[PragmaticPulp]

As alternative tools like Ghidra or even some of the cheaper options like Hopper become more popular, I suspect Hex-Rays recognizes that corporate licenses are their bread and butter. From a business perspective it makes sense to squeeze as much out of these companies as they can get away with. The subscription costs are only a fraction of an annual salary.

Unfortunately this leaves the hobbyist and individuals behind. ~$1K/year isn't out of the realm of what I pay for other tools, but it's really hard to justify it when I can open Ghidra and get 95% of the way there without the subscription model.

IDA really is great for handling edge cases and obscure architectures, but I hope this last switch-up by Hex-Rays pushes even more developer attention toward improving the open-source alternatives.

[nekitamo]

By squeezing out hobbyists and individuals, they're shooting themselves in the foot over the long term.

The only reason any corporation I worked for purchased IDA Pro licenses was because I recommended it. The only reason I recommended it is because I could (barely) afford a personal license, and play with it in my own time.

Going forward they're going to miss out on this word-of-mouth marketing, which I expect will negatively affect sales expansion going forward.

[hunter-gatherer]

My shop cancelled our IDA licenses last year and forced us all to use Ghidra. The struggle lasted like 2 days. We have all been wildly impressed with Ghidra.

[ohazi]

They should probably supplement this "expensive corporate SaaS pricing" model with a "free for personal use" option if they want to have any hope of maintaining their standing.

[wila]

You mean like this?

https://hex-rays.com/ida-free/

[FineTralfazz]

Maybe it's improved since, but last time I used IDA free the cloud decompiler was buggy and weird and it was overall a mediocre experience. I don't see why anyone would choose to use it instead of Ghidra unless they were explicitly trying to learn IDA because it's the industry standard, and I don't see it holding that position long-term unless they improve their free/cheap offerings.

[anonymousiam]

Not sure if they've changed things because I haven't bought a product from them for almost 10 years, but back then the free option was several releases behind the current offering, and lacking many features. Also, back then there was NO free version of HexRays (a separate product).

[bri3d]

As of May of this year, IDA Free is a lot less broken now, so they are making some progress. It's no longer ancient and it has the same "cloud based" Hex-Rays that the Home version does, albeit only for x64.

[spijdar]

Home also only comes with the x64 "cloud" decompiler, at least if you buy the x86 version.

Having paid for a home license last year (mostly for the ability to run Python scripts) and discovering the home version has a sabotaged python implementation (can only run scripts individually from the GUI instead of running them from the command line, and you don't get the toolkit to develop scripts/plugins), it seems kind of hilarious that the free version is so close in feature set to Home. What's the difference even? They're both for "non-commercial use only", is the (limited) python script interface the only reason to pay $365 a year now? That, Lumina, and email support?

[TOMDM]

They only lose out in the long term by doing this if you believe they can compete in the long term.

If you're an exec at Hex-rays and you believe that Ghidra will eventually out compete you, then it makes sense to squeeze every penny you can before you're irrelevant.

[saagarjha]

Does Hex Rays have an exec team? I thought it was just Ilfak and a couple others.

[jjoonathan]

Long ago, when I got my first paycheck, I "went legit" and bought licenses for TextMate, Sublime, and IDA. Long story short, HexRays took my $1000 and never gave me a working version of their software. Bastards. I'm so glad there is an alternative now.

To this very day, whenever I'm stuck slogging through the build or debug process of a Ghidra plugin that has a more mature alternative in the IDA universe, I occasionally let a tiny bit of that resentment bubble to the surface to propel me across the finish line.

[rene77]

Shenanigans like that the product owe to its author, Ilfak Guilfanov, who's a bit of a meme in the ex-USSR SRE community. Back in the '00s, when IDA pretty much had no alternative, one couldn't just buy it. No, to pay them money, you had to be either an estabilished name (ESET or Kaspersky worked just fine), or to subtly caress the author's ego until it gives. And I've seen paying customers being kicked off the support forum for asking uncomfortable questions, complete with rude private messages. I believe that at least twice, unrelated hackers took offense and leaked the full version anyway. Fun times.

[jjoonathan]

Yeah, B2B is a wild world and this was my first time going for a ride. Ah well. You live you learn.

Speaking of which, last time this came up on HN ilfak cruised into the comments a week later, all "I can not find your nickname in our database," and I didn't see the reply until a year later. Well, the HexRays database had no problem finding my-nickname-at-gmail for the purposes of bugging me to renew, and just in case anyone thinks I'm making this up, here's the order. I also have an email with the download link and serial number -- the ones that didn't work -- and the ghosted support requests spread throughout the following year.

