I think you actually want two answers, the question you asked and "why
The IDA Pro disassembler and the Hex-Rays decompiler are not only very
expensive tools, but they are very difficult to purchase. Due to
constant problems with piracy, these days they will only sell their
products to three areas; (1) governments/law enforcement, (2) very well
established corporations (typically well known security research
people), (3) very well established university researchers.
Typically, they refuse to sell to individuals, but there is a fourth
class of customers who are individuals; very old customers like me who
have a perfect track record of maintaining possession of their copy of
Every copy of the software is custom compiled and watermarked so it
is traceable to a particular person. Every database created by the
software is also watermarked, so when someone who is not a licensed
customer publishes a database (.idb), the software can be traced and
the account will be terminated (i.e. no further purchases allowed).
When someone does something blatantly stupid like disassembling and
decompiling skype then publicly making all of the files available, it is
fairly certain that they are using a illegal copy of the software. They
do not understand what they're doing. They do not understand the tool
they are using. And they don't have any respect for either the tool or
the work of others. --All of this loudly screams PIRATE!
The pirates either don't know about or don't care about the watermarks
in the databases they create. They don't realize that publishing a
database is discouraged. I've never heard of a case where a database
watermark was successfully forged (i.e. pin the blame on someone else),
but a cracker named "Quine" once successfully removed the watermarking
in IDA back in the late 90's.
The "correct" method to publicly share the research work done in IDA is
to dump the database to an IDC script (an internal language), then
provide the IDC script and the target binary. Customers know this, or at
least they should. With that said, friends do toss databases back and
forth on occasion, but that's a matter of trust between friends where
both of them are customers. Some people in the InfoSec and AntiVirus
crowds exchange databases, even across competing corporate lines since
they're all working together towards the same goal and they've known
each other for years.
This copy of IDA was probably pirated for the same reason Photoshop is usually pirated: because it's expensive. But you don't know it was pirated.
Also: by editing your comments to account for the responses, you make the thread incoherent. I'd appreciate it if you wouldn't do that, or, at least, if you must do it, to do so in corrections at the end of your comment. It's fine to be wrong. I'm wrong all the time.
That is simply incorrect. I do not "know" Ilfak. I just emailed him, discussed the cost of a student license, provided proof of being a student, and filed an order form for IDA Pro Standard 6.0. The only thing that at all fits with your story is that a bank transfer was required, instead of paying by credit card, but I believe that is only for students.
Even so, Hex-Rays does sell to individuals. It's not even necessary to ask Ilfak: if copies are being sold to individuals, then they sell to individuals. And those copies are being sold. Here's a picture of my CD, purchased this year, as an individual: http://dl.dropbox.com/u/3177211/idaomg.png
That is incorrect. I purchased IDA Pro as an individual this year, and I am a simply a student interested in reverse engineering. (I believe what you are saying may be true for the "advanced" version, but from what I can tell anyone can purchase IDA Pro Standard.)
Assuming that the deleted parent is about the difficulty of purchasing IDA, as you know, it's only somewhat incorrect. I have wanted to buy IDA for almost a year now, but Hex-Rays is very picky about how they receive their money; I could probably arrange for it somehow but it is an completely inordinate amount of hassle. (And no, bank transfers are not only required with a student discount; I was willing to pay twice as much to avoid the requirement but it wasn't possible.)
Improving our tools is part of our birthright and responsibility; being able to modify and learn from software is a natural outgrowth of that. We of all people should not respect work intended to discourage collaboration by anyone who isn't "established" (granted the privilege of relating to software as a human being, not just a consumer).
Thank you for the insight into your field. Now I'm sorely tempted to try my hand at decompilation.
I've purchased IDA Pro for years for legitimate reversing work, but on the rare occasion that I need to do some more dodgy work for clients, where I don't want to reveal any identity (previously name, now license number) via the watermarks in the database, I will use a pirated version of the software.
My point is that it is not possible to know for sure if the user of a pirated software is indeed a pirate, as there are reasons of privacy to use these editions of the IDA (as well as the most common one of just not paying for it in the first place.)
As to the question of whether Bushmanov has used a pirated edition of IDA for his work, it's interesting to note that the distributed .idb files are in two different formats - as far as I can tell versions 5.2 and 5.5, but the license key is the same for both: A2-86E4-B9BB-D3. It's not one I recognise from any of the common pirated versions but I suppose only Ilfak could tell for sure.
yeah, the author of the blog post said the stuff he has came from VEST. so it's basically a POC based on the code released 2 years ago. if you google it there's a blog post by some other random guy who made a python plugin and some POC code from that stuff too