Datarescue IDA pirated .idb database

[bedrock]

is there some news on 5.3 (or 5.4) there seems to be a bit more talk recently, but i have seen no news yet?

--
bedrock

[redbull]

This doesn't remove the water mark but you have patched the routine which warns that a bad file has been loaded. (Correct me if I am wrong).

So you can use any pirated IDA, change the signature and still be able to use the databases? (even though the MD5 does not match ?) or does this patch the checksum checking on the IDB only ?

[arlequim]

Quote:

Originally Posted by redbull

This doesn't remove the water mark but you have patched the routine which warns that a bad file has been loaded. (Correct me if I am wrong).

So you can use any pirated IDA, change the signature and still be able to use the databases? (even though the MD5 does not match ?) or does this patch the checksum checking on the IDB only ?

Hello
i have only patched the check about "database corrupt" and "pirated copy" (you right)

Quote:

So you can use any pirated IDA, change the signature...

To be honest i dont know, i have only loaded the conficker database. That means you should to try other databases and if you encounter some prob i will try to analyze the MD5 check procedure.

[ZeNiX]

It would be more clear and helpful if somebody can show up and give us more information about the water mark.

Then, we can try to fake or erase the water mark.

I wonder if some one has a tool to show the water mark.
It would be a great help, though.

[arlequim]

Quote:

Originally Posted by zenix

It would be more clear and helpful if somebody can show up and give us more information about the water mark.

Then, we can try to fake or erase the water mark.

I wonder if some one has a tool to show the water mark.
It would be a great help, though.

Exactly, you right: i'm not great user of IDA so i need more infos about "water mark". Then i can go on, but let me know how many times you need to load .idb files??? Most of times i open .exe or .dll files.

[Darren]

Well if someone was able to get 2 copies of a product same version / same build and do a comparison, it might shed some light, hehe but I think its hard enough to get ahold of 1 copy of this product, never mind about 2 copies

Darren

[Git]

Depends on if you shut down your machine at night, but I have IDB files I have opened hundreds of times. I doubt I have any that have not been opened at least 20 times. Exe's and Dll's get opened only once, thereafter you are working on the IDB file.

Git

[Pyrae]

Quote:

Originally Posted by Jupiter

quick patch:

ida.wll
Offset | Old | New
000F05F9: D0 D1

ida64.wll
Offset | Old | New
0010DF31: CC CD

Elegant one, Jupiter.
Here's an additional 'assignment' (if ne1 is insterested in this little game ):
How many bits do u need to patch w/o touching any code and/or how many other possibilities of 1-bit code patches do u have in order to achieve the same goal?


Have fun,
Pyrae