Shulou(Shulou.com)06/01 Report--

IDA 6.6 has been leaked for some time, and on that day, many patches for "remove IDA LAN authentication" appeared ~ ~ netizens are really eager to howl ~ ~

As one of my favorite crackers, I prefer to do it myself.

When it is detected that other people in the local area network are using the same authorized IDA, it will play a box

Okay, let's start with strings.

We found this string.

Let's see which function called "anotherCopy_sub_54E980", which is this.

"recvfrom"? It turns out that it is verified by communicating with each other in the local area network through udp,ida.

Go back a few more layers, and the verification process emerges:

Look at the picture above, before network communication, of course, we have to call "WSAStartup". At this time, the inspiration comes.

If we let the "WSAStartup" call fail, the local area network authentication will not work.

It is usually a jump after changing the "WSAStartup" call.

We don't take the usual road today, hehe.

Let's look at the definition of "WSAStartup":

Int WSAStartup (_ In_ WORD wVersionRequested, _ Out_ LPWSADATA lpWSAData)

If either of the two parameters, wVersionRequested and lpWSAData, is 0, the function call will fail. If you go back, you can try it.

Okay, we'll modify the parameters.

How about "wVersionRequested" changed to 0?

[this is the end of the analysis. Welcome to correct]

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.