# Forum > World of Warcraft > World of Warcraft Bots and Programs > WoW Memory Editing >  IDA 6.6 is finally out

## Torpedoes

Just a heads up to my fellow reversers, IDA 6.6 has finally been released along with the long awaited x64 Decompiler. You can read all about it HERE. Now if only I could trick somebody into buying this for me, I would be so happy  :Stick Out Tongue:

----------


## TOM_RUS

Now we only need a full version leak :P

----------


## Torpedoes

And here is the theme song :-D

----------


## Natrist

If anyone here can be 100% sure they can reverse it, I have a friend working for an anti-virus company and gets all IDA and Hex-Rays releases.
He won't share it if it gets redistributed to the whole world with his name/ID on it though, because he would get fired.

----------


## Jadd

> If anyone here can be 100% sure they can reverse it, I have a friend working for an anti-virus company and gets all IDA and Hex-Rays releases.
> He won't share it if it gets redistributed to the whole world with his name/ID on it though, because he would get fired.


The problem isn't cracking it. The problem is the watermarking. I'm almost positive any leaked files would contain something that is traceable back to the user/company that owns the license.

----------


## Natrist

It's interesting this guy mentions the IDA ******s not selling to the general public because I read an article months ago that said something similar, coming from the U.S.

----------


## Valediction

> It's interesting this guy mentions the IDA ******s not selling to the general public because I read an article months ago that said something similar, coming from the U.S.


I think they try to screen their buyers for potential leakers.

----------


## xalcon

Dear Santa  :Big Grin:  [...]


looks like I need to put some money aside. Does anyone know the difference between all those licenses? I'm really confused.. do I need IDA Pro license or is it bundled with hexrays? Tbh, I don't really need hexrays that much, but it can be really convenient sometimes. I'd like to see a feature comparison chart :<

----------


## Natrist

Meh, you're better off with other tools. The guy behind IDA is a scammer. You pay 10K for a piece of software that you don't get full control of and they charge you $30 for the shipping. That's also not to mention they ask for credit card information via e-mail.

----------


## akspa420

> Meh, you're better off with other tools. The guy behind IDA is a scammer. You pay 10K for a piece of software that you don't get full control of and they charge you $30 for the shipping. That's also not to mention they ask for credit card information via e-mail.


Proof? And what other tools would you recommend? - Aside from the obvious ones like ollydbg or for whatever it's worth, your local system/kernel debugger?

----------


## Ferroks

*akspa420* use public-release IDA 6.1 and HexRays 1.5)

----------


## xalcon

well, it looks like Hexrays is just a plugin and in fact you need a ida starter/pro license to use it. I think I'll just go with IDA Pro.. but 1000€ is quite heavy (german reseller) but at least I can pay with paypal :x

----------


## Ferroks

HEXX64W or HEXX86W 1800EUR

----------


## akspa420

> *akspa420* use public-release IDA 6.1 and HexRays 1.5)


not quite public release as much as it is pirated from ESET... Yes, I've used that version, but it's not ideal for people that want a legit, up-to-date copy :P

----------


## Nesox



----------


## swooshy

......................................

----------


## Nonowmana

> The problem isn't cracking it. The problem is the watermarking. I'm almost positive any leaked files would contain something that is traceable back to the user/company that owns the license.


Yes, all copy sent to customer are watermarked with the Customer Id, mame and such.

----------


## Torpedoes

> 


Oh man, I would give my left testicle for a copy of that. Thanks for making me jealous :-P

----------


## homer91

https://www.hex-rays.com/products/ida/order.shtml

----------


## Kanyle

IDA is waaay too pricey, they should make it more "accessible". Seriously, if it was in the price range of, say, Windows, I MIGHT consider buying it.

----------


## Nonowmana

> IDA is waaay too pricey, they should make it more "accessible". Seriously, if it was in the price range of, say, Windows, I MIGHT consider buying it.


