IDA Pro 7.3 + F5 Lowest Price

我已经升级了最新版本的IDA 7.3 + F5,Named License,需要的可以加Q群:伍268壹1八75。只有win版。
install

I have updated the newest version IDA Pro 7.3 + Hex Rays Decompilers (Exclude PPC), it’s much cheaper than official’s price. It can be upgraded every year. If you need, please contact me via E-mail: qsj49@protonmail.com.

过期时间都打码?万一明天过期,后天出7。3呢

2 Likes

I can see where this is going

真是我们这些菜鸟的福利啊

Where to get it? thanks

It’s a BuyTogether offer that is only available to Chinese it seems

Although, I’m 100% sure some dumbass will leak this out again so I’d stay aside and enjoy a new level of shitshow if I were you

是不是翻译成 Groupon 装逼点

严格意义上来说Groupon指的是团购,与合购并不是一个意思。 afaik英文里并没有类似合购的词所以我自己现编了一个

严谨,团购是 100 人买 100 个,给与批量购买的优惠;
合买是 100 人买 1 个,平分标准价。

IDA Pro 7.3出来了。

在哪里下载,大佬

梦里

中午下载了:rofl:

7.2可以攻克了,只需要10分钟,哪个大神写个脚本运行10分钟,安装密码就出来了,附上链接:htt去掉我ps://devco.re/blog/2019/06/21/operation-crack-hacking-去掉我IDA-Pro-installer-PRNG-from-an-unusual-way-en/?tdsourcetag=s_pcqq_aiomsg

可以使用吗

I noticed Perl 5.20.0’s PRNG implementation can’t be used to find seeds for the other leaked passwords (e.g. ZFdLqEM2QMVe) or to bruteforce IDA 7.0-7.2 setup passwords. I assume different algorithms/charsets/etc. were used for these?

7.0 and the other non-working passwords are using the pre-5.20 logic. I’ve sifted through the perl code reimplemented it in rust:

use libc::{rand, srand};

#[inline]
fn perl_srand(seed: u32) {
unsafe { srand(seed) }
}

#[inline]
fn perl_rand(max: u32) -> usize {
(f64::from(unsafe { rand() } & 0x7FFF) / ((1u64 << 15) as f64) * f64::from(max)) as usize
}

No luck with 7.2 though.

All in all a nice educational challenge, learned a lot!

EDIT: Oh yeah, the 7.2 installer uses the unicode variant of Inno Setup, so I’ve tried encoding the password as UTF16 as well, without any success though.

Yeah, it looks like Perl (or their usual Perl generator code) wasn’t used to generate IDA 7.2 passwords (tried Perl pre-5.20 on Windows/Linux and Perl 5.20). The disclosure timeline in the article implies it may still be vulnerable to a similar attack, though.

EDIT: Something makes me think 7.2 isn’t vulnerable (and the disclosure timeline is inaccurate) ¯_(ツ)_/¯

ugghhh, same here :frowning: i got 7.0 to work, but couldn’t get 7.2, even though i looked over my c++ utf16 brute forcer many times

i think you need to omit the first rand.
this article doesn’t mention this.

The strange thing is that it seems that innosetup is using rc4 to hash the password.

看到了 求代码翻译。

hxxps://twitter.com/gf_256/status/1142882889027264512?s=09