REQUEST : Iba pda 5.29 crack

[Fourier]

I need a crack for iba-PDA v6.

This Program can record values from a PLC like AUTEM PLC Analyzer.
But much BETTER.

It's dongle-protected.

http://www.iba-ag.de

[paskalare]

i don't think that exist, because iba in order to work needs iba profibus cards.
So even if you have the crack, you must have these special cards installed on the S7 rack.

[buffer_mr1]

No you can read about Ethernet too, you will not need any other Card.
only the Dongle is needet. We made it about Ethernet in our Busines.

I need a crack for iba-PDA v6 too.
Can everybody help the Analyzer is great
and in our Business we only work with an E
thernetcard no Profibus, and Dongle.
I want this to learn more about the Program
and want to run it at my Home PC. Thanks

[SILA]

IBA PDA is safed with a CRYPTO-BOX dongle from MARX-Software.
I am locking for a emulator for this type of dongle. But I can not found one!

[Link]

Here is the link
iba-PDA v6 with crack
http://plcforum.uz.ua//i ... 5.18.0.zip

[SILA]

Concratulations my friend
I think one of the best programs is cracked right now!
You make me verry happy

The problem is, that the crack is only working with this version.

[mmohamed15]

you can easily download Iba-analyzer from the formal Iba site the offline analysis tool is free

http://www.iba-ag.com/download/download ... uct=&lang=

[cook]

HI SILA, thanks for your sharing.

The new PDA v6.18.1 with some new functions, i try to crack it according to the v6.9.1 you have cracked, but i can't find the BYTEs you have changed. could you give me some help?

Thanks.

byte 0x841 = 0x16 replaced by 0x17

it seems you don't know Araxis Merge ! give it a try it's the best comparaison software !

Thanks to pinted me analyzer is free !

iBAPDA don't works on my system because probably this version don't know my CPU 319 I got a message told me the CPU is not on the CPU list.

Regards.

[frankw]

V6.9.1: byte 0x841 = 0x16 -> 0x17
V6.18.1:byte 0x919 = 0x16 -> 0x17

This byte remove NO DONGLE FOUND!

......bytes ?

V6.18.1:byte 0x1764 = 0x02 -> 0x17
byte 0x1765 = 0x7B -> 0x2A

NOW YOU CAN USE THE OPC AND VIRTUAL WITH 1024 POINTS.

[cook]

Here is the full list of modification to have it fully working. tested with Simatic S7 via TCP/IP:

ibaHW.dll

V6.18.1:

0x919 = 16 -> 17
0x1184 = 16 0A -> 17 2A
0x14F4 = 16 0A -> 17 2A
0x1764 = 02 7B -> 17 2A
0x1784 = 02 7B -> 17 2A
0x1AE4 = 28 89 -> 17 2A


total 6 change in the file.

[cook]

Available on the official site :

http://www.iba-ag.com/download/download ... uct=&lang=

and I post above the list of byte to modify to have it fully working.

You can do it with any hexadecimal editor or any editor with hexadecimal capability like ultraedit.

Regards.

Regards.

[cook]

Is there anybody to help me crack version 6.15.3??

Why specificaly 6.15.3 ? why not use the latest one 6.18.1 ???

You can crack it using 2 usefull tools : comparaison software = araxis merge, and disassembler software = IDA (Interactive Disassembler)

Regards,

Thierry.

[narkom]

Hi everyone!
Regrettably, in all cracked versions it's impossible administerring. When I try to set admin's password - the message "No dongle" appears.
Anybody knows how to fix it ?

Best regards!

[Beavis]

On IBA (all versions, even v5.x) password is stored ON DONGLE! This means that a patched version cannot use this feature!

Bye

[softcon]

thanks Beavis..
I tried it with cpu-414 it worked absolutely fine
thank for the great help

[drgry]

I have the same problem with ibaAnalyzer 5.14.1. But when using version 5.11.4 there is no problem.
I do not know what is this internal error.
Anyone else?

[unihom]

They changed IsLicensed() function. Need time to understand what to do
And there are no symbols information anymore, but files are very similiar.

Unfortunaly, I don't know MSIL well... and cant make patch quickly

[Link]

NOT everyone can download it from the official site.

