Binary Ninja 5.1.8005 Personal

A-new · 发表于 2025-10-9 17:32

本帖最后由 A-new 于 2025-10-10 16:56 编辑

下载
度盘

[HTML] 纯文本查看 复制代码

https://pan.baidu.com/s/1d6ItvD4rETnBq9XBmZ_BHw?pwd=ikun

一大佬的网盘

[HTML] 纯文本查看 复制代码

https://od.cloudsploit.top/zh-CN/tools/BinaryNinja/5.1.8005

5.1.8104

[HTML] 纯文本查看 复制代码

https://od.cloudsploit.top/zh-CN/tools/BinaryNinja/5.1.8104

patch
5.1.8104可用

[Python] 纯文本查看 复制代码

import base64
import hashlib
import json
import random
from Crypto.Cipher import ARC4
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15
from Crypto.Util.number import long_to_bytes,bytes_to_long
from Crypto.Hash import SHA256
from datetime import datetime, timezone

def get_time_str():
    # 获取当前 UTC 时间并格式化为 ISO 字符串
    utc_now = datetime.now(timezone.utc)
    iso_str = utc_now.isoformat(timespec='milliseconds')  # 保留毫秒精度

    # print(iso_str)  # 输出类似：2025-07-04T19:59:19.123+00:00
    return iso_str

def gen_licdata():
    randdata=random.randbytes(0x100)
    k=hashlib.md5(randdata).digest()
    rc4=ARC4.new(key=k)
    #从 AMPED Keygen  中拷贝，可能与更新相关  
    # （nj后面将9C2AAA09A4E2252B0BA125DB1E1CD272207D97CCA8446899 设置为key(key长度0x18)解密byte_18A03F4D0[0x452]）
    rc4data=bytes.fromhex('9C2AAA09A4E2252B0BA125DB1E1CD272207D97CCA8446899')
    encdta=rc4.encrypt(rc4data)
    # print('rc4enc:',encdta.hex())

    ret=base64.standard_b64encode(randdata+encdta)
    # print('data:',ret)
    return ret
def gen_signature(msg,pri_data=bytes.fromhex('''308204A30201000282010100D2BF8069B298618B54272B13CE402C37826D906FA0DB47C916E304D61CFE847306AD1763A332A6FACBEF133DE5E634B333739EFFFE9F7513F7C38CDF4EB7CE27B56B728424F9410DB4CD3AB33D2A367123470D62324211876D83C15B59FB7A4D5A74E56F9E443DBEFF30289D3E4F84E58E6AB23AD4F43870034605E68EDF1FF90256AA027C6102981B8A7742C3DCFC536A4D98C4E22702F2BFFDE2985E232A2446D5750E20EDD27E59FA2475CFF2882CA33347209F62DED6965D85B03BDE6E02B99F680F33B7DC08F8730C0BCE62256FCA5613213A1182C00A36A9D496629D15C1B604550F97388C2DFD60CC8DC15CF5D61A829167CE07F9798168C92D6037470203010001028201005BC7FDC74A79D58565C5571BDD87921A2CA9C5ACEFCB7FD4622CC536F052A1E12C67A6978483F337A727FBE3C9A33B914D978D87E45E9290FB26C54B9D4F2C2F9BF16AE284EDAE78A72477EB867843547B6E1EB484B9C4438C1CC4D1217B855479D00DF9D1DDDB5C3A6BC14C55CE30CCFE7C96194C13FE1E3E36B92C234DA5F0B362663B5B353949FF83F3987080A20326CC8A4FC5E51FF5A91