2020-04-11 at 2:42 PM UTC
Not sure if some of yall heard.
Hex-Rays is going to release a home edition of IDA in May.
Pricing will be $365/yr, $1 a day as they put it.
Normally their licenses start about $3000 USD.
Professionals can easily rack up multiple licenses, extremely expensive, but they are the industry status quo.
Unfortunately, this kinda leaves out hobbyist.
There is Radare (opensource), Binary Ninja ($150(personal), still new), Ghidra (opensource, NSA tool, new), ect...
From what I understand Binary Ninja was trying to build themselves up to tackle the market with an a alternative at an affordable price and Ghidra was developed by the NSA to have an alternative to avoid having to be shat on by licenses.
Looks like Ghidra really shook the market and now Hex-Rays is needing to compromise.
Exciting times, kinda feel bad for Binary Ninja...
pee pee poo poo
2020-04-11 at 3:05 PM UTC
Don't use Ghidra. There's reasons for not using it and i made a thread about it right around the time it was released. I use EDB on *Nix, and OllyDBG on windows. Also, i think you can get a version IDA Pro you don't have to pay for. But what do i know i already told you which debuggers i use.
2020-04-11 at 3:21 PM UTC
I dono, it looks promising... Didnt they patch up the RCE already?
There is IDA Free, but it was limited for a long while, only x86, but eventually released x64 I think?
No plugin support if I remember.
Spent most of my time with Radare though.
EDB and Olly are great dynamic tools, do you use any tools for static analysis?
2020-04-11 at 3:35 PM UTC
Not really i'm no analysis wizard. That said i've heard good things about VeraCode.
2020-04-11 at 4:14 PM UTC
That is a different story, I have used Fortify and CheckMarx professionally, those are geared for developers and are usually included in the build pipeline.
Usually the static RE tools are used to view/make sense what is going on then use dynamic to run/add inputs.
Most of the pros I know use IDA + WinDbg or GDB.