Everyone may register and download free.
http://plcforum.uz.ua//i ... 5.18.0.zip

[Link]

Again new version ibaPDA v6.20.1 at official site. We still wait crack for the new version. I hope someone can make it.
http://plcforum.uz.ua//i ... 5.18.0.zip

[Manu]

I've test V6.18.1
with cook trick
Working fine, but only with old Siemens cpu S300 (no slim)
No way to recognize the HW if I use slim CPU (test with 312-314-315)
Someone have the same trouble?
Tanks

[Link]

iba-PDA 6.18.2
http://narod.ru/disk/20904889000/18.2.rar.html
http://plcforum.uz.ua//18.2.rar

[lazarvlad]

I need ibaHW.dll or crack for ibaPDA 6.22.0?Please

[cook]

Please someone can post latest version of iBAPDA Setup and iBAAnalyzer ? I cannot register on iBA website. Thanks.

[Link]

Here are the links to the ibaPDA v6.24.6 (Win7 compatible):
http://www.megaupload.com/?d=V0RTMV69
or
http://plcforum.uz.ua//i ... 5.18.0.zip


Will be thankful if you make a crack for this version. I know where to patch but I don't know how to patch. Assemblies are obfuscated and I still don't know the IL well.

[cook]

Unfortunately I cannot find the way to remove one of the dongle tests, the one show before the message box "no dongle" and now put red band on general option (this message box don't exist anymore). I post below the modification I do, maybe someone have better luck than me for the latest one. This is for the last version ibaPdaSetup_v6.24.3.exe, file ibaHW.dll

1481 : 16 => 17
1494 : 15 0A => 17 2A
18AC : 15 0A => 17 2A

And one is missing, cannot find it.

Please Linkinx64 if you know where to patch please told me. I found

a0b .b() [before was iba.CDongleInfo.Clear()] 1481 : 16 => 17
a0b .a(adz) [before was iba.CDongleInfo.IsLicensed(value class iba.IoConfiguration.ModuleType)] 1494 : 15 0A => 17 2A
a0b .a(bw3) [before was iba.CDongleInfo.IsLicensed(value class iba.IoConfiguration.PcInterfaceType)] 18AC : 15 0A => 17 2A

If you have any advises about some other places to patch please told me, It's my first time with IL and dotnet and debugging since years !!! I use dotNET Tracer + Reflector + IDA Pro.

Thanks.

[Linkinx64]

Check ibaPDAServer.dll aeg.a() :int32
That method (or function) looks too familiar to me... just like IsDonglePresent() from ibaPDA v6.18.2

[Link]

If you have any advises about some other places to patch please told me, It's my first time with IL and dotnet and debugging since years !!! I use dotNET Tracer + Reflector + IDA Pro.

New changes in ibaHW.dll (for ibaPDA v6.24.4):

13EB: 03 7b 8b 1e 00 04 -> 17 00 00 00 00 00
1481: 16 -> 17
1494: 15 0A -> 17 2A
18A0: 15 0A -> 17 2A
1B66: 06 -> 17

Remaining fixes:
"no license" (check ibaPDAServer.dll aeg class)
stream hash checking (not found yet)

[potter3000]

Subject: [LINK]: iba-PDA v6 (much better AUTEM PLC Analyzer)
18A0: 15 0A -> 17 2A Change for 18AC: 15 0A -> 17 2A

[Linkinx64]

Right, thanks

ibaPDAServer.dll changes:

18548: 16 -> 17
1855E: 16 -> 17
18C24: 09 -> 17
18C6C (maybe not required): 11 05 -> 17 00
1947A: 16 -> 17
19480: 28 EA 05 00 06 28 37 06 00 06 -> 00 00 00 00 00 00 00 00 00 00

Remaining fixes:
Stream checking causes driver load failure. I guess roots of problem goes from unmanaged part of ibaPDAServer.dll and first 4096 bytes of ibaCommon.dll also keep some secret... Anyone can advice a good memory dumper & researching tool?

[Link]

Hello
I need ibaAnalyzer for ibaPda 6.24.4, what version are compatible????
Thanks.

Version 5.18.0 must be compatible with all previous versions of ibaPDA.

ibaAnalyzer v5.18.0 download link:
http://www.megaupload.com/?d=RQLE28OE
[MD5: 7FA345B19303269B92F5E85F86E6093C]

[cook]

Hello,

I found many valuable information about dotNET reverse engineering at http://www.reteam.org/board/

most useful explanation, list of tools from a guy named "kurapica" are available to download from http://tuts4you.com/download.php?list.48

Hope it's help,

[Link]

Those who downloaded iba fix yesterday please re-download again (from the post above): there the problem I found after post has been published: acquisition stops after 15 minutes. Problem is fixed and link to a new fix is updated.