You are right but IDA is not cheap, for a reason, look at all the work behind this, this is a full feature Kernel Debugger, disassembler, with HexRay ASM to C++, and more. This is really a nice piece of software, that needed so much time to develop. All very specialized piece of software are expensive, and the reason is that there is not much clients to use it, and they make it a living, so price are high.

The effort that need to be make is to make the purchase process easier, I mean, WTF, not really user friendly (and pricey), and updates should be cheaper than the actual software.

----------


## berryman13

> You are right but IDA is not cheap, for a reason, look at all the work behind this, this is a full feature Kernel Debugger, disassembler, with HexRay ASM to C++, and more. This is really a nice piece of software, that needed so much time to develop. All very specialized piece of software are expensive, and the reason is that there is not much clients to use it, and they make it a living, so price are high.
> 
> The effort that need to be make is to make the purchase process easier, I mean, WTF, not really user friendly (and pricey), and updates should be cheaper than the actual software.


That reason is corporate greed my friend and NOTHING else. Sure, there is tons of work beyond it. So much so, that it's really hard to argue against but I feel like I have to. The price is as high as it is because it has a complete monopoly on the specific field, nothing else does what it does as well as it does with as large of a supportive userbase, etc etc. There would be MANY more clients using it if the price was lower - your logic that there are few clients and thus the price has to be high is flawed; they have less users than they would because the price is TOO DAMN EXPENSIVE.

I made a list of industry standard 3D VFX/CG software pricing. I'm a moderator on another forum devoted to the....reverse engineering of said products for educational purposes only, of course.
*These are the prices reflecting only the standalone, commercial versions of the software. No student pricing involved, and they are generally single-station (one computer) or time-limited unless otherwise noted.*


*Autodesk 3ds Max* - _$3,675 USD_ (Entertainment Creation Suite = _$5,775 USD_)
*SideFX Houdini* - _$8,995 USD_ *used to be ~20k USD*
*Autodesk Maya* - _$3,675_ USD (Entertainment Creation Suite = _$5,775 USD_)
*Autodesk Infrastructure Design Suite Ultimate* - _$12,075 USD_
*Next Limit Realflow* -_ $3,395 USD_ 1st year, _$2,500_ per upgrades, support included, then _$1,000_ a year after the first.
*Cinema 4D Studio* -_ $3,695 USD

_The forum which I moderate would NOT exist if these companies did not as for exorbitant prices for EVERY piece of industry standard software. How are you expected to get into the industry without prior knowledge of the program, what if you can't afford an education?

IDA is *no more* specialized. My feeling is that it's as expensive as it is because they don't want any old cracker to be able to get it. The installers are definitely watermarked, much like v-ray, a rendering plugin for autodesk products + C4D, which costs $1,050 USD per workstation. It's watermarked and thus very hard for reversers to even get their hands on because it's not something that can be public...

----------


## namreeb

The solution is simple! Merely purchase several licenses under several names and do some binary comparisons. I am standing by for whomsoever has a strong feeling to supply me with several copies.

----------


## TOM_RUS

> The solution is simple! Merely purchase several licenses under several names and do some binary comparisons. I am standing by for whomsoever has a strong feeling to supply me with several copies.


The only problem is that every copy of IDA is completely different (main executables have functions reordered etc). ppl already done such comparisons and there's no simple way to get around this.

----------


## berryman13

> The only problem is that every copy of IDA is completely different (main executables have functions reordered etc). ppl already done such comparisons and there's no simple way to get around this.


Well, the real question is how far will the publisher pursue anybody who is to purchase a license and then release the program? My guess, if they are international, not very far and they're SoL :P

----------


## MaiN

> Meh, you're better off with other tools. The guy behind IDA is a scammer. You pay 10K for a piece of software that you don't get full control of and they charge you $30 for the shipping. That's also not to mention they ask for credit card information via e-mail.


What..? I don't think we have had any problems even close to resembling what you're saying. Also IDA has the best and fastest support I have ever seen. I regularly get responses within 10-15 minutes of sending emails.