026BB72F1BF4EAA5EB893892E2AC6FEB828EC2D093F992589D7EDEE5DA8EA94C6F8EA61E1FF1D3686EE2B97859E0123CF438F457C97860C04263380EE82C84DB0CADCE121C93F5AD1EB0A802C7ABFF14B4265805CAC6C37F4BF4E17B034E29F3DE64EA98450CD02818100FFDC7E6D1275D1956316116CD79CD5A44F76A6284DD3C35E5A607C1C612D454BFB94DFF5EE63DDB695C8E3A9E398D188A25100959C632DBD3A23FC31F975484D1531151AA7CD6711C960018E366F1507FEB787757464F7E2F05AD097DAD9C8D34BAB3BD584948C7DABD750B3F9B651C3FCDE7133232CA2228F7880410A7FC89502818100D2DCBF521CC7FC91AE554A7ADE811CA07356C50227EC07A4DB06A2B681E29CA8F4D54A7D40D7DFAA38A1B6F03D9E4ACFBEF7C7AC45A6496C94BFD8FA0FB1C2528097AAACFDD0FAA5C9CD42A010018CB04A488A6437B5F4328B30D2FBE9290AA3C9937DD1DB92DFAE4431FC690B7EF879FFDDBAD9D3784A5869C6D8039B249D6B028181009A9EF0540FE4DD7C2EBE2657A5512516BFE2CEF4EA5B7FE4642F8CB145D4AADD093365C8E480BB7ADCB7E34546C29255C4E9B8B5B1258A7DA1461FE13F84ADE5CF59B30C41BDF27CA03A819624B52A7B8365FBD97236964B31BF5FF1751349B6CF32B2DD0CDB0CAFE18A243E2F390BDEA9D0EF8DDCC2DB5491695BF0725CD8A50281802101306917DC2DAA57D13DD131969FF67557358AFAD8B4F196DED9051C1B6E4DFBD48ECE402209FE48D2F7216F63A16E17040D9AE763F9C6271A484A0BBED51DB8C7048E03447C970A99383E7982E4948B6C034D6072F88018CD5198E08BEE006902CF04D40B8F3B65AD3546F3E7B1D8D6B5CC13604849CAC0F3C0C7FFB6A175028180616C870F1920FD24DEBE793A273591CB3E858962A9A93022AF36FB15CEF57F3C3EE101F1A8AF206DF757EC7A7EBD99D7E1C5B18870EB8B66E78F3FA005E4431D71B25F350103C2E68BC4474DF3BDAC57F8D9327304C65E5069DDB25C178615D1A3B264B22B8826E33D21F4CD50433FD6210ED5699741FB219E75F6DD8F5DB714''')):
    if isinstance(msg,str):
        msg=msg.encode()
    prik=RSA.import_key(pri_data)
    # print('kg d:',prik.d)
    # print('kg n:',prik.n)
    # print('kg e:',prik.e)
    sig=pkcs1_15.new(prik)
    signature=sig.sign(SHA256.new(msg))
    ret=base64.standard_b64encode(signature)
    return ret
def kg(count:int,email:str,serial_hexstr:str=random.randbytes(0x10).hex()):
    lic={}
    lic["product"]= "Binary Ninja Personal"
    lic["email"]= email
    lic["serial"]= serial_hexstr
    lic["created"]=get_time_str()
    lic["type"]= "User"
    lic["count"]=count
    lic["data"]=gen_licdata().decode()
    msg='\x00'.join((lic["product"],lic["email"],lic["serial"],lic["created"],lic["type"],str(lic["count"]),lic["data"]))
    lic["signature"]= gen_signature(msg).decode()
    
    s=json.dumps(lic,indent=0)
    lic_text='[\n%s\n]'%s
    return lic_text

def nj_xor(data:bytes,xor_key=bytes([0x44,0x72,0xf9,0x67])):
    result=[]
    for i, byte_val in enumerate(data):
        xor_byte = xor_key[i % 4]
        processed_byte = byte_val ^ xor_byte
        result.append(processed_byte)
    return bytes(result)

def print_rsakey_info():
    #公私密钥拷贝自 AMPED Keygen
    pri_data=bytes.fromhex('''308204A30201000282010100D2BF8069B298618B54272B13CE402C37826D906FA0DB47C916E304D61CFE847306AD1763A332A6FACBEF133DE5E634B333739EFFFE9F7513F7C38CDF4EB7CE27B56B728424F9410DB4CD3AB33D2A367123470D62324211876D83C15B59FB7A4D5A74E56F9E443DBEFF30289D3E4F84E58E6AB23AD4F43870034605E68EDF1FF90256AA027C6102981B8A7742C3DCFC536A4D98C4E22702F2BFFDE2985E232A2446D5750E20EDD27E59FA2475CFF2882CA33347209F62DED6965D85B03BDE6E02B99F680F33B7DC08F8730C0BCE62256FCA5613213A1182C00A36A9D496629D15C1B604550F97388C2DFD60CC8DC15CF5D61A829167CE07F9798168C92D6037470203010001028201005BC7FDC74A79D58565C5571BDD87921A2CA9C5ACEFCB7FD4622CC536F052A1E12C67A6978483F337A727FBE3C9A33B914D978D87E45E9290FB26C54B9D4F2C2F9BF16AE284EDAE78A72477EB867843547B6E1EB484B9C4438C1CC4D1217B855479D00DF9D1DDDB5C3A6BC14C55CE30CCFE7C96194C13FE1E3E36B92C234DA5F0B362663B5B353949FF83F3987080A20326CC8A4FC5E51FF5A91026BB72F1BF4EAA5EB893892E2AC6FEB828EC2D093F992589D7EDEE5DA8EA94C6F8EA61E1FF1D3686EE2B97859E0123CF438F457C97860C04263380EE82C84DB0CADCE121C93F5AD1EB0A802C7ABFF14B4265805CAC6C37F4BF4E17B034E29F3DE64EA98450CD02818100FFDC7E6D1275D1956316116CD79CD5A44F76A6284DD3C35E5A607C1C612D454BFB94DFF5EE63DDB695C8E3A9E398D188A25100959C632DBD3A23FC31F975484D1531151AA7CD6711C960018E366F1507FEB787757464F7E2F05AD097DAD9C8D34BAB3BD584948C7DABD750B3F9B651C3FCDE7133232CA2228F7880410A7FC89502818100D2DCBF521CC7FC91AE554A7ADE811CA07356C50227EC07A4DB06A2B681E29CA8F4D54A7D40D7DFAA38A1B6F03D9E4ACFBEF7C7AC45A6496C94BFD8FA0FB1C2528097AAACFDD0FAA5C9CD42A010018CB04A488A6437B5F4328B30D2FBE9290AA3C9937DD1DB92DFAE4431FC690B7EF879FFDDBAD9D3784A5869C6D8039B249D6B028181009A9EF0540FE4DD7C2EBE2657A5512516BFE2CEF4EA5B7FE4642F8CB145D4AADD093365C8E480BB7ADCB7E34546C29255C4E9B8B5B1258A7DA1461FE13F84ADE5CF59B30C41BDF27CA03A819624B52A7B8365FBD97236964B31BF5FF1751349B6CF32B2DD0CDB0CAFE18A243E2F390BDEA9D0EF8DDCC2DB5491695BF0725CD8A50281802101306917DC2DAA57D13DD131969FF67557358AFAD8B4F196DED9051C1B6E4DFBD48ECE402209FE48D2F7216F63A16E17040D9AE763F9C6271A484A0BBED51DB8C7048E03447C970A99383E7982E4948B6C034D6072F88018CD5198E08BEE006902CF04D40B8F3B65AD3546F3E7B1D8D6B5CC13604849CAC0F3C0C7FFB6A175028180616C870F1920FD24DEBE793A273591CB3E858962A9A93022AF36FB15CEF57F3C3EE101F1A8AF206DF757EC7A7EBD99D7E1C5B18870EB8B66E78F3FA005E4431D71B25F350103C2E68BC4474DF3BDAC57F8D9327304C65E5069DDB25C178615D1A3B264B22B8826E33D21F4CD50433FD6210ED5699741FB219E75F6DD8F5DB714''')
    pub_data=bytes.fromhex('''30820122300D06092A864886F70D01010105000382010F003082010A0282010100D2BF8069B298618B54272B13CE402C37826D906FA0DB47C916E304D61CFE847306AD1763A332A6FACBEF133DE5E634B333739EFFFE9F7513F7C38CDF4EB7CE27B56B728424F9410DB4CD3AB33D2A367123470D62324211876D83C15B59FB7A4D5A74E56F9E443DBEFF30289D3E4F84E58E6AB23AD4F43870034605E68EDF1FF90256AA027C6102981B8A7742C3DCFC536A4D98C4E22702F2BFFDE2985E232A2446D5750E20EDD27E59FA2475CFF2882CA33347209F62DED6965D85B03BDE6E02B99F680F33B7DC08F8730C0BCE62256FCA5613213A1182C00A36A9D496629D15C1B604550F97388C2DFD60CC8DC15CF5D61A829167CE07F9798168C92D6037470203010001''')
    # nj_pubkeydata=bytes.fromhex('''30820122300D06092A864886F70D01010105000382010F003082010A0282010100D66C9EC8DC86F3DB68B2B8BF660551630527F4EC31193B69743EE1E650ABB1A2276361B00383F23D66680A681EB3B8DC4A7F9151E732F6D4B76963D1122A8F5899736BDE7B911C9F2A55E42DAA8566CBAD43BE681B2F381549C342FC19F1F593D24454741D17ADF221F633A5AC4DE85EF6023628F8F9368C616B1949D702C4195D411DD51A2F1B8459832299035EEF68BE1EE37D92A4DF758F5892C8AAF635A406A7AD4F9EBF03EB0E44DA485BBBF0983DF83920420AE824F4DA3CC9D1699535635F7151B279D27144B8A29A65B6E28CCBAFFDDBAB3FDE84CBF0E1FF4E28AB65197EC9FD027DCD7AF52880BF143275782F0782C3043B470204B63C40FC7BAF330203010001''')

    # xor key 0x67F97244
    nj_pubkey_xordata=bytes.fromhex('''74f0f845747fff6e6ef4b1e1b37ff8664577f964c673f66774f0f86d46f0f86644a495f98cae7f949f1a4bdffb14fc362777de93a843e05c2d06c786a22252d6e6559a06f4717a957914916d2c6c4adf983886f61595cb9190c590049560d3e81ceb8a0c9a09687bdb58ac8369d87c018fdfbad92c69d65f513b3a25b86b0892d7a0bd33306feecab6530f54e1deb48f1a84fb516c8a0051c813927e0da5fba35d2fb87a9168d67cc02b7a45dd71a7882ccce78439e05db831fda1f58cd80f52e0745eca0bec4664af7cbdbd0c294297dc4f015e6430f38f6086235b8da390f27111a61615c080b5353641c5de174f85c8b9569a9fd9c6b9c0b90986bb3cd1cc216b87aeb97084aa3e87d1e7fb66cb123c5dfee58776c22046764f5b048e82c87770fa664473f967''')
    nj_pubkeydata=nj_xor(nj_pubkey_xordata)[:0x126]

    nj_pubk=RSA.import_key(nj_pubkeydata)
    print('nj e:',nj_pubk.e)
    print('nj n:',nj_pubk.n)
    print('\n\n')

    pub_key=RSA.import_key(pub_data)
    print('kg e:',pub_key.e)
    print('kg n:',pub_key.n)
    print('\n\n')

    prik=RSA.import_key(pri_data)
    print('kg d:',prik.d)
    print('kg n:',prik.n)
    print('kg e:',prik.e)
    pass








if __name__=='__main__':
    #print_rsakey_info()
    lic_path='license.dat'
    save=True

    count=123
    email="ikun@ikunkun.com"
    text=kg(count,email)
    print('lic==>')
    print(text)
    if save:
        with open(lic_path,'w',encoding='utf8') as f:
            f.write(text)

goldharp · 发表于 2025-10-29 21:05

[Python] 纯文本查看 复制代码

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
Patch binaryninjacore.dll: write 0x90 at specified offsets.
Creates backup file before modifying.

Usage:
    python patch_binaryninja.py
"""

import os
import sys
import time
from datetime import datetime

FILENAME = "binaryninjacore.dll"
# Offsets provided by user (hex). Keep them as strings for readability.
HEX_OFFSETS = [
    "0x10E6C9C",
    "0x10E6C9D",
    "0x10E6C9E",
    "0x10E6C9F",
    "0x10E6CA0",
    "0x10E6CA1",
]

def hex_to_int_list(hex_list):
    return [int(h, 16) for h in hex_list]

def make_backup(path):
    ts = datetime.now().strftime("%Y%m%d_%H%M%S")
    backup_name = f"{path}.bak.{ts}"
    with open(path, "rb") as rf, open(backup_name, "wb") as bf:
        bf.write(rf.read())
    return backup_name

def read_bytes_at(fobj, offset, length=1):
    fobj.seek(offset)
    return fobj.read(length)

def write_bytes_at(fobj, offset, data: bytes):
    fobj.seek(offset)
    fobj.write(data)
    fobj.flush()
    os.fsync(fobj.fileno())

def main():
    if not os.path.isfile(FILENAME):
        print(f"错误：当前目录未找到 {FILENAME}")
        sys.exit(1)

    offsets = hex_to_int_list(HEX_OFFSETS)

    # check file size
    filesize = os.path.getsize(FILENAME)
    print(f"文件: {FILENAME}, 大小: {filesize} bytes")

    # create backup
    try:
        backup = make_backup(FILENAME)
        print(f"已创建备份: {backup}")
    except Exception as e:
        print(f"创建备份失败: {e}")
        sys.exit(1)

    # Open file for read/write binary
    try:
        with open(FILENAME, "r+b") as f:
            original_bytes = {}
            for off in offsets:
                if off < 0 or off >= filesize:
                    print(f"偏移超出范围：{hex(off)} (跳过)")
                    original_bytes[off] = None
                    continue
                f.seek(off)
                b = f.read(1)
                original_bytes[off] = b
                print(f"偏移 {hex(off)} 原始字节: {b.hex()}")

            # Write NOP (0x90) to each valid offset
            for off in offsets:
                if original_bytes.get(off) is None:
                    continue
                try:
                    write_bytes_at(f, off, b'\x90')
                    print(f"已在 {hex(off)} 写入 0x90")
                except Exception as e:
                    print(f"在 {hex(off)} 写入失败: {e}")