14605: 75 53 -> 90 90 - driver loaded.
But now still have a problem with unlock interfaces: after 18AC: 15 0A -> 17 2A unknown error occured when I'm applying I/O configuration. (At the moment only communication via OPC is tested). See below


If OPC is enough download ibaPDA v6.24.4 here: http://www.megaupload.com/?d=1VOQ7P5K
and changed files (ibaHW.dll, ibaPDAServer.dll) here: http://www.megaupload.com/?d=FI9ODEQQ
Try the data acquisition from OPC and post here if some problems occur.


Thanks

[Linkinx64]

got even the issue with error 217 on ibaanalyzer?!

1. Make .dat file backup.
2. Open .dat in Hex-editor and fill in with any symbol mix in range "0-9", "A-F" (e.g. 12346464ABCCBA...) after "PDAKeyInfo" and "PDAKeyInfo2" before "PDADongleInfo".
3. Save file.
4. Open changed file in ibaAnalyzer

[Link]

Here the files for ibaPDA v6.24.4 with last changes to bypass all dongle tests http://www.megaupload.com/?d=QNS7P93N
All interfaces unlocked. Unfortunately I have no any driver or interface board to try how it works. Work in Windows Vista and Windows 7 environment also not tested.

Remaining fixes:
- Playback of .dat files created with cracked version of ibaPDA (same problem as in ibaAnaluzer, see post above)

[Link]

ibaAnalyzer v5.18.0: http://www.megaupload.com/?d=RQLE28OE
ibaAnalyzer v5.18.0 hotfix for error code 217 : http://www.megaupload.com/?d=8D701VU1

[Link]

Damn! iba-ag makes new versions of ibaPDA faster than I research

ibaPDA v6.24.6: http://www.megaupload.com/?d=IJN0W73A
bypass for ibaPDA v6.24.6: http://www.megaupload.com/?d=9SLHAJFI

Playback of .dat files created with cracked version of ibaPDA is fixed

[artcon]

Hi Linkinx64,there is the same problem of playback of .dat files created with cracked version

of ibaPDA V18.2. Could you fix it,please ? Newest version is good,but for same reasons I need

this version.I am looking forward your great help.Thanks a lot!

[Linkinx64]

If you meant v6.24.4 you can just simple get ibaFilesLite.dll from v6.24.6 bypass and replace existing file in v6.24.4. These files are 100% identical.

Thank you for your hard work !!! I think you spent a lot of hours on it, thanks for this.

You are welcome! That was a pleasure for me to reverse this software.

Regards

[Ksn76]

Hello Linkinx64!
Thanks for work but in cracked version 24.6 all TCP/IP interfaces don't work, also don't work generic UDP.
I can only add interface in I/O Manager, acquisition don't start.

[artcon]

Thanks Linkinx64, maybe just now I make a mistake,misunderstand what you wrote,my english is not so good .But still tanks a lot,what you did give me a great help!

[Linkinx64]

Thanks for work but in cracked version 24.6 all TCP/IP interfaces don't work, also don't work generic UDP.
I can only add interface in I/O Manager, acquisition don't start.

What iba is writing to event log after you apply IO configuration? In v6.18.2 it works?

[Ksn76]

Hello!
In version 6.18.2 all works well. You may try it.
In 6.24.6 I see two type of messages:
"Unable to lock connection with IP address 192.168.0.1 and port 5010" and "Error starting acquisition: IOCTL: A not open acquisition region is requested".

[Link]

"Error starting acquisition: IOCTL: A not open acquisition region is requested".

Thanks for feedback. A problem raises from ibaHW.dll and I'll try to fix it soon.

"Unable to lock connection with IP address 192.168.0.1 and port 5010" and "Error starting acquisition: IOCTL: A not open acquisition region is requested".

Seems now iba mapping memory only when physical dongle insterted. But inside of ibaPDAServer.dll has mapping code for QDR Simulation. I don't know what is that but it also support data acquisition. I changed condition jump to QDR Simulation and set license time to unlimited. Unfortunately I don't know how to init dongleinfo's structure to unlock Generic TCP/IP but some other interfaces will be available