IDA is pretty awesome. If you want IDA just get employed by someone who buys it for you, like Nesox and I. :-P

----------


## Torpedoes

> Well, the real question is how far will the publisher pursue anybody who is to purchase a license and then release the program? My guess, if they are international, not very far and they're SoL :P


Yeah, somehow I doubt they would sell to any old Chinese hacker.

----------


## Natrist

> What..? I don't think we have had any problems even close to resembling what you're saying. Also IDA has the best and fastest support I have ever seen. I regularly get responses within 10-15 minutes of sending emails.
> 
> IDA is pretty awesome. If you want IDA just get employed by someone who buys it for you, like Nesox and I. :-P


placeholder

----------


## run32.dll

*atm running 3 Instances of IDA 6.1 to mine data from 'Diablo III.exe', 'battle.net.dll' and a WardenModule-Dump*
*search ownedcore for some wardenstuff*
*read news about IDA6.6*

*boner*

----------


## Ferroks

on the Internet appeared Public release Hex-Rays.IDA.Pro.v6.5

----------


## namreeb

Yes but it does not include Hex-Rays  :Frown:

----------


## TOM_RUS

IDA 6.2 with Hex-Rays 1.6 ARM and IDA 6.3 with Hex-Rays 1.7 ARM leaked as well.
Old Hex-Rays 1.5 x86 works with both new IDA's after patching license id.

----------


## Kanyle

IDA 6.5 is out, but doesn't come Hex-Rays

@TOM_RUS: Will try patching the license.

Edit: Doesn't work here, I get the following error after patching the old Hex-Rays 1.5 license:




> IDA has encountered a problem.
> It is recommended to save your work and restart IDA.
> A mini dump file has been created in 'C:\Program Files (x86)\Diablo III\ida-20140821-231741-6408.dmp'
> Please send it to <[email protected]>

----------


## jjaa

> IDA 6.5 is out, but doesn't come Hex-Rays
> 
> @TOM_RUS: Will try patching the license.
> 
> Edit: Doesn't work here, I get the following error after patching the old Hex-Rays 1.5 license:


You also need to patch resolve_typedef2. It was deprecated in 6.5 and so the implementation changed in a way that crashes 1.5.

----------


## TOM_RUS

Using Hex-Rays 1.5 with IDA 6.5 is really bad idea. It simply not compatible. Even if you patch crashes, there's other issues like random freezes etc. Just use IDA 6.3 until newer Hex-Rays (1.9+) is leaked.

----------


## Kanyle

> Using Hex-Rays 1.5 with IDA 6.5 is really bad idea. It simply not compatible. Even if you patch crashes, there's other issues like random freezes etc. Just use IDA 6.3 until newer Hex-Rays (1.9+) is leaked.


Yep, after trying to decompile various functions I finally got an internal error. It seems to be working fine with IDA 6.3 on that same function that caused the error, so I will be using that until we see a new leak.

Edit: Even 6.3 gets an "internal error" on some complex functions using 1.5 Hex-Rays  :Frown:

----------


## pkedpker

IDA 6.6 and Hex Rays 2.0 (x86 decompiler) has been leaked on chinese forum
soke163.com/thread-79367-1-1.html
Costs 300 gold which is about 5 USD to get download link.

----------


## Jaerin

> IDA 6.6 and Hex Rays 2.0 (x86 decompiler) has been leaked on chinese forum
> soke163.com/thread-79367-1-1.html
> Costs 300 gold which is about 5 USD to get download link.


And you didn't buy it and share it with all of us? Awww

----------


## Torpedoes

> IDA 6.6 and Hex Rays 2.0 (x86 decompiler) has been leaked on chinese forum.


So how long before the leak gets leaked  :Stick Out Tongue: 

Also just x86 or x64 decompiler as well?

----------


## pkedpker

yes it has x86 and x64 hex-rays 2.0 I can't buy it i'm too poor haha.
But yeah I really need it that's why I posted maybe someone is willing to do it..
I'll probably find a new dupe in my game if I had the x64 decompiler hehe.

