Hacker News new | comments | show | ask | jobs | submit login

Why do you assume the tools are pirated?

I think you actually want two answers, the question you asked and "why report it?"

The IDA Pro disassembler and the Hex-Rays decompiler are not only very expensive tools, but they are very difficult to purchase. Due to constant problems with piracy, these days they will only sell their products to three areas; (1) governments/law enforcement, (2) very well established corporations (typically well known security research people), (3) very well established university researchers.

Typically, they refuse to sell to individuals, but there is a fourth class of customers who are individuals; very old customers like me who have a perfect track record of maintaining possession of their copy of the software.

Every copy of the software is custom compiled and watermarked so it is traceable to a particular person. Every database created by the software is also watermarked, so when someone who is not a licensed customer publishes a database (.idb), the software can be traced and the account will be terminated (i.e. no further purchases allowed).

When someone does something blatantly stupid like disassembling and decompiling skype then publicly making all of the files available, it is fairly certain that they are using a illegal copy of the software. They do not understand what they're doing. They do not understand the tool they are using. And they don't have any respect for either the tool or the work of others. --All of this loudly screams PIRATE!

The pirates either don't know about or don't care about the watermarks in the databases they create. They don't realize that publishing a database is discouraged. I've never heard of a case where a database watermark was successfully forged (i.e. pin the blame on someone else), but a cracker named "Quine" once successfully removed the watermarking in IDA back in the late 90's.

The "correct" method to publicly share the research work done in IDA is to dump the database to an IDC script (an internal language), then provide the IDC script and the target binary. Customers know this, or at least they should. With that said, friends do toss databases back and forth on occasion, but that's a matter of trust between friends where both of them are customers. Some people in the InfoSec and AntiVirus crowds exchange databases, even across competing corporate lines since they're all working together towards the same goal and they've known each other for years.

What? This isn't true at all. Anyone can buy IDA.

This copy of IDA was probably pirated for the same reason Photoshop is usually pirated: because it's expensive. But you don't know it was pirated.

Also: by editing your comments to account for the responses, you make the thread incoherent. I'd appreciate it if you wouldn't do that, or, at least, if you must do it, to do so in corrections at the end of your comment. It's fine to be wrong. I'm wrong all the time.




That is simply incorrect. I do not "know" Ilfak. I just emailed him, discussed the cost of a student license, provided proof of being a student, and filed an order form for IDA Pro Standard 6.0. The only thing that at all fits with your story is that a bank transfer was required, instead of paying by credit card, but I believe that is only for students.

Even so, Hex-Rays does sell to individuals. It's not even necessary to ask Ilfak: if copies are being sold to individuals, then they sell to individuals. And those copies are being sold. Here's a picture of my CD, purchased this year, as an individual: http://dl.dropbox.com/u/3177211/idaomg.png

That is incorrect. I purchased IDA Pro as an individual this year, and I am a simply a student interested in reverse engineering. (I believe what you are saying may be true for the "advanced" version, but from what I can tell anyone can purchase IDA Pro Standard.)

It's not true of "Advanced" either (all "Advanced" does is give you x86-64 and a bunch of exotic architectures; "Advanced" is a price segregation scheme, not a community safeguard).

No, it is true for Advanced; they will only sell it to entities they've dealt with before.

I mean you would know, I know, and we've been customers for awhile so maybe they just don't bat an eye, but I just assumed everyone bought Advanced now. How do you not have x64?

You really think this is because they want to safeguard the public or something?

Assuming that the deleted parent is about the difficulty of purchasing IDA, as you know, it's only somewhat incorrect. I have wanted to buy IDA for almost a year now, but Hex-Rays is very picky about how they receive their money; I could probably arrange for it somehow but it is an completely inordinate amount of hassle. (And no, bank transfers are not only required with a student discount; I was willing to pay twice as much to avoid the requirement but it wasn't possible.)

I think bank transfer is a requirement only for first-time private users, probably because credit cards are too easy to steal/fake and chargeback.

Improving our tools is part of our birthright and responsibility; being able to modify and learn from software is a natural outgrowth of that. We of all people should not respect work intended to discourage collaboration by anyone who isn't "established" (granted the privilege of relating to software as a human being, not just a consumer).

Thank you for the insight into your field. Now I'm sorely tempted to try my hand at decompilation.

I've purchased IDA Pro for years for legitimate reversing work, but on the rare occasion that I need to do some more dodgy work for clients, where I don't want to reveal any identity (previously name, now license number) via the watermarks in the database, I will use a pirated version of the software.

My point is that it is not possible to know for sure if the user of a pirated software is indeed a pirate, as there are reasons of privacy to use these editions of the IDA (as well as the most common one of just not paying for it in the first place.)

As to the question of whether Bushmanov has used a pirated edition of IDA for his work, it's interesting to note that the distributed .idb files are in two different formats - as far as I can tell versions 5.2 and 5.5, but the license key is the same for both: A2-86E4-B9BB-D3. It's not one I recognise from any of the common pirated versions but I suppose only Ilfak could tell for sure.

Igor Skochinsky at Hex-Rays has verified it is a pirated version, but at least it is an old leak instead of a new one.

Ah, then I guess Bushmanov must have originally created all three databases in that pirated version 5.2, then only re-edited two of them in pirated version 5.5.

Thanks for your insight. The spelling errors in the blog posts aren't the hallmark of professionalism either, but what about the information in comment header?

    |*| Skype 4142 Decompression v1.002 by Sean O'Neil.
    |*| Copyright (c) 2004-2009 by VEST Corporation.
    |*| All rights reserved. Strictly Confidential!
    |*| Date: 29.10.2009
is this just a special brand of stupid?

edit: some info about this corporation and Sean O'Neil: http://en.wikipedia.org/wiki/VEST

the official web page points to beach resort?!?

edit2: same guy: http://cryptolib.com/ciphers/skype/

Don't pick on the spelling. Have you considered users who don't have English as their first language? I hear there a few is all ;)

yeah, the author of the blog post said the stuff he has came from VEST. so it's basically a POC based on the code released 2 years ago. if you google it there's a blog post by some other random guy who made a python plugin and some POC code from that stuff too

You are completely right. But why so serious? This is just tools for make peoples happy.

Is that true about that they won't sell to everybody? I've been playing with the idea of buying a IDA Pro license recently.

Has someone more information about that?

The older IDA Pro 5.0 is licensed as freeware, free for non-commercial use.


Yes, but the Hex-Rays decompiler is not. I can't touch the files, so I can't tell you what version was used, but in the comments here, there is a claim that the supposed source code is Hex-Rays output.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact