谢@Thanks!
熊猫拍板砖 + 2 + 1 热心回复!
hongge + 1 + 1 我很赞同!
满不懂 + 1 + 1 谢谢@Thanks!

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

LW404 发表于 2024-8-10 19:37
本帖最后由 LW404 于 2024-8-10 21:39 编辑

统一回复 MAC 端步骤如下:

  1. 将所需破解文件与CRACK放置于同一目录并运行  

    • 于下面路径中寻找libida64.dylib与libida.dylib文件。
      /Applications/IDA Professional 9.0.app/Contents/MacOS
    • 将两个文件复制并置于CRACK同一目录并运行。
    • 运行CRACK后,获取生成的.dylib文件。
  2. 去掉文件后缀  

    • 将生成的.dylib.patch文件的.patch后缀去掉,保留为.dylib
  3. 文件放置  

    • 将修改后的.dylib文件与ida.hexlic文件放置在以下目录中:
      /Applications/IDA Professional 9.0.app/Contents/MacOS
  4. 文件签名  

    • 对放置在上述目录中的.dylib文件依次进行签名,参考以下命令:
      sudo codesign --force --deep --sign - /Applications/IDA\ Professional\ 9.0.app/Contents/MacOS/libida64.dylib
      sudo codesign --force --deep --sign - /Applications/IDA\ Professional\ 9.0.app/Contents/MacOS/libida.dylib
  5. 确认签名成功  

    • 删除 /Applications/IDA Professional 9.0.app/Contents/MacOS/plugins/arm_mac_user64.dylib
    • 确认签名操作成功,启动应用。

免费评分

参与人数 1吾爱币 +1 热心值 +1 收起 理由
smile1110 + 1 + 1 谢谢@Thanks!

查看全部评分

满不懂 发表于 2024-8-10 14:06
52soft 发表于 2024-8-10 14:21
侃遍天下无二人 发表于 2024-8-10 14:28
啊这,所以许可证内容是明文吗

点评

IDA 授权文件一向如此,靠签名验证保证不被篡改。 不过之前是文本格式,这次换成了 json  详情 回复 发表于 2024-8-10 17:57
 楼主| xiaotian1339 发表于 2024-8-10 14:35
侃遍天下无二人 发表于 2024-8-10 14:28
啊这,所以许可证内容是明文吗

可能是beta特色?
feiyu361 发表于 2024-8-10 14:36
太妙了,马上就是一个下载
kmzwyong12 发表于 2024-8-10 14:41
下载试用,感谢!!!
gcode 发表于 2024-8-10 14:49
感谢分享,终于有9可以使用了
donghaostdio 发表于 2024-8-10 14:51

感谢分享!!收藏学习。
wasm2023 发表于 2024-8-10 15:09
插件全吗
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2025-1-3 11:49

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表