Skip to content

Instantly share code, notes, and snippets.

@JerryLokjianming
Last active December 12, 2024 12:36
Show Gist options
  • Save JerryLokjianming/71dac05f27f8c96ad1c8941b88030451 to your computer and use it in GitHub Desktop.
Save JerryLokjianming/71dac05f27f8c96ad1c8941b88030451 to your computer and use it in GitHub Desktop.
Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex

How to Crack Sublime Text 3.2.2 Build 3211 with Hex Editor (Windows | Without License) ↓

  1. Download & Install Sublime Text 3.2.2 Build 3211
  2. Visit https://hexed.it/
  3. Open file select sublime_text.exe
  4. Offset 0x8545: Original 84 -> 85
  5. Offset 0x08FF19: Original 75 -> EB
  6. Offset 0x1932C7: Original 75 -> 74 (remove UNREGISTERED in title bar, so no need to use a license)
  7. Export File and save it to location you want
  8. Backup sublime_text.exe file (just rename)
  9. Copy sublime_text.exe modified to directory Sublime Text 3
  10. Happy Coding :)
Screenshot

Screenshot


How to Crack Sublime Text 4 Alpha 4098 with Hex Editor (Windows | Without License) ↓

  1. Download & Install Sublime Text 4 Alpha 4094
  2. Visit https://hexed.it/
  3. Open file select sublime_text.exe
  4. Go to Address: 0000A700 change 80 38 00 to FE 00 90
  5. Export File and save it to location you want
  6. Backup sublime_text.exe file (just rename)
  7. Copy sublime_text.exe modified to directory Sublime Text 4 (i.e C:\Program Files\Sublime Text)
  8. Use this License
----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------
  1. Happy Coding :)
Screenshot

Screenshot


Blocked by Microsoft Defender SmartScreen -> More Info -> Run Anyway

Screenshot

Screenshot

Screenshot


How to Crack Sublime Text 3 & 4 Alpha 4094 with Hex Editor (Linux & MacOS | With License) ↓

  1. Download & Install Sublime Text 3 or 4
  2. Visit https://hexed.it/
  3. Open file select sublime_text
    • Linux Location: /opt/sublime_text/sublime_text
    • MacOS Location: /Application/Sublime Text [version].app (Correct Me If I'm Wrong)
  4. Search 97 94 0D and Change to 00 00 00
  5. Export File and save it to location you want
  6. Backup sublime_text file (just rename)
  7. Copy sublime_text modified to default directory Sublime Text
  8. Use this License
----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------
  1. Happy Coding :)
Screenshot

Screenshot


@xovtar
Copy link

xovtar commented Nov 8, 2023

Im working with Ubuntu 22.04.3 and currently every which way i have tried to replace the file or put the new one in it has failed. Not sure if its just an Ubuntu thing or if i just need to crack the lock on the read only folder that sublime_text is stored or if there is a different location. (I have even tried changing the permissions of the folder but it says its already a read-write, but also tells me its a read only when i try changing permissions via terminal)

@duckimann
Copy link

@xovtar what about change user to root then replace the file?

@n6333373
Copy link

n6333373 commented Nov 25, 2023

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself.
Tested working on Sublime Text latest stable/dev build: 4168/4169

https://github.com/n6333373/sublime-self-patcher

Quick Demo

dev.mp4
stable.mp4

@Kinjosa
Copy link

Kinjosa commented Nov 27, 2023

will you have a release for the new update version 4166 linux ?

@janabil
Copy link

janabil commented Dec 1, 2023

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169

https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

thanks Mate works like charm in both linux and windows 11

@Reelix
Copy link

Reelix commented Dec 1, 2023

If I were people, I'd rather avoid a compiled DLL from someone who created their first repo a week ago and wait for an open-source version.

@Hazuki-san
Copy link

4169 hex (Windows x64/leogx9r's method):
E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions)
E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking)
55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

@0x337
Copy link

0x337 commented Dec 2, 2023

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

Thanks man, it works perfectly.