P.S.> if a member of the forum invites you.. you get 200 gold free!! so you only need to buy 100 gold which is less then a dollar!\

----------


## Master674

> yes it has x86 and x64 hex-rays 2.0 I can't buy it i'm too poor haha.
> But yeah I really need it that's why I posted maybe someone is willing to do it..
> I'll probably find a new dupe in my game if I had the x64 decompiler hehe.
> 
> P.S.> if a member of the forum invites you.. you get 200 gold free!! so you only need to buy 100 gold which is less then a dollar!\


Okay get an invite then and share it with us

----------


## Miksu

You need invitation code to register to the site, otherwise you need to pay... Theres only 1 payment method and it's some chinese shit =(

EDIT: Payment method is Alipay

----------


## Natrist

If anyone can get this and share it with the community I will pay for it.

Edit: The gold price is now set at 4000 units.

----------


## pkedpker

Hello pkedpker here leaking IDA 6.6 + Hex Rays 2.0 + Arm 2.0 + SDK 6.6 (x86 and x64 decompiler, this isn't a dream  :Big Grin:  woohoo!!)
I leaked it to prevent the Chinese from reselling it for 50 USD as they started doing it already with great success -_-

IDA PRO v6.6 + (ARM, x64, x86) Hex-Rays Decompiler (Official Installer from IDA Company) Download Link: 
https://mega.co.nz/#!xwB0iTwK!IXIpwO...3GPz4M0E_utnYc

Password in Installer: itJpyHidszaR

IDA 6.6 SDK Download Link: 
https://mega.co.nz/#!w0ATFbqL!DQrOFZ...KCi-576cfdJ6BE

feel free to donate bitcoin address: 1Abcax1m4hzUCK2pQPjqxkCTKc64n77Z6b


Enjoy fellas~~~
Greetz evilimprint hi!

P.S.> if anyone wants to help me I need someone to run a 0-day or something like that for me I need to get into 1 Windows 2008 R2 server it has some nice files on it which I need ^^ contact me if you can do this, I will be very grateful!

----------


## Midi12

> Hello I already bought it and here i am leaking it.. I will post link here soon


Any ETA for "soon tm" ?  :Smile:

----------


## fvicaria

Get it for me and I will reimburse you the $5 plus another $5.
I am putting my Ownedcore reputation on the line here for you. 
Prove you are not a scammer.

----------


## homer91

*dead link*

----------


## fvicaria

> I believe this is it : https://forum.reverse4you.org/showthread.php?t=1931
> 
> Did not test it.


I will test it right now.

----------


## azgul

Popped up on a torrent site of mine today too: Hex-Rays.IDA.Pro.v6.6.Incl.Hex-Rays.Decompiler-iND

https://mega.co.nz/#!YcRiQIzK!J6YsJR...y3Y9kjvCL9ETAM

enjoy

----------


## fvicaria

> I believe this is it : https://forum.reverse4you.org/showthread.php?t=1931
> 
> Did not test it.


Link is good and file safe as far as I can see.
+rep for you sir.

----------


## Ferroks

https://www.fshare.vn/file/WCMVBLTZ8XOD

IDA 6.6 SDK.7z 
Zippyshare.com

IDA Pro 6.6.140604 + Hex Rays 2.0 (x86, x64, arm).7z
Zippyshare.com

IDA Pro 6.6 + Hex Rays 2.0 (x86/x64/arm)
Versiunea v6.6.140604:
https://mega.co.nz/#!VEoHBJZb!h3C8-D...spDs_L8i5vlPs4

IDA 6.6. SDK
https://mega.co.nz/#!UdpnzbrK!IKZZUa...XW5Mz7sJ_4Tf-c

----------


## homer91

> https://www.fshare.vn/file/WCMVBLTZ8XOD
> 
> IDA 6.6 SDK.7z 
> Zippyshare.com
> 
> IDA Pro 6.6.140604 + Hex Rays 2.0 (x86, x64, arm).7z
> Zippyshare.com
> 
> IDA Pro 6.6 + Hex Rays 2.0 (x86/x64/arm)
> ...


Oh god, worst day ever for the folks at HexRays.

----------


## pkedpker

btw guys the password to the installer is itJpyHidszaR

I believe this leak origin was that chinese site I posted :P

In 4 months you guys will have annoying pop-out that it expired
You could change your computer clock to avoid that.
Here is another way

Open Cheat engine
Search 4 Byte Scan:
Value: 1431493200
Replace all values with
1577877929

----------


## homer91

Good find pkedpker, this might also work.

----------


## pkedpker

@homer91 that's a handy tool to have thanks

----------


## Torpedoes

Wow guys, just wow. Christmas has come once more.

----------


## Jaerin

Link is down. Anyone have it on a mirror?

----------


## aeo

IDA 6.6 + Zynamics 4.1
https://mega.co.nz/#!eRtWRLzA!23ZVjF5XB_B0YkHDmy2EU62qqiPI1IDiGLtbgJG7AwE

----------


## Natrist

Christmas you say? This is the ****ing comeback of Christ!! I thank the gods for this heavenly share and +rep to every single soul posting links and mirrors.
Alleluia!!

----------


## namreeb

Do any of you know of a patch for this leak allowing the loading of IDB files from previously cracked versions of IDA?

----------


## homer91

> Yeah, somehow I doubt they would sell to any old Chinese hacker.


Zhou Tao, Jiangsu Australia Sinuo Network Technology Co., Ltd.

Hahaha, looks like they did  :Big Grin:

----------


## namreeb

> Zhou Tao, Jiangsu Australia Sinuo Network Technology Co., Ltd.
> 
> Hahaha, looks like they did


Which is "Acme Chinese Pirate" when translated into Chinese and back into English.

----------


## aeo

> Do any of you know of a patch for this leak allowing the loading of IDB files from previously cracked versions of IDA?


I didnt have this issue with the version I posted above. I was able to open and upgrade my cracked 6.1 dbs.

----------


## TOM_RUS

> Do any of you know of a patch for this leak allowing the loading of IDB files from previously cracked versions of IDA?


dbfix.plw "plugin" similar to one used for IDA 6.1 updated for IDA 6.6.141224.

----------


## Natrist

Or you could do like I do and use a genuine header.

----------


## namreeb

> Or you could do like I do and use a genuine header.


Can you retroactively insert a 'genuine header' into an existing IDA file?

----------


## Natrist

> Can you retroactively insert a 'genuine header' into an existing IDA file?


Yes, of course!
The following blog article describes how you can achieve such a thing: How to create an anonymous IDA PRO database (.IDB) - 0xEBFE

----------


## Torpedoes

> The following blog article describes how you can achieve such a thing: How to create an anonymous IDA PRO database (.IDB) - 0xEBFE


I feel like writing a quick drag and drop IDB anonymizer now :-/

EDIT: Okay I followed the blog post and came up with a quick solution. Just run this python script with IDA (File > Script File) and it should anonymize the IDB for you.



```
import idaapi, binascii;

u1 = idaapi.netnode ("$ user1",         0, False);
u2 = idaapi.netnode ("$ original user", 0, False);

code = "ca75b28848ea06bcae409699fa2510a03bbaf43bd167eecb17d52918187133a793ebf8d3270230c7164d7a79b53c2c3edd611ede975690784cf2c254abe8b587140d19a3f46b2be109bde1da1b7ed4d7c9f7b58135f2c296db4e86ad29b6f0b999b5599d40c3bae8b29d2cc06ecef63cba0e1b9a9505c1efe9019a7020127e100000000000000000000000000000000000000000000000000000000000000000";

print ("Attempting IDB Anonymization...");
print ("Old code: " + binascii.hexlify (u2.supval(0)));

u1.kill(); # Delete plain text user code
u2.supset (0, binascii.unhexlify (code));

print ("New code: " + binascii.hexlify (u2.supval(0)));
```

----------


## Natrist

> I feel like writing a quick drag and drop IDB anonymizer now :-/
> 
> EDIT: Okay I followed the blog post and came up with a quick solution. Just run this python script with IDA (File > Script File) and it should anonymize the IDB for you.
> 
> 
> 
> ```
> import idaapi, binascii;
> 
> ...


