ida9.0来袭mac,linux,window

博主： huoyu
发布时间：2024 年 08 月 12 日
346 次浏览
暂无评论
10183字数
分类： app - 逆向技术教程

下载地址：`https://out5.hex-rays.com/beta90_6ba923/`

我使用的是左边的版本

体验环境：mac M1

访问不了的话可以在这儿下载[链接](http://file.zimopy.com/d/%E5%85%AC%E5%BC%80%E6%95%B0%E6%8D%AE/%E6%96%87%E4%BB%B6/IDA9.0/idapro_90_armmac.app.zip)

![image.png](http://type.zimopy.com/usr/uploads/2024/08/2631125371.png)

# 问题一

文章地址：`https://www.52pojie.cn/thread-1953337-1-1.html`

**安装完后会直接出现报错弹窗**

解决办法：

删除`/Applications/IDA Professional 9.0.app/Contents/MacOS/plugins/arm_mac_user64.dylib`这个文件

下载`Patching`多架构支持: 编译为通用架构二进制, 支持intel & arm64. 并根据github上的合并代码整合支持IDA 9.0

[plugins.zip](http://type.zimopy.com/usr/uploads/2024/08/2081613643.zip)

使用：解压到:/Users/用户目录/.idapro/plugins 然后重新打开IDA会自动加载。

# 问题二

现在应该是可以打开软件了，但是如果打开so的话，是打不开的

**解决办法**：

文章地址：`https://bbs.kanxue.com/thread-282835.htm `

## win patch方法

1. 用010 Editor修改ida64.dll，`0x342D8B` 75->74
2. 新建一个`ida.hexlic`，填入如下内容

```json
{"header":{"version":1},"payload":{"name":"test","email":"test","licenses":[{"id":"0C-2238-4E5A-7B","product":"IDA","owner":"0C-2238-4E5A-0A","license_type":"named","seats":1,"add_ons":[{"id":"0C-2238-4E5A-01","code":"HEXX86","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-02","code":"HEXX64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-03","code":"HEXARM","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-04","code":"HEXARM64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-05","code":"HEXMIPS","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-06","code":"HEXMIPS64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-07","code":"HEXPPC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-08","code":"HEXPPC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-09","code":"HEXRV64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-10","code":"HEXARC","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"},{"id":"0C-2238-4E5A-11","code":"HEXARC64","owner":"0C-2238-4E5A-0A","start_date":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}],"features":[],"start_date":"2024-08-08 08:08:08","issued_on":"2024-08-08 08:08:08","end_date":"2034-08-08 08:08:08"}]}}
```

