IDA Professional 9.x Lumina Patcher (Windows & Linux)

[CIA]

see reply for windows version

since hexrays went full nuclear on custom lumina servers in 9.x i made a fix. they basically hardcoded tls and added "baked-in" cert pinning so even with a valid cert it rejects anything that isnt their own server.

this script scans for the jumps and nops them out. it makes ida ignore the cert mismatch so u can use lumen or whatever again without needing proxies.

how to use:
1. put the script in your ida folder.
2. run it (backup libida.so first).
3. set your custom lumina server in Options > General > Lumina (i'm using Lumen), which is open source.

tested on 9.1 (9.1.250226) and 9.3 (9.3.251224.67a2f470) for linux, should work for most 9.x builds.

FUCK YOU HEXRAYS

enjoy.

Code: Select all

import os
import re

# original bytes patterns with wildcards for offsets/jumps
# patch 1: SSL_get_verify_result check
# looking for: call [rax+F8h]; test eax, eax; jnz ...
pat1 = re.compile(b"\xff\x90\xf8\x00\x00\x00\x85\xc0\x0f\x85....", re.DOTALL)
sub1 = b"\xff\x90\xf8\x00\x00\x00\x85\xc0\x90\x90\x90\x90\x90\x90"

# patch 2: internal.hex-rays.com check
# looking for: repe cmpsb; setnbe al; sbb al, 0; test al, al; jz ...
pat2 = re.compile(b"\xf3\xa6\x0f\x97\xc0\x1c\x00\x84\xc0\x74.", re.DOTALL)
sub2 = b"\xf3\xa6\x0f\x97\xc0\x1c\x00\x84\xc0\x90\x90"

def patch():
    f = "libida.so"
    if not os.path.exists(f):
        print("err: libida.so not found here")
        return

    with open(f, "rb") as file:
        data = file.read()

    print("scanning for patterns...")
    
    # check if already patched
    if sub1 in data and sub2 in data:
        print("already patched. u good")
        return

    new_data = data
    
    m1 = pat1.search(data)
    if m1:
        print(f"found patch 1 at {hex(m1.start())}")
        new_data = pat1.sub(sub1, new_data)
    else:
        print("couldnt find patch 1 pattern")

    m2 = pat2.search(data)
    if m2:
        print(f"found patch 2 at {hex(m2.start())}")
        new_data = pat2.sub(sub2, new_data)
    else:
        print("couldnt find patch 2 pattern")

    if new_data != data:
        with open(f, "wb") as file:
            file.write(new_data)
        print("done. patched successfully")
    else:
        print("nothing changed. make sure you're using 9.x on Linux?")

if __name__ == "__main__":
    patch()

[CIA]

For Windows (tested with version 9.3.251224) :

Code: Select all

import os
import re

pat_func = b"\x40\x56\x57\x48\x81\xec\x88\x04\x00\x00"
sub_func = b"\xb8\x01\x00\x00\x00\xc3\x90\x90\x90\x90"


pat_jump = re.compile(b"...", re.DOTALL) 

def patch():
    f = "ida.dll"
    if not os.path.exists(f):
        print("err: ida.dll not found here bro")
        return

    with open(f, "rb") as file:
        data = bytearray(file.read())

    print("scanning for windows patterns...")
    
    patched = False

    idx = data.find(pat_func)
    if idx != -1:
        data[idx:idx+len(sub_func)] = sub_func
        print("applied global bypass patch")
        patched = True
    else:
        print("couldnt find func pattern")

    for match in pat_jump.finditer(data):
        jnz_idx = match.start() + 10
        if data[jnz_idx] == 0x75:
            data[jnz_idx] = 0xeb
            print("patched gatekeeper jump")
            patched = True

    if not patched:
        print("nothing got patched. maybe wrong version or already done?")
        return

    # backup and save
    bak = f + ".bak"
    if not os.path.exists(bak):
        with open(bak, "wb") as b:
            with open(f, "rb") as orig:
                b.write(orig.read())
        print("backed up original dll")
        
    with open(f, "wb") as file:
        file.write(data)
        
    print("done. lumina should be working now")

if __name__ == "__main__":
    patch()