The IDA Pro disassembler and the Hex-Rays decompiler are not only very
expensive tools, but they are very difficult to purchase. Due to
constant problems with piracy, these days they will only sell their
products to three areas; (1) governments/law enforcement, (2) very well
established corporations (typically well known security research
people), (3) very well established university researchers.
Typically, they refuse to sell to individuals, but there is a fourth
class of customers who are individuals; very old customers like me who
have a perfect track record of maintaining possession of their copy of
Every copy of the software is custom compiled and watermarked so it
is traceable to a particular person. Every database created by the
software is also watermarked, so when someone who is not a licensed
customer publishes a database (.idb), the software can be traced and
the account will be terminated (i.e. no further purchases allowed).
When someone does something blatantly stupid like disassembling and
decompiling skype then publicly making all of the files available, it is
fairly certain that they are using a illegal copy of the software. They
do not understand what they're doing. They do not understand the tool
they are using. And they don't have any respect for either the tool or
the work of others. --All of this loudly screams PIRATE!
The pirates either don't know about or don't care about the watermarks
in the databases they create. They don't realize that publishing a
database is discouraged. I've never heard of a case where a database
watermark was successfully forged (i.e. pin the blame on someone else),
but a cracker named "Quine" once successfully removed the watermarking
in IDA back in the late 90's.
The "correct" method to publicly share the research work done in IDA is
to dump the database to an IDC script (an internal language), then
provide the IDC script and the target binary. Customers know this, or at
least they should. With that said, friends do toss databases back and
forth on occasion, but that's a matter of trust between friends where
both of them are customers. Some people in the InfoSec and AntiVirus
crowds exchange databases, even across competing corporate lines since
they're all working together towards the same goal and they've known
each other for years.
This copy of IDA was probably pirated for the same reason Photoshop is usually pirated: because it's expensive. But you don't know it was pirated.
Also: by editing your comments to account for the responses, you make the thread incoherent. I'd appreciate it if you wouldn't do that, or, at least, if you must do it, to do so in corrections at the end of your comment. It's fine to be wrong. I'm wrong all the time.
Even so, Hex-Rays does sell to individuals. It's not even necessary to ask Ilfak: if copies are being sold to individuals, then they sell to individuals. And those copies are being sold. Here's a picture of my CD, purchased this year, as an individual: http://dl.dropbox.com/u/3177211/idaomg.png
You really think this is because they want to safeguard the public or something?
Thank you for the insight into your field. Now I'm sorely tempted to try my hand at decompilation.
My point is that it is not possible to know for sure if the user of a pirated software is indeed a pirate, as there are reasons of privacy to use these editions of the IDA (as well as the most common one of just not paying for it in the first place.)
As to the question of whether Bushmanov has used a pirated edition of IDA for his work, it's interesting to note that the distributed .idb files are in two different formats - as far as I can tell versions 5.2 and 5.5, but the license key is the same for both: A2-86E4-B9BB-D3. It's not one I recognise from any of the common pirated versions but I suppose only Ilfak could tell for sure.
|*| Skype 4142 Decompression v1.002 by Sean O'Neil.
|*| Copyright (c) 2004-2009 by VEST Corporation.
|*| All rights reserved. Strictly Confidential!
|*| Date: 29.10.2009
some info about this corporation and Sean O'Neil: http://en.wikipedia.org/wiki/VEST
the official web page points to beach resort?!?
edit2: same guy: http://cryptolib.com/ciphers/skype/
Has someone more information about that?