            # Verify
            f.seek(0)
            for off in offsets:
                if off < 0 or off >= filesize:
                    continue
                f.seek(off)
                b_after = f.read(1)
                ok = (b_after == b'\x90')
                print(f"校验 {hex(off)} -> {b_after.hex()} {'OK' if ok else 'FAILED'}")

    except PermissionError as e:
        print("权限错误：无法打开文件进行写入。请以管理员身份运行或确认文件没有被占用。")
        print(e)
        sys.exit(1)
    except Exception as e:
        print("处理文件时发生异常：", e)
        sys.exit(1)

    print("补丁完成。注意：如果需要恢复，请用备份文件覆盖原文件。")

if __name__ == "__main__":
    main()

patch下dll，再配合楼主脚本生成的lic.

qq465881818 · 发表于 2025-10-9 21:29

[C++] 纯文本查看 复制代码

#define _CRT_SECURE_NO_WARNINGS
#include<stdlib.h>
#include<stdio.h>
#include<string.h>
int __cdecl start_mod(char* FileName, int* mod_offset, unsigned int mod_count)
{
    char Buffer; // [esp+17h] [ebp-11h] BYREF
    FILE* Stream; // [esp+18h] [ebp-10h]
    unsigned int i; // [esp+1Ch] [ebp-Ch]

    Stream = fopen(FileName, "rb+");
    if (Stream)
    {
        for (i = 0; i < mod_count; ++i)
        {
            if (fseek(Stream, mod_offset[i], 0))
            {
                perror("Error seeking in file");
                fclose(Stream);
                return 1;
            }
            Buffer = 0x90;
            if (fwrite(&Buffer, 1u, 1u, Stream) != 1)
            {
                perror("Error writing to file");
                fclose(Stream);
                return 1;
            }
        }
        fclose(Stream);
        puts("Patching complete.");
        return 0;
    }
    else
    {
        perror("Error opening file");
        return 1;
    }
}
int __cdecl main(int argc, const char** argv, const char** envp)
{
    int v4[8]; // [esp+10h] [ebp-20h] BYREF

    v4[7] = (int)"binaryninjacore.dll";
    v4[0] = 0x10E64CC;
    v4[1] = 0x10E64CD;
    v4[2] = 0x10E64CE;
    v4[3] = 0x10E64CF;
    v4[4] = 0x10E64D0;
    v4[5] = 0x10E64D1;
    v4[6] = 6;
    return start_mod("binaryninjacore.dll", v4, 6u);
}

hanyufeng · 发表于 2025-10-9 18:52

解压密码:DaddyPenguin

futinglong · 发表于 2025-10-9 18:52

楼主这个解压密码是什么 https://od.cloudsploit.top/zh-CN/tools/BinaryNinja/5.1.8005

wyp123 · 发表于 2025-10-9 19:41

有mac版吗，一直在出Windows，但是没Linux和mac版

温柔 · 发表于 2025-10-9 19:55

wyp123 发表于 2025-10-9 19:41
有mac版吗，一直在出Windows，但是没Linux和mac版

大佬盘里有linux的

wyp123 · 发表于 2025-10-9 20:03

温柔发表于 2025-10-9 19:55
大佬盘里有linux的

好，看到了，谢谢

m_h · 发表于 2025-10-9 20:39

本帖最后由 m_h 于 2025-10-13 20:20 编辑

    file_path = "binaryninjacore.dll"
    offsets = [0x10E6C9C, 0x10E6C9D, 0x10E6C9E, 0x10E6C9F, 0x10E6CA0, 0x10E6CA1]

{:301_1008:}大佬的地址如何防走失。。换好几次域名了吧？
kg 适合 8104 吗？
8104 17722524 [10E6C9Ch] 17722525 [10E6C9Dh] 17722526 [10E6C9Eh] 17722527 [10E6C9Fh] 17722528 [10E6CA0h] 17722529 [10E6CA1h]

你这密码有点东西啊，，，
44 61 64 64 79 50 65 6E 67 75 69 6E 0D 0A

还好测试了下不然时间久了。。想破脑袋都不知道为何密码错误。

daiyan0704 · 发表于 2025-10-10 09:23

谢谢楼主的无私分享，下载体验一下。

starsunyzl · 发表于 2025-10-10 09:38

貌似已经有 5.1.8104 了呀

帐号		自动登录	找回密码
密码			注册[Register]

[Disassemblers] Binary Ninja 5.1.8005 Personal

免费评分