@Destitute-Streetdwelling-Guttersnipe
Copy link

Destitute-Streetdwelling-Guttersnipe commented Dec 7, 2023 via email

@fulicat
Copy link

fulicat commented Dec 7, 2023

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

It's works, thx

@vodiylik
Copy link

vodiylik commented Dec 10, 2023

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169

https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?

OS: Pop!_OS 20.04

@n6333373
Copy link

n6333373 commented Dec 10, 2023

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/sublime-self-patcher

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?

OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

@vodiylik
Copy link

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I can't press. What I need to do?
OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

Thank you for your answer. But I found a better method:

sudo sed -i 's/\x80\x78\x05\x00\x0f\x94\xc1/\xc6\x40\x05\x01\x48\x85\xc9/g' /opt/sublime_text/sublime_text

@Destitute-Streetdwelling-Guttersnipe

@vodiylik you should also prevent ST from notifying its server about your ST.

@diwasrimal
Copy link

Do we have something for macOS build 4169?

@defencedog
Copy link

defencedog commented Dec 14, 2023

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?
OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

Success
@pop-os:/opt/sublime_text$ sudo ./sublime_text
while its open in admin mode. Preferences > Browse Packages
Folder will open ...paste SelfPatch folder here.
Navigate back to Sublime. Help > Patch this application
Restart sublime [relaunch normally]

@JavaTryCatchMe
Copy link

I really hope no one is using that self patcher package. Hopefully @defencedog and @janabil are fake GH accounts (given lack of any real activity / loc) but if not almost certainly screwed as is @vodiylik . The binary uses TBF https://github.com/secretsquirrel/the-backdoor-factory possible to do legit patching with it? Sure. Are there far easier methods that don't use a literal backdoor kit? yes.

@Aholicknight
Copy link

I really hope no one is using that self patcher package. Hopefully @defencedog and @janabil are fake GH accounts (given lack of any real activity / loc) but if not almost certainly screwed as is @vodiylik . The binary uses TBF github.com/secretsquirrel/the-backdoor-factory possible to do legit patching with it? Sure. Are there far easier methods that don't use a literal backdoor kit? yes.

@JavaTryCatchMe do you have any proof or links you can provide if they have been using TBF?

@defencedog
Copy link

defencedog commented Apr 7, 2024

@JavaTryCatchMe we are not fakes! Maybe some PC knowledge is required to understand how to apply patch

@t94xr
Copy link

t94xr commented Apr 7, 2024

The patch is legit, I've used it on Linux and Windows and it works.

@JavaTryCatchMe
Copy link

@JavaTryCatchMe we are not fakes! Maybe some PC knowledge is required to understand how to apply patch

The patch is legit, I've used it on Linux and Windows and it works.

it is not hard to apply the patch. I am not even saying it doesn't work. Plenty of malware disguises itself as something legitimate and may even do that legitimate thing (or in this case the act of cracking the application). Plenty also does not do anything suspect for some period of time, or even for most users only phoning home with some basic information and to wait to see if it should do something else or run something truly malicious.

What I am saying is you are running closed source binary executable code in full trust situations on your system from a stranger. I am saying that the binary itself has code in it from "The Backdoor Factory" linked above, that is a toolkit primarily used for remote code execution and root kits.

It is not impossible that code is used in a non-nefarious way but there are also plenty of ways not to use it.

If (hopefully) ones suspect level of random strangers binaries is a 8/10 by default and then that binary has ties with a known backdoor maybe think twice about running it...

@n6333373
Copy link

n6333373 commented Apr 8, 2024

@JavaTryCatchMe

I am the author of SelfPatcher. Please do share the proof you've found that my patcher uses TBF github.com/secretsquirrel/the-backdoor-factory. That would be interesting.