So, if you have a hex editor...
download:
1. ibaPDA v6.24.6: http://www.megaupload.com/?d=IJN0W73A
2. ibaPDA v6.24.6 dongle bypass (QDR Simulation): http://www.megaupload.com/?d=MWGVA43Q
3. After install copy 2 folders from ibaFix.zip to C:\Program Files\iba with replacing existing files. Then open ibaPDAServer.dll (C:\Program Files\iba\ibaPDA\Server), go to byte 18BC9 and change existing value (default is 0x73) to the option you want to unlock. Table is below:
0x58 - Padu
0x59 - Dig512
0x5A - MMC
0x5B - PCMCIA
0x5C - SM64
0x5D - Simolink
0x5E - L2B profibus
0x5F - Simadyn-D
0x61 - 2048 channels
0x62 - DDCSM
0x63 - S7 Request
0x64 - TCP/IP Sistream Bus
0x65 - Simatic-TDC
0x66 - Simatic-TDC Lite
0x67 - TCP/IP IbaLogic
0x69 - PDA unlimited (2048+ channels)
0x6B - Raw Ethernet
0x6C - S21 Request
0x6E - DGM200P
0x71 - PCMCIA-F
0x72 - TCP/IP Modbus
0x73 - TCP/IP VIP (this is by default)
0x74 - Reflective memory
0x75 - PcLink
0x76 - OEM Pda version
0x77 - 256 channels only
0x7A - GCOM
0x7B - TCP/IP S7
0x7C - Generic UDP
0x7D - ibaCapture-CAM (1 license)

This is temporary solution. I continue working with ibaPDA.
Regards,

[Link]

More options from byte 18BCF:
0x80 - ibaQPanel (1 license)
0x81 - HPCi request
0x82 - Scramnet+
0x83 - Ethernet IP
0x84 - Expression plugins
0x85 - S7 Analyzer
0x86 - 64 channels only
0x87 - Profinet (CP1616)
0x8B - EGD
0x8c - FM458 Request
0x8D - Modbus Serial
0x8E - ibaCapture-HMI (1 license)
0x8F - X-Pact
0x94 - OpenPCS Analyzer
0x99 - AN-X-DCSNet
0x9A - AB ethernet
0x9B - TCP/IP Generic
0x9C - TCP/IP TDC
0xA1 - Windows 7 (this is by default)
values from previous post also can be used here

Finally,

I found 5 bytes in ibaPDAServer.dll that can be changed to unlock up to 5 license options: 18BB7, 18BBD, 18BC3, 18BC9 and 18BCF.
In the link below I've post final dongle bypass for ibaPDA v6.24.6: http://www.megaupload.com/?d=W82TMMWX
To unlock required interface see "ibaPDA-v6.24.6-option-unlock.rtf" which byte value should be set.
Now only unlocked interfaces will be shown in IO-manager. OPC always available, irrespective on unlocked options.



More complicated comparing with v6.18.2?
Sorry, not found any tool that can inject into existing assembly (ibaPDAServer) method or variable (to organize mapping dongleinfo's structure cycle).
As bonus you will have at least 1 license for ibaCapture-CAM and ibaCapture-HMI (that wasn't licensed in v6.18.2).
All what we've done here with iba - is only for testing this software functionality, features and vulnerability. If you planning to use ibaPDA for commercial purposes - buy a license , respect developers.

Have a nice day!

[cook]

Sorry, not found any tool that can inject into existing assembly

Hello, Do you try Reflexil : http://sebastien.lebreton.free.fr/reflexil/ it's a plugin for Reflector ?

Of course 5 unlocked interface is OK but you know it's always same, we like to have product fully unlocked. I have iba in my personal notebook and I use it on many different system for debugging purpose. Maybe I use it once every 6 month every time on different PLC to record few signal. I cannot buy a license for this... It's a problem when you don't need a tool full-time but just few time a year, you cannot buy it... So you must do it without the right tool in bad condition...

Best regards,

Thierry.

[Linkinx64]

Of course I tried. Unfortunately this tool is not supports mixed-code .net assemblies.

[cook]

I tried too without success but I saw you are better than me so I hoped you can success ! So I think ILDASM / ILASM will not works too ?

[Linkinx64]

Of course 5 unlocked interface is OK but you know it's always same, we like to have product fully unlocked. I have iba in my personal notebook and I use it on many different system for debugging purpose. Maybe I use it once every 6 month every time on different PLC to record few signal.

It is not always same. You can change from one interface to another by re-patch ibaPDAserver.dll. Do you have more than 5 different interfaces to ibaPDA from one PLC?

So I think ILDASM / ILASM will not works too ?

Ildasm disassembly only managed code.

[Linkinx64]

Hi,

Because of data type optimizations for .net constants: If value not exceed 7F (127) .net assigns only 8 bit for integer. If need 8A (141) for example - an Int16 will be used, till 7fff (32767) etc. Int8 opcode is 1F XX (ldc.i4.s), Int32 - 20 XX XX XX XX (ldc.i4). You can use ldc.i4 instead of ldc.i4.s. but for int32 +3 more bytes needed while aeg.b() range is limited.

[mundapichi]

iba 6.24.x are no longer available. Can anybody reload the link again