**来源** : [https://x.com/gmhzxy/status/1821962897888780446](https://x.com/gmhzxy/status/1821962897888780446)

## 补充

其他平台的crack脚本，自行尝试

新建一个idaCrack.py内容如下：

将这个文件放到位置`/Applications/IDA Professional 9.0.app/Contents/MacOS/这个文件夹里面`

```python
import json
import hashlib
import os
 
license = {
    "header": {"version": 1},
    "payload": {
        "name": "meow :3",
        "email": "hi@hex-rays.com",
        "licenses": [
            {
                "id": "48-2137-ACAB-99",
                "license_type": "named",
                "product": "IDA",
                "seats": 1,
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",  # This can't be more than 10 years!
                "issued_on": "2024-08-10 00:00:00",
                "owner": "cracked by alula :3",
                "add_ons": [
                    # {
                    #     "id": "48-1337-DEAD-01",
                    #     "code": "HEXX86L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                    # {
                    #     "id": "48-1337-DEAD-02",
                    #     "code": "HEXX64L",
                    #     "owner": "48-0000-0000-00",
                    #     "start_date": "2024-08-10 00:00:00",
                    #     "end_date": "2033-12-31 23:59:59",
                    # },
                ],
                "features": [],
            }
        ],
    },
}
 
 
def add_every_addon(license):
    platforms = [
        "W",  # Windows
        "L",  # Linux
        "M",  # macOS
    ]
    addons = [
        "HEXX86",
        "HEXX64",
        "HEXARM",
        "HEXARM64",
        "HEXMIPS",
        "HEXMIPS64",
        "HEXPPC",
        "HEXPPC64",
        "HEXRV64",
        "HEXARC",
        "HEXARC64",
        # Probably cloud?
        # "HEXCX86",
        # "HEXCX64",
        # "HEXCARM",
        # "HEXCARM64",
        # "HEXCMIPS",
        # "HEXCMIPS64",
        # "HEXCPPC",
        # "HEXCPPC64",
        # "HEXCRV",
        # "HEXCRV64",
        # "HEXCARC",
        # "HEXCARC64",
    ]
 
    i = 0
    for addon in addons:
        i += 1
        license["payload"]["licenses"][0]["add_ons"].append(
            {
                "id": f"48-1337-DEAD-{i:02}",
                "code": addon,
                "owner": license["payload"]["licenses"][0]["id"],
                "start_date": "2024-08-10 00:00:00",
                "end_date": "2033-12-31 23:59:59",
            }
        )
    # for addon in addons:
    #     for platform in platforms:
    #         i += 1
    #         license["payload"]["licenses"][0]["add_ons"].append(
    #             {
    #                 "id": f"48-1337-DEAD-{i:02}",
    #                 "code": addon + platform,
    #                 "owner": license["payload"]["licenses"][0]["id"],
    #                 "start_date": "2024-08-10 00:00:00",
    #                 "end_date": "2033-12-31 23:59:59",
    #             }
    #         )
 
 
add_every_addon(license)
 
 
def json_stringify_alphabetical(obj):
    return json.dumps(obj, sort_keys=True, separators=(",", ":"))
 
 
def buf_to_bigint(buf):
    return int.from_bytes(buf, byteorder="little")
 
 
def bigint_to_buf(i):
    return i.to_bytes((i.bit_length() + 7) // 8, byteorder="little")
 
 
# Yup, you only have to patch 5c -> cb in libida64.so
pub_modulus_hexrays = buf_to_bigint(
    bytes.fromhex(
        "edfd425cf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)
pub_modulus_patched = buf_to_bigint(
    bytes.fromhex(
        "edfd42cbf978546e8911225884436c57140525650bcf6ebfe80edbc5fb1de68f4c66c29cb22eb668788afcb0abbb718044584b810f8970cddf227385f75d5dddd91d4f18937a08aa83b28c49d12dc92e7505bb38809e91bd0fbd2f2e6ab1d2e33c0c55d5bddd478ee8bf845fcef3c82b9d2929ecb71f4d1b3db96e3a8e7aaf93"
    )
)
 
private_key = buf_to_bigint(
    bytes.fromhex(
        "77c86abbb7f3bb134436797b68ff47beb1a5457816608dbfb72641814dd464dd640d711d5732d3017a1c4e63d835822f00a4eab619a2c4791cf33f9f57f9c2ae4d9eed9981e79ac9b8f8a411f68f25b9f0c05d04d11e22a3a0d8d4672b56a61f1532282ff4e4e74759e832b70e98b9d102d07e9fb9ba8d15810b144970029874"
    )
)
 
 
def decrypt(message):
    decrypted = pow(buf_to_bigint(message), exponent, pub_modulus_patched)
    decrypted = bigint_to_buf(decrypted)
    return decrypted[::-1]
 
 
def encrypt(message):
    encrypted = pow(buf_to_bigint(message[::-1]), private_key, pub_modulus_patched)
    encrypted = bigint_to_buf(encrypted)
    return encrypted
 
 
exponent = 0x13
 
 
def sign_hexlic(payload: dict) -> str:
    data = {"payload": payload}
    data_str = json_stringify_alphabetical(data)
 
    buffer = bytearray(128)
    # first 33 bytes are random
    for i in range(33):
        buffer[i] = 0x42
 
    # compute sha256 of the data
    sha256 = hashlib.sha256()
    sha256.update(data_str.encode())
    digest = sha256.digest()
 
    # copy the sha256 digest to the buffer
    for i in range(32):
        buffer[33 + i] = digest[i]
 
    # encrypt the buffer
    encrypted = encrypt(buffer)
 
    return encrypted.hex().upper()
 
 
def generate_patched_dll(filename):
    if not os.path.exists(filename):
        print(f"Didn't find {filename}, skipping patch generation")
        return
 
    with open(filename, "rb") as f:
        data = f.read()
 
        if data.find(bytes.fromhex("EDFD42CBF978")) != -1:
            print(f"{filename} looks to be already patched :)")
            return
   
        if data.find(bytes.fromhex("EDFD425CF978")) == -1:
            print(f"{filename} doesn't contain the original modulus.")
            return
 
        data = data.replace(
            bytes.fromhex("EDFD425CF978"), bytes.fromhex("EDFD42CBF978")
        )
 
        patched_filename = f"{filename}.patched"
        with open(patched_filename, "wb") as f:
            f.write(data)
 
        print(f"Generated modulus patch to {patched_filename}! To apply the patch, replace the original file with the patched file")
 
 
# message = bytes.fromhex(license["signature"])
# print(decrypt(message).hex())
# print(encrypt(decrypt(message)).hex())
 
license["signature"] = sign_hexlic(license["payload"])
 
serialized = json_stringify_alphabetical(license)
 
# write to ida.hexlic
filename = "ida.hexlic"
 
with open(filename, "w") as f:
    f.write(serialized)
 
print(f"Saved new license to {filename}!")
 
generate_patched_dll("ida.dll")
generate_patched_dll("ida64.dll")
generate_patched_dll("libida.so")
generate_patched_dll("libida64.so")
generate_patched_dll("libida.dylib")
generate_patched_dll("libida64.dylib")
```