The only 3rd-party lib I used is https://github.com/secretsquirrel/SigThief whose code is fairly short and I believe it doesn't use TBF. I believe I don't I use TBF for sure. The only thing left is https://github.com/Nuitka/Nuitka which I used to compile my module into .pyd/.so files. I don't believe it uses TBF for sure (otherwise, a big news).


Fwiw, people are less active here. https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47 is much more active. Actually, SelfPatcher is open-source to some of trusted cracker there, but you don't have to believe me.

@JavaTryCatchMe
Copy link

First, sorry @Aholicknight sorry I missed your initial comment requesting what I found related to TBF. I saw the defencedog notification and the reply after that, and didn't scroll back far enough.

@n6333373 if I made a mistake, and spending some more time in IDA it is likely so, I apologize. After being pointed to the plugin I noticed the binary distribution which was a bit odd, rather than just the dependencies/tools. I spent about 10 minutes looking for anything horrific originally. It involving compiled python always adds a layer of abstraction. There wasn't anything obvious. There were no obvious network imports but these things can be hidden.

Only a spurious comment about code from BDF.

image

This paired with the one obvious link as well in the code of "https://github.com/sponsors/secretsquirrel" which first and foremost talks about their primary project of the Back Door Factory and malware related topics.

Again this was a dozen minutes reviewing a suspect random binary in an area where things can often be fraught with malicious code. It wasn't run, there was no deep analysis.

So of course with the comments I went back and took some more time.

As I see it now now:

  • After running the extension sandboxed and reviewing the changes made to the assembly on the main executable there is almost certainly no malicious changes made.

  • The references I found, while existed, clearly were not from the BDF library but the SigThief library @n6333373 mentioned. Specifically https://github.com/secretsquirrel/SigThief/blob/ffb501bcd86acd439e4458a33e9fc5ebed4b59a8/sigthief.py#L14 . SigTheif doesn't do anything malicious only transfer signatures between PEBs and is not used in a malicious way here.

  • There are no other signs of anything malicious, network connections, etc. This isn't a full breakdown but again with a deeper dive than a glancing pass. Can things hide through something like this? Sure but is it likely here? no. I will note I only looked at the windows binary and not the linux library.

As I said at the top and will say it again now, I was almost certainly wrong. @n6333373 is quite believable and I am sorry for the hasty conclusions I initially made.

@iblissstudent
Copy link

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

Thank you so much!!!!

@scryptio
Copy link

@n6333373
fun fact, you could simply provide the source to make it more trusted. If it's using posted methods and just automates it, no reason not to. We are on github already.

@n6333373
Copy link

n6333373 commented Apr 23, 2024

@n6333373
fun fact, you could simply provide the source to make it more trusted. If it's using posted methods and just automates it, no reason not to. We are on github already.

Well. I don't care whether you trust it or not. Make your decision. Or buy a license = 100% safe. I have a legit license seriously. I do this for fun.

@n6333373
Copy link

Fwiw, people are less active here. maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47 is much more active. Actually, SelfPatcher is open-source to some of trusted cracker there, but you don't have to believe me.

I also provided discussion link there. If you don't trust it, do patch by yourself manually.

@Destitute-Streetdwelling-Guttersnipe
Copy link

@Fireshtorm1k
Copy link

I found a very simple way. We have 2 byte value at 00007FF77C7D9144 (in build 4180). This value is set when the program is started to 0 by the instruction:

and word ptr [00007FF77C7D9144], 0

Since the instruction is eight-byte, and I do not want to rebase the program, we replace it with an eight-byte instruction:

or word ptr [00007FF77C7D9144], 0FFFFh

When this value compares with 0 (instruction 00007FF77C0841CF), zf flag doesnt sets to 1, and we have licensed program.

image
image

@strotee
Copy link

strotee commented Aug 8, 2024

Found elsewhere but it works on Win64. Make sure to run a firewall & prevent from accessing web.

4180: 80 79 05 00 0F 94 C2 -> C6 41 05 01 B2 00 90

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment