[aetherspawn]

I feel like they kind of lose money on IDA by not marketing some sort of hobby version. I offered the guy $100 to purchase a legit version of IDA for personal educational use and he declined (go figure). I am just a university student.

[iheartmemcache]

Between IDA Pro 5.0 (full functionality, legally free), IDA eval 7.0 (limited functionality, legally free), and IDA 6.8 (haxxed), the students are pretty well covered. I'd imagine Ilfak doesn't mind if you pirate it as a student, but giving you a 7.0 full binary is more about operational security than anything else. This is illustrated by the fact that you can literally go to buy IDA + HR for full retail at 5k and be denied a license if you're not affiliated with a reputable organization.

The reason why it's so difficult to get a pro license (even if you want to pay for it legally) is because one leak of the most current version and enterprise sales drop by about ~50%[1]. So, theoretically, if Ilfak were to give you that $100 most-recent copy and you were to share it with the wrong people, any the losses are way more than just what he lost on your sale. The legitimate corporate sales go down ~50%[1] the second a leak hits.

I'm not in rev-eng professionally, but I grew up (read: pirated it at 15) with it back when SoftICE and IDA were the only options on the market. Eventually I needed a license to side-step some legitimate licensed software for a client who's business depended on a dongle from a now defunct company. Since IDA is what I already knew, it's what I purchased. The time I would have spent learning another platform (there are lovely open source alternatives on the market now) would have exceeded the price of the software by quite a bit. For people who use IDA professionally, 1k a seat (5k w/ HR) is more than reasonable, especially with the whole ecosystem of plugins that exist around it[2].

But the times, they are a'changin. Now with all of the competitors on the market though, kids are growing up not pirating SoftICE and IDA but alternatives. 5 years down the line, when those kids have purchase influence and go to their manager with a request ("this is what I grew up with..I need a __ license"), IDA is going to have a real problem[4].

====

[1] Ilfak delineated the whole business model and decrease in sales as a result of leaks with real numbers on reddit. This was 3-4 years ago (maybe more, god I'm getting old) so I might be off by the 50%. I'm sure it's more than 1/3rd. This interestingly enough is why you see a version bump as soon as a shows up. Maybe purchasing departments are less likely to authorize a 5k license if the most recent version on piratebay? Not sure how that gets past legal and whoever is in charge of license compliance, but it happens. Pure speculation: When you bump a pirated 6.8 to a non-pirated 6.9, the engineer/manager can "legitimize" the purchase by telling purchasing "I need 6.9 and can't steal it- now, cut the purchase order, or it'll be your name coming up when we have a meeting as to why we lost Client Foo".

[2] The reason I keep paying for maintenance fees is because the extensive number of community-made/maintained plugins makes IDA basically like emacs. Powerful base-software, but when you get all your scripts setup with things like DIE[3] you can't imagine working in another setting.

[3] https://github.com/ynvb/DIE This alone is worth the cost of the base $1k IMO. Sidenote: The plugin contest was the greatest marketing idea ever. Get people to develop (or release the tools they've already developed for themselves to the public domain) extensible software that adds significant value to your software in exchange for a $1k? Absolutely brilliant.

[4] https://i.imgur.com/Qb7GSCL.png Here's a comment I made about a year ago when we saw Binary Ninja/Radare2/etc all coming of age.