I'm sure this is a Hanlon's Razor thing, I just want to make sure that any naive young hackers considering the possibility of a last-time-buy on a perpetual license understand what they are getting into.

    ************************************************************
    * Your order has been accepted.
    ************************************************************
    
    Please retain this receipt for your records.
    
    This e-mail confirms your order placed with Hex-Rays.
    
    Payment data
    ------------
    
    Beneficiary                           : Hex-Rays
    Address                               : Rue Rennequin Sualem 34
    
                                            BE-4000     Liege
    Website address                       : http://www.hex-rays.com
    General conditions                    : https://www.hex-rays.com/products/ida/t&c.pdf
    
    Order date                            : 15/05/2016 22:40:05
    Order reference                       : deWerd_4732_20160515
    Ogone Payment reference               : 3016168801
    Order description                     : IDA license
    
    Total                                 : 1129.00 USD
    
    Charging method                       : MasterCard XXXXXXXXXXXX----
    Sub-brand                             : UNDEFINED
    
    Status                                : Authorised
    Authorisation code                    : ------

[no_time]

Did you do a bank chargeback? Losing $1k like that is brutal.

[vizzah]

Should have done, of course. Most likely you were suspected to be buying for a warez group release =)

[pelagicAustral]

Haha yes. I remember that NFO like very few, perhaps m00 nfos but that’s it. The leaked IDA pro was fenomenal, can’t think of the group name to see if I can find it around. I’ll make an effort.

[pelagicAustral]

Found the NFO! Some bits:

  Sorry for the English, I do not speak well -- so, some idioms      
  may be translated directly and be incorrect for understanding for  
  native.

  This release should serve as a life lesson to those who consider   
  themselves as "people 'blue' blood." It aims - in some ways        
  to bring down pride (swallow their pride), to tell these people    
  where to get off. Show that, besides them, there are other people  
  who should at least respect, appreciate their work and consider to 
  their opinions (or at least listen to).                            
                                                                     
  This release is dedicated to one man and one company, which behave 
  antisocial, defiant, arrogant, are not considered to anybody or    
  anything, and therefore need to conduct a little "educational" work
  from the community.                                                
                                                                     
  *** Let's start in order: one man - Ilfak Guilfanov.               
                                                                     
  I wanted to write a lot, then I thought - it makes no sense.       
                                                                     
  And so, in principle, nothing much to tell. Those who are "in" know
  a lot about this person. It is impossible to buy IDA even if you   
  really want to do. I described some details about this in my blog, 
  'ida' tag (do not linking here, if you need - you will find it).   
  Also, you can read some more here (Russian only):                  

  I apologize to crackers who were recruited in HexRays SA, you are  
  in some measure also falls under attack. But your head, sadly,     
  leaves no other choice.                                            
                                                                     
  In December 2007, after a memorable revelations of Ilfak in the    
  topic http://www.idapro.ru/forum/viewtopic.php?t=463, occurred     
  after warez-release of the IDA v5.5, I created another topic       
  http://www.idapro.ru/forum/viewtopic.php?t=458. In it I outlined   
  some thoughts about "double standards" of the author of IDA. Just  
  a small example. Struck up a brief conversation, which resulted in 
  Ilfak behaved absolutely inadequate (in his usual manner) and I was
  banned on the forum. But that's not all. Before I was banned, he is
  sent me a private message (PM):                                    
                                                                     
  I recommend to reconsider your attitude to people and to express   
  your thoughts in dealing with them.                                
                                                                     
  In any case, at the moment you "reap" is what you had "sow" by     
  yourself.                                                          
  I do not soft-pedal such things.                                   
                                                                     
  *** Next: company - ESET - NOD Antivirus developer                 
                                                                     
  There is a saying: "Curses like chickens come home to roost"       
  (I have already voiced it in relation to you in 2008-2009th years).
  Now it's time.                                                     
                                                                           
  So, the characters from ESET (a minimum):                                
                                                                     
    * J M - the main short-sighted and po-faced personage   
    * M Z (Customer [Un]Care; z@eset.sk)                 
    * D N (Virus Researcher)                            
                                                                     
  The ESET company treats software developers (small companies and   
  individual developers of shareware-products) as a shit, and does   
  not hide this.                                                     
                                                                    

Full version: https://pastebin.com/2EXSaq11

hahaha I knew it was legendary NFO.

[anonymousisme]

Ghidra has been publicly available for less than half the time of IDA/HexRays, but it has really caught up fast.

https://reverseengineering.stackexchange.com/questions/22676...

[saagarjha]

> IDA really is great for handling edge cases and obscure architecture

I find Ghidra to be much better at this, since people actually write loafers for it and you get a decompiler “for free”.

[bri3d]

Agreed. I find IDA to be much better than Ghidra for common things: Windows C++ or Delphi applications and ARM Objective-C where the heuristic guided decompiler really shines and Ghidra gets lost easily.

For the obscure architectures Ghidra does support, it's way better than IDA by virtue of having a decompiler alone. Even if the decompilation is subtly wrong, the broad strokes are so much easier to navigate that finding the right method to go through by hand is much easier.

And once you dive into Ghidra's P-Code IR and more advanced plugin support and move beyond existing IDA plugins, it's honestly better than IDA for things nobody has done before.

Now, there are some obscure architectures like C167 for which we still lack a working Ghidra processor model, but this is only a matter of time - and once it comes, it will already be way ahead of IDA!

[psifertex]

If automation and analysis over the IR is your goal, Binary Ninja is the far better choice compared to both Ghidra and IDA. There's always things to work on but even most people who don't use Binary Ninja regularly who have evaluated it agree that our API/BNIL stack is superior to other options.

Disclaimer: BN founder, so biased of course but I'm pretty up-front about our strengths/weaknesses.

[xvilka]

I confirm. P-code IL is archaic and was designed at the onset of "decompiler science". Modern ILs are much more consistent and suitable for both uplifting and further analysis.

[bri3d]

As I mainly reverse automative hardware, I care about only Tricore, C167, SuperH, and PowerPC, in that order - which means Binary Ninja is out for me for the time being!

Thanks for the post though, as I did look into adding a new Architecture and the setup for defining a new ISA is much simpler than it is in even Ghidra/SLEIGH, so kudos to that. Maybe if I find myself with a lot of free time I will try adding something.

[psifertex]

Totally fair -- breadth of architecture support is definitely one of the biggest strengths of Ghidra! IDA does as well but purely for disassembly which isn't nearly as useful.

EDIT: But yeah, we designed our lifting to be as simple as possible. Specifically the way we handle flags tends to simplify much of the normal tedium around what's required for other decompilers. If you do decide to build a C167 module, give us a look again. :-)

[chevill]

Would you say its easy or possible to learn reversing while you learn binary ninja? I bought a license a while back and was struggling to figure out how to do things I could easily look up tutorials for in other programs so I ended up not using it much. I found a couple of videos that were pretty out of date and other than that I saw that there were expensive training courses from a single company.

You guys should try and get someone to write a book kind of like the IDA / Ghidra books that Chris Eagle did.

There could be something out there I just missed. Got any advice?

[psifertex]

So I do a weekly live-stream which is a bit much to follow to just casually learn: https://youtube.com/c/vector35

But more importantly, there are video excerpts for some basic features which should at least help with understanding how to use BN:

https://www.youtube.com/watch?v=xKBQatwshs0&list=PLCVV6Y9Lmw...

We've got a few more in the editing queue I need to clear out as well.

That said, I agree in terms of needing more intro tutorials would be helpful. Part of the problem with producing something like the IDA books is that we are under far too active development. Our UI and features have grown exponentially over the past few years so there was just never a good time to make something that wouldn't be out of date before it was even done.

You might be interested in joining the Binary Ninja slack which is a great community for getting questions answered. https://slack.binary.ninja/

There's also the free cloud version which doesn't have quite the same features but is an easier introduction without paying. https://cloud.binary.ninja/

[megous]

True. I wanted to analyze some or1k binaries. No IDA support. Two weekends, and I had a disassembler and decompiler for the architecture, without writing any Java code. Just amazing.

You don't even need to describe the whole instruction set, just all the instructions that your target binary uses.

Such an amazing thing. And or1k is a nasty architecture with delay slots, which makes manual assembly reading quite tedious, etc. So the decompiler "C" output is very useful in this situation. I was in awe.

[ivanmontillam]

I've seen IT Security vendors do this as well, in the space of vulnerability scanners specifically.

There's this new trend that big players (vendors with the size enough to appear in Gartner), that are investing heavily in bridging the gap between them and the end user, at the expense of the small players (independent IT Security consultants and boutique firms).

Their new SaaS offerings are marketed as next generation, while making it seem that their previous product is just legacy and no longer recommended. However, it's the legacy product what got them the growth to be there today.

Their On-Prem offering is still for sale, but at a cost very hard to justify. Almost no small player can afford such a cost.

I understand the business rationale behind a product management decision like this. But not because it was the right decision at the moment, automatically I have to feel great about it.