Good job. I'll give reputation when I can again.

----------


## TOM_RUS

That trick doesn't work if you can't open IDB in IDA, unless you know how to patch IDB file on disk...
Edit: stupid and slow, but patching idb files on disk seems to work - http://paste2.org/dtH4A9Bz

----------


## Midi12

> Do any of you know of a patch for this leak allowing the loading of IDB files from previously cracked versions of IDA?





> I didnt have this issue with the version I posted above. I was able to open and upgrade my cracked 6.1 dbs.


Same as aeo, which version you got ? Because I heard there is an installer version and a preinstalled version. No issue about loading a 6.1 idb to 6.6 with the preinstalled one.

----------


## TOM_RUS

> Same as aeo, which version you got ? Because I heard there is an installer version and a preinstalled version. No issue about loading a 6.1 idb to 6.6 with the preinstalled one.


IDA 6.1 had legit key, IDA 5.5 did not. Ofc 6.1 idb's will work in 6.6.

----------


## Natrist

Or you could always change the header and/or read entire threads before posting questions...
Just a heads up  :Wink:

----------


## Torpedoes

> That trick doesn't work if you can't open IDB in IDA, unless you know how to patch IDB file on disk...
> Edit: stupid and slow, but patching idb files on disk seems to work - Paste2.org - Viewing Paste dtH4A9Bz


Does this work on deflated idb's?

----------


## TOM_RUS

> Does this work on deflated idb's?


Probably not? Never used compressed idb's.

----------


## adde88

Oh my God! Finally 6.6! And with everything i need! I ****ing love you guys!!!!

----------


## Raeziel

Nice surprise.

Anyone know how to diff 64 bit binaries and copy the names over? I'd like to start work on 64 bit and have an old named i64, but the zynamics crashes IDA before it can even load and I'm not sure if patchdiff2 is compatible.

Also, anyone got Hexrays to work in IDA 64 yet? Won't show up for me :S

----------


## danwins

> Nice surprise.
> 
> Anyone know how to diff 64 bit binaries and copy the names over? I'd like to start work on 64 bit and have an old named i64, but the zynamics crashes IDA before it can even load and I'm not sure if patchdiff2 is compatible.
> 
> Also, anyone got Hexrays to work in IDA 64 yet? Won't show up for me :S


Are you sure its actually crashing? when i use bindiff ida becomes un-responsive, but you can generally tell its working by mousing over the ida window, and youll see the mini thumbnail with the bindiff status box.

----------


## Raeziel

> Are you sure its actually crashing? when i use bindiff ida becomes un-responsive, but you can generally tell its working by mousing over the ida window, and youll see the mini thumbnail with the bindiff status box.


Yeah I can't even get Ida to load; "fatal error before kernel init" or something (not at my computer right now). I read up on it and some people seem to think this is normal and happens even with official licenses. This is only 64 bit though; 32 bit works like a charm.

----------


## mansemino

> Yeah I can't even get Ida to load; "fatal error before kernel init" or something (not at my computer right now). I read up on it and some people seem to think this is normal and happens even with official licenses. This is only 64 bit though; 32 bit works like a charm.


*Zynamics Bindiff 4.1* has issues with *IDA x64*. A fix for this was released last year in August, but it's not as public and known as it should be  :Smile: 

Proof: https://code.google.com/p/zynamics/i...wner%20Summary

If only someone has the fixed MSI file, it'd be great....  :Roll Eyes (Sarcastic):

----------