运行完后，提示什么路径不存在不管他，并且同级目录会出现两个文件`libida64.dylib.patched`和`libida.dylib.patched`

将原来同级目录里面的`libida64.dylib`和`libida.dylib`这两个文件删了也可以加后缀.bak备份

然后把`libida64.dylib.patched`和`libida.dylib.patched`的`.patched`的后缀删除

并在terminal执行

```sh
sudo codesign -fs - "libida64.dylib"
sudo codesign -fs - "libida.dylib"
```

现在应该就可以正常打开`.so文件了`

最后修改：2024 年 08 月 12 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱

地址

huoyu1
真的很需要
欣
很牛逼|´・ω・)ノ
hhh
真棒
Hongjia
https://blog.dingtone.me/zh/rec...
Hongjia
https://5sim.net/zh使用该网站可以最低1 卢布充值

ida9.0来袭mac,linux,window

huoyu • 2024 年 08 月 12 日

下载地址：`https://out5.hex-rays.com/beta90_6ba923/`

我使用的是左边的版本

体验环境：mac M1

访问不了的话可以在这儿下载[链接](http://file.zimopy.com/d/%E5%85%AC%E5%BC%80%E6%95%B0%E6%8D%AE/%E6%96%87%E4%BB%B6/IDA9.0/idapro_90_armmac.app.zip)

![image.png](http://type.zimopy.com/usr/uploads/2024/08/2631125371.png)

# 问题一

文章地址：`https://www.52pojie.cn/thread-1953337-1-1.html`

**安装完后会直接出现报错弹窗**

解决办法：

删除`/Applications/IDA Professional 9.0.app/Contents/MacOS/plugins/arm_mac_user64.dylib`这个文件

下载`Patching`多架构支持: 编译为通用架构二进制, 支持intel & arm64. 并根据github上的合并代码整合支持IDA 9.0

[plugins.zip](http://type.zimopy.com/usr/uploads/2024/08/2081613643.zip)

使用：解压到:/Users/用户目录/.idapro/plugins 然后重新打开IDA会自动加载。

# 问题二

现在应该是可以打开软件了，但是如果打开so的话，是打不开的

**解决办法**：

文章地址：`https://bbs.kanxue.com/thread-282835.htm `

## win patch方法

1. 用010 Editor修改ida64.dll，`0x342D8B` 75->74
2. 新建一个`ida.hexlic`，填入如下内容

**来源** : [https://x.com/gmhzxy/status/1821962897888780446](https://x.com/gmhzxy/status/1821962897888780446)

## 补充

其他平台的crack脚本，自行尝试

新建一个idaCrack.py内容如下：

将这个文件放到位置`/Applications/IDA Professional 9.0.app/Contents/MacOS/这个文件夹里面`

运行完后，提示什么路径不存在不管他，并且同级目录会出现两个文件`libida64.dylib.patched`和`libida.dylib.patched`

将原来同级目录里面的`libida64.dylib`和`libida.dylib`这两个文件删了也可以加后缀.bak备份

然后把`libida64.dylib.patched`和`libida.dylib.patched`的`.patched`的后缀删除

并在terminal执行

```sh
sudo codesign -fs - "libida64.dylib"
sudo codesign -fs - "libida.dylib"
```

现在应该就可以正常打开`.so文件了`

ida9.0来袭mac,linux,window

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

速注册OpenAi（ChatGPT），国内也可以

Frida 代码自动补全

ubuntu 实现内网穿透

最新Fiddler Web Debugger v5.0 20202.18177中文版

windows一键启动雷电模拟器的frida-server

2 0 2 3 年 ,抖音与快手, 意图进程.

Selenium

4.pandas数据查询

python AES 加密解密

ubuntu 22.04配置官方apt源

ida9.0来袭mac,linux,window

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

ida9.0来袭mac,linux,window

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款