nevinhappy 不上链接，切丁丁！！！

nevinhappy 不上链接，切丁丁！！！

powerriver 链接在https://bbs.kanxue.com/thread-277984.htm

Kenny0521大佬在原帖做了说明和道歉.

correy https://www.52pojie.cn/thread-1861590-1-1.html 百度网盘，只有几十KB的网速。 http://bbs.wuyou.net/forum.php?mod=v ...

breaklink 只有x86和x86_64的decompiler，想要arm64的

USER            Nanjing Huadun Power Information Security Evaluation Co, Ltd
EMAIL           yanfeng-chen@sac-china.com

HEXRAYS_LICENSE 8.1
 
USER            Nanjing Huadun Power Information Security Evaluation Co, Ltd
EMAIL           yanfeng-chen@sac-china.com
ISSUED_ON       2022-11-09 13:50:18
 
  LICENSE_ID    PRODUCT     #  SUPPORT    EXPIRES        DESCRIPTION
--------------- ---------- -- ---------- ---------  -----------------------------
48-B675-7D64-33 IDAPROCW    1 2023-10-19 Never      IDA Professional Computer License (Windows)
54-34C3-82E4-D6 HEXARM64W   1 2023-10-19 Never      ARM64 Decompiler (Windows)
56-B955-5394-C9 HEXARMW     1 2023-10-19 Never      ARM Decompiler (Windows)
55-3CCF-8924-E6 HEXX64W     1 2023-10-19 Never      x64 Decompiler (Windows)
57-3D51-7AA4-CC HEXX86W     1 2023-10-19 Never      x86 Decompiler (Windows)
 
R:i6e8MWhSv8X7ZLkVLEaYUMZBqqrX872DmPFmymDKzLrspSFHArtGyDrYhTTRrzR4MZgcCJ9YyRgB
 
S:94E8YkSW4RuOfQcJTGVpup4YpksI+Ak6mNk/im9myLGIiBRIyC5Wo0Am5ed20SWntcBXqF07mfPI
S:TcaH4Co9nK5dobhY+kmKw8Fpv9d6xpVWBuce6yRzIGM4CyGhf8uD8Rt5uFzJmMm/r4a75FKVBX8y
S:e87bz34hDW9Wyo+EMmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

这些文件不在存档中

54-34C3-82E4-D6 HEXARM64W   1 2023-10-19 Never      ARM64 Decompiler (Windows)
56-B955-5394-C9 HEXARMW     1 2023-10-19 Never      ARM Decompiler (Windows)

Bayerischen 感谢原始分享者 BGSPA @bang1338，应该让人们知道这个id，本来人家准备2024.01.01再发布的

值得怀疑 这大佬在哪个网站发的贴的？

Original release source - Unis (UniSoft) - https://forum.ru-board.com/topic.cgi?forum=35&topic=29994&start=4380#6

"So I look, read various forums, and, to put it bluntly, I’m freaked out by what’s going on...

It's really some kind of circus!

There is some kind of crack group, they call themselves BGSPA, they wanted to leak the subject on January 1st,

but then another person calling himself DrFarFar did it a little earlier...

But the funny thing is that neither BGSPA nor DrFarFar have anything to do with the release, literally at all!

And BGSPA accused DrFarFar like _andon did something wrong.

What's the point of putting your name in something you have nothing to do with? Well, I don’t understand this!

I don’t particularly relate to the release, I just patched it,

Almost any of us could do this (there are quite a few experienced people here).

The real story behind this release is this:

There is one large forum (it is often mentioned on this forum),

So, although it is for everyone, there is still a closed section only for developers.

So back in September, one user posted that he had ida 8.3 with a password,

and that it needs to be broken, anonymized and watermarks removed,

in this post the appeal was to me (and below several other users also recommended me,

I don’t know what I became famous for in this area).

I don’t like to be disingenuous and immediately warned that getting rid of watermarks is not possible without a second copy (and perhaps even with it),

There shouldn't be any problems with everything else.

After I agreed to look, the person wrote in a nutshell how exactly the installer was received,

and also conditions were set: “like, blood from the nose, but not to allow leakage,”

to which I agreed and actually received the subject.

Now, in a nutshell, the installer is, roughly speaking, stolen (because watermarks are not scary,

because if the developers slam the license, they will only harm the legal user),

but who exactly has the steal! So this is a pretty serious company, and it became clear why it was necessary to anonymize.

First of all, I tried to determine whether it was an original installer (after all, there is no signature on them, well, I personally have never seen one).

Without hesitation, I tried to merge the installer from the hex-rays website, and knowing the name of the exe file, this is not difficult to do,

although there are limitations, firstly, the file is not stored there for very long, and secondly, it now also asks for a password from the installer).

Fortunately, the installer was fresh and the password was known, so I downloaded it directly from hex-rays without any problems,

and it exactly matched what I received earlier.

Next is the installation and breaking process.

Naturally, after installation the subject does not work; it needs a Floating license (FlexNet).

A little reverse, and a patch for the result of the checkout function, and now everything starts, just in case there is a patch for the function of obtaining a license.

Next we needed to replace the key file.

Fortunately, I remembered that there is a key file from the leaked (without password) version 8.1.

we copy it instead of the original, then we need to modify it (after all, we have Floating, but there is no one there).

We change the version, USER, EMAIL, ISSUED_ON, PRODUCT (IDAPROCW -> IDAPROFW, HEXX86W -> HEXX86FW, etc.).

That's it, the key has a correctly decipherable signature, all that remains is to patch ida.dll/ida64.dll, patching the comparison of the x3 sums (calculated and from the signature), as well as the comparison of the version. In one patch and check on the Pirated Database.

It was possible, of course, to add copying the username from USER to the decrypted signature (as I did once in the plugin), in the key file parsing functions, so that the About window would display the name from USER and not from the signature, but I was too lazy.

That's all

All that remains is to patch the decompiler plugins (insert LICENSE_ID from the fake key file, erase the name, replace the dates).

And finally, we patch ida.cfg: change STORE_USER_INFO to NO (you should not insert the key from 8.1 into the database from 8.3).

By the way, I also tried to attach missing plugins from previous versions, but to no avail, they are not from floating.

In the Floating version, ida.dll\ida64.dll lacks some functions (this, of course, can be corrected by lowering the version, but it still crashes, I gave up this idea).

Although personally I need HEXARM more (it’s a pity that it doesn’t exist).

The result was transferred to the source for testing and a few days later he posted a release for the entire group.

It turns out that someone from the group passed the release on to someone else (apparently that same elusive Doe),

This someone, for some reason, deleted the fake key and patched ida.dll/ida64.dll, patching the public key (this is only necessary for KG).

this is not my method (the same key is also used to decrypt the signature from the database, and that is why you see at the beginning of the listing who created the database). By changing the public key, ida will not be able to correctly decrypt the signature).

But yes, you can generate your own fake key, but why?

for the sake of a custom name in the About window? (this can be done in another way).

This is the real story behind this release!

Comparing the files from this release with the one I have,

I can guarantee that all files are original, except for ida.dll/ida64.dll/hexrays.dll/hexx64.dll/ida.cfg (they are slightly patched by me)

the only difference here is that PubKey has been patched and the fake key file has been removed (who the hell knows why)."

两天没来，既然看到了惊喜，提前过年了，感谢