IDA keygen

IDA uses RSA-1024 for its key signatures and without the private key you
cannot make valid keys. So what I did was to generate a new pair of
public/private keys with a modulus close to the original. The two RSA
modulus differ by just one byte. This was important because IDA checks the validity of the modulus and private key but it only compares the first and last bytes. This allows one to patch just one byte in the IDA library and
have complete control of the license. This works for all OS versions: Mac,
Linux and Windows. I’m sure that after this keygen is published (last IDA
version is now 7.3) better checks will be incorporated and the binaries
will have to be patched more extensively.

使用shell脚本随机生成1024位的RSA密钥，检查N的首位和末位，直到生成满足条件的密钥。

#!/bin/bash
while ((1));
do
	openssl genrsa -out rsa_1024_priv.pem 1024
	openssl rsa -in rsa_1024_priv.pem -modulus|grep -P '=93.{252}ED$'
	if [ "$?" -eq 0 ]
	then
		break
	fi
done

查看P,Q：

openssl rsa -in rsa_1024_priv.pem -text

RSA Private-Key: (1024 bit, 2 primes)
modulus:
    00:93:46:33:fd:f5:bc:fc:87:b5:b6:59:92:6e:a6:
    e5:47:57:73:67:9f:aa:4c:19:9c:ec:25:a1:3c:38:
    2c:3a:5d:f6:38:c6:cd:c1:83:d6:fa:f1:49:21:fb:
    c7:8f:ff:56:15:c2:d1:7a:fd:f2:48:28:7a:3c:8f:
    16:a6:3e:9b:72:80:d6:9f:7a:fa:5d:5b:ba:8f:fc:
    43:04:a9:da:a4:1a:b6:6f:68:94:6c:ed:bc:20:da:
    f5:6a:1b:38:6b:d9:7c:e4:c0:ee:2e:ce:4d:48:15:
    a5:f4:ad:6f:bd:a1:35:af:ac:64:cc:45:e2:1d:e3:
    2b:8a:11:75:79:f8:22:b2:ed
publicExponent: 65537 (0x10001)
privateExponent:
    00:87:54:95:66:22:af:dc:e5:df:c6:86:9c:96:6d:
    6a:76:9a:17:83:fb:26:03:f3:ed:4c:da:6f:44:e4:
    e1:4f:69:14:5e:ab:e0:5a:98:89:ad:e2:96:af:51:
    ab:d9:d8:6a:04:69:17:11:8b:d5:5d:15:44:ed:ed:
    16:85:01:36:d9:26:4c:92:be:5a:7b:93:15:73:8f:
    d5:86:6e:89:aa:2d:75:33:09:60:96:97:b0:c9:a7:
    2d:42:58:21:c4:1d:a9:07:d8:a6:10:dc:c8:6f:23:
    0f:bc:a4:6e:ac:f5:8e:e6:3b:25:ed:40:82:04:7a:
    f7:e9:c3:13:42:ce:fe:bd:89
prime1:
    00:c2:a8:5f:c3:45:d9:cf:23:57:09:01:73:bf:8d:
    93:7c:98:68:a0:70:0a:a3:c2:d2:5a:34:1d:61:68:
    51:b3:f8:79:04:e7:9e:92:bd:57:5e:55:c9:6f:7d:
    11:90:da:22:27:9d:ee:bf:6f:7d:8c:ec:39:5a:c9:
    10:05:90:99:37
prime2:
    00:c1:af:42:ac:1c:a2:fb:82:a5:2a:46:90:65:77:
    a1:79:f1:c7:d7:07:cf:2b:da:b6:10:80:3c:a4:93:
    22:56:17:94:f8:4d:e7:9c:80:ef:50:be:28:b0:d1:
    d7:28:ae:9d:f6:09:c3:d0:4c:54:64:da:14:91:2d:
    05:b1:3c:56:fb
……

计算私钥D:

RSA参数:

P: C2A85FC345D9CF2357090173BF8D937C9868A0700AA3C2D25A341D616851B3F87904E79E92BD575E55C96F7D1190DA22279DEEBF6F7D8CEC395AC91005909937

Q: C1AF42AC1CA2FB82A52A46906577A179F1C7D707CF2BDAB610803CA49322561794F84DE79C80EF50BE28B0D1D728AE9DF609C3D04C5464DA14912D05B13C56FB

N: 934633FDF5BCFC87B5B659926EA6E5475773679FAA4C199CEC25A13C382C3A5DF638C6CDC183D6FAF14921FBC78FFF5615C2D17AFDF248287A3C8F16A63E9B7280D69F7AFA5D5BBA8FFC4304A9DAA41AB66F68946CEDBC20DAF56A1B386BD97CE4C0EE2ECE4D4815A5F4AD6FBDA135AFAC64CC45E21DE32B8A117579F822B2ED

E: 13

D: 64C43E85574B696A53E88E20D2723115DD84DB1C670BA5BC35C8E794FE03505B3CAD957F4E82A090C0099DFD1CC0D71FF3F11610C8B33ED853A2B2BEA7A41983337F4ED20999A6A24A2B32799E413118BFF52BB53C3D0775C61191BDB073A8DEADE43AFA1BFCCB1048F4459D335B257B7C9C54F5E44EE888A26A7F95701241DF

N-reverse: EDB222F87975118A2BE31DE245CC64ACAF35A1BD6FADF4A515484DCE2EEEC0E47CD96B381B6AF5DA20BCED6C94686FB61AA4DAA90443FC8FBA5B5DFA7A9FD680729B3EA6168F3C7A2848F2FD7AD1C21556FF8FC7FB2149F1FAD683C1CDC638F65D3A2C383CA125EC9C194CAA9F67735747E5A66E9259B6B587FCBCF5FD334693

签名:

key = lic**D mod N

验证:

lic = key**E mod N

lic为key明文读取后的结构体。

参考链接：

https://blog.csdn.net/jijianshuai/article/details/80582187