Reverse Engineering

IDA

下载

magnet:?xt=urn:btih:920c1a578e815e9d0e4b843179306cdcb5e8e00d&dn=idapro90rc1

magnet:?xt=urn:btih:b2e16894b6c40774283560fe292e5d4bc68c512f&dn=IDA%209.0.240925%20v2

https://downloadly.ir/software/programming/hex-rays-ida-pro-14

key

import json
import hashlib
import os

# originally made by alula
license = {
    "header": {"version": 1},
    "payload": {
        "name": "elf",
        "email": "elv@ven",
        "licenses": [
            {
                "description": "license",
                "edition_id": "ida-pro",
                "id": "48-2137-ACAB-99",
                "license_type": "named",
                "product": "IDA",
                "seats": 1,
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",  # This can't be more than 10 years!
                "issued_on": "2024-08-10 00:00:00",
                "owner": "",
                "product_id": "IDAPRO",
                "add_ons": [
                    # {
                    #     "id": "48-1337-DEAD-01",
                    #     "code": "HEXX86L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                    # {
                    #     "id": "48-1337-DEAD-02",
                    #     "code": "HEXX64L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                ],
                "features": [],
            }
        ],
    },
}


def add_every_addon(license):
    platforms = [
        "W",  # Windows
        "L",  # Linux
        "M",  # macOS
    ]
    addons = [
        "HEXX86",
        "HEXX64",
        "HEXARM",
        "HEXARM64",
        "HEXMIPS",
        "HEXMIPS64",
        "HEXPPC",
        "HEXPPC64",
        "HEXRV64",
        "HEXARC",
        "HEXARC64",
        # Probably cloud?
        # "HEXCX86",
        # "HEXCX64",
        # "HEXCARM",
        # "HEXCARM64",
        # "HEXCMIPS",
        # "HEXCMIPS64",
        # "HEXCPPC",
        # "HEXCPPC64",
        # "HEXCRV",
        # "HEXCRV64",
        # "HEXCARC",
        # "HEXCARC64",
    ]

    i = 0
    for addon in addons:
        i += 1
        license["payload"]["licenses"][0]["add_ons"].append(
            {
                "id": f"48-1337-DEAD-{i:02}",
                "code": addon,
                "owner": license["payload"]["licenses"][0]["id"],
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",
            }
        )
    # for addon in addons:
    #     for platform in platforms:
    #         i += 1
    #         license["payload"]["licenses"][0]["add_ons"].append(
    #             {
    #                 "id": f"48-1337-DEAD-{i:02}",
    #                 "code": addon + platform,
    #                 "owner": license["payload"]["licenses"][0]["id"],
    #                 "start_date": "2024-08-10 00:00:00",
    #                 "end_date": "2033-12-31 23:59:59",
    #             }
    #         )


add_every_addon(license)


def json_stringify_alphabetical(obj):
    return json.dumps(obj, sort_keys=True, separators=(",", ":"))


def buf_to_bigint(buf):
    return int.from_bytes(buf, byteorder="little")


def bigint_to_buf(i):
    return i.to_bytes((i.bit_length() + 7) // 8, byteorder="little")


# Yup, you only have to patch 5c -> cb in libida64.so
pub_modulus_hexrays = buf_to_bigint(
    bytes.fromhex(
        "edfd425cf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)
pub_modulus_patched = buf_to_bigint(
    bytes.fromhex(
        "edfd42cbf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)

private_key = buf_to_bigint(
    bytes.fromhex(
        "77c86abbb7f3bb134436797b68ff47beb1a5457816608dbfb72641814dd464dd640d711d5732d3017a1c4e63d835822f00a4eab619a2c4791cf33f9f57f9c2ae4d9eed9981e79ac9b8f8a411f68f25b9f0c05d04d11e22a3a0d8d4672b56a61f1532282ff4e4e74759e832b70e98b9d102d07e9fb9ba8d15810b144970029874"
    )
)


def decrypt(message):
    decrypted = pow(buf_to_bigint(message), exponent, pub_modulus_patched)
    decrypted = bigint_to_buf(decrypted)
    return decrypted[::-1]


def encrypt(message):
    encrypted = pow(buf_to_bigint(message[::-1]), private_key, pub_modulus_patched)
    encrypted = bigint_to_buf(encrypted)
    return encrypted


exponent = 0x13


def sign_hexlic(payload: dict) -> str:
    data = {"payload": payload}
    data_str = json_stringify_alphabetical(data)

    buffer = bytearray(128)
    # first 33 bytes are random
    for i in range(33):
        buffer[i] = 0x42

    # compute sha256 of the data
    sha256 = hashlib.sha256()
    sha256.update(data_str.encode())
    digest = sha256.digest()

    # copy the sha256 digest to the buffer
    for i in range(32):
        buffer[33 + i] = digest[i]

    # encrypt the buffer
    encrypted = encrypt(buffer)

    return encrypted.hex().upper()


def generate_patched_dll(filename):
    if not os.path.exists(filename):
        print(f"Didn't find {filename}, skipping patch generation")
        return

    with open(filename, "rb") as f:
        data = f.read()

        if data.find(bytes.fromhex("EDFD42CBF978")) != -1:
            print(f"{filename} looks to be already patched :)")
            return
        
        if data.find(bytes.fromhex("EDFD425CF978")) == -1:
            print(f"{filename} doesn't contain the original modulus.")
            return

        data = data.replace(
            bytes.fromhex("EDFD425CF978"), bytes.fromhex("EDFD42CBF978")
        )

        patched_filename = f"{filename}.patched"
        with open(patched_filename, "wb") as f:
            f.write(data)

        print(f"Generated modulus patch to {patched_filename}! To apply the patch, replace the original file with the patched file")


# message = bytes.fromhex(license["signature"])
# print(decrypt(message).hex())
# print(encrypt(decrypt(message)).hex())

license["signature"] = sign_hexlic(license["payload"])

serialized = json_stringify_alphabetical(license)

# write to ida.hexlic
filename = "idapro.hexlic"

with open(filename, "w") as f:
    f.write(serialized)

print(f"Saved new license to {filename}!")

generate_patched_dll("ida32.dll")
generate_patched_dll("ida.dll")
generate_patched_dll("libida32.so")
generate_patched_dll("libida.so")
generate_patched_dll("libida32.dylib")
generate_patched_dll("libida.dylib")

保存为 keygen2.py 到安装目录(C:\Program Files\IDA Professional 9.0)，可修改：

• 替换 elf： "name": "elf" -> 随便替换一个名字
• 替换 "elv@ven： "email": "elv@ven" -> 随便替换一个邮箱
• 修正授权文件发行时间： "issued_on": "2024-08-10 00:00:00"

运行 python keygen2.py 会出现 ida.dll.patched、ida32.dll.patched、idapro.hexlic，备份 ida.dll 和 ida32.dll，将生成的 ida.dll.patched 和 ida32.dll.patched 重命名为 ida.dll 和 ida32.dll

Android

https://github.com/skylot/jadx/releases

JEB Decompiler：https://www.pnfsoftware.com/jeb/changelog

mod by CXV：https://bbs.kanxue.com/thread-287953-1.htm

Burp Suite

https://portswigger.net/burp/releases#professional

https://github.com/Leon406/BurpSuiteCN-Release/releases

start D:\jre21\bin\javaw ^
-XX:+IgnoreUnrecognizedVMOptions ^
--add-opens=java.desktop/javax.swing=ALL-UNNAMED ^
--add-opens=java.base/java.lang=ALL-UNNAMED ^
--add-opens=java.base/jdk.internal.org.objectweb.asm=ALL-UNNAMED ^
--add-opens=java.base/jdk.internal.org.objectweb.asm.tree=ALL-UNNAMED ^
--add-opens=java.base/jdk.internal.org.objectweb.asm.Opcodes=ALL-UNNAMED ^
-noverify ^
-javaagent:D:\Development\burpsuit\burpsuitloader-4.11.22-all.jar=loader,hanizfy ^
-jar D:\Development\burpsuit\burpsuite_pro_v2025.10.7.jar



start D:\jre\bin\javaw -jar D:\Development\burpsuit\burpsuitloader-4.11.22-all.jar

Navicat

https://www.navicat.com.cn/download/navicat-premium & https://www.navicat.com/en/download/navicat-premium

@echo off

echo delete HKEY_CURRENT_USER\Software\PremiumSoft\Data
reg delete HKEY_CURRENT_USER\Software\PremiumSoft\Data /f >nul

echo.
echo delete HKEY_CURRENT_USER\Software\PremiumSoft\NavicatPremium\Update
reg delete HKEY_CURRENT_USER\Software\PremiumSoft\NavicatPremium\Update /f >nul

echo.
echo delete HKEY_CURRENT_USER\Software\PremiumSoft\NavicatPremium\Registration[version and language]
for /f %%i in ('"REG QUERY "HKEY_CURRENT_USER\Software\PremiumSoft\NavicatPremium" /s | findstr /L Registration"') do (
  reg delete %%i /va /f >nul
)

echo.
echo delete Info and ShellFolder under HKEY_CURRENT_USER\Software\Classes\CLSID
setlocal enabledelayedexpansion
for /f "tokens=*" %%a in ('reg query "HKEY_CURRENT_USER\Software\Classes\CLSID"') do (
  set /a subkeyCount=0, hasInfo=0, hasDefaultIcon=0, hasShellFolder=0
  for /f "tokens=*" %%l in ('reg query "%%a"') do (
    set /a subkeyCount+=1
    echo %%l| findstr /i "\\Info$" >nul && set /a hasInfo=1
    echo %%l| findstr /i "\\DefaultIcon$" >nul && set /a hasDefaultIcon=1
    echo %%l| findstr /i "\\ShellFolder$" >nul && set /a hasShellFolder=1
  )
  if "!subkeyCount!!hasInfo!!hasDefaultIcon!!hasShellFolder!"=="1100" (
    echo delete %%a
    reg delete %%a /f >nul
  ) else if "!subkeyCount!!hasInfo!!hasDefaultIcon!!hasShellFolder!"=="2011" (
    echo delete %%a
    reg delete %%a /f >nul
  )
)
endlocal

echo.
echo Finish
::pause
start D:\ProgramFiles\Navicat\navicat.exe
exit

 

---

https://docs.hex-rays.com/release-notes/9_0

https://nineninesix.work/index.php/2024/09/12/ida90

https://blog.csdn.net/Code_GodFather/article/details/142951200

https://web.archive.org/web/20240811074303/https://out5.hex-rays.com/beta90_6ba923