1. We are not accepting any new account registrations at this time - watch out for announcements on Discord.

Sublime Merge v1097 (Patch Request - previous working patch no longer works)

Discussion in 'Completed Requests' started by keyser soze, Dec 13, 2018.

  1. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    x64dbg patch file for Release Build 1107
    Code:
    >sublime_merge.exe
    000000000002A1B2:25->0D
    000000000002A1B7:00->01
    000000000002ACB0:38->08
    000000000002ACB1:00->01
    000000000002FB55:00->01
    
    (Script I posted (for Build 1103) still works.)
     
    David Wang likes this.
  2. David Wang

    David Wang Registered User

    Joined:
    Jan 25, 2019
    Messages:
    6
    Likes Received:
    1
    you can run the script by Randshot:
    python sublimemerge.patch.py YOUR_DIR/sublime_merge.exe
     
  3. David Wang

    David Wang Registered User

    Joined:
    Jan 25, 2019
    Messages:
    6
    Likes Received:
    1
    if you want to use X64dbg:
    1. save the patch file as a .1337 file, say 'patch.1337'
    2. make a copy of the sublime_merge.exe, say 'copy of sublime_merge.exe'
    3. run x64dbg, and open the 'sublime_merge.exe'
    4. File -> Patch file... , click the 'Import' button, then select the 'patch.1337' file, it shows the 5 offsets
    5. Click the 'Patch File' button, select the 'copy of sublime_merge.exe'
    6. exit x64dbg. then remove the original sublime_merge.exe, rename the 'copy of sublime_merge.exe' to 'sublime_merge.exe'
    7. Run sublime_merge.exe, done.
     
    khalil21 likes this.
  4. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    x64dbg patch file for Dev Build 1111
    Code:
    >sublime_merge1.exe
    000000000002A23A:25->0D
    000000000002A23F:00->01
    000000000002AD38:38->08
    000000000002AD39:00->01
    000000000002FBDD:00->01
    
    (Script I posted (for Build 1103) still works.)
     
    David Wang likes this.
  5. a6

    a6307a Registered User

    Joined:
    Aug 27, 2018
    Messages:
    2
    Likes Received:
    0
    MacOS please!!!!

    Linux v1107 not working:
    python ./slm.py ~/Downloads/sublime_merge\ 2/sublime_merge\ copy

    Patcher >> Starting job...

    >> Linux version

    >> looking for INITIAL_LICENSE_CHECK_AOB

    Traceback (most recent call last):

    File "./slm.py", line 232, in <module>

    print("Patcher >> Could not work on input file.")

    File "./slm.py", line 221, in main

    print("Patcher >> Starting job...")

    File "./slm.py", line 111, in patch_file

    # get hex dump of input file

    File "./slm.py", line 152, in __is_initial_license_check_index_valid



    KeyError: 'linux'
     
  6. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    The script source code says that I haven't updated it for the Linux and macOS versions.
     
  7. a6

    a6307a Registered User

    Joined:
    Aug 27, 2018
    Messages:
    2
    Likes Received:
    0
    v1111 macOS
    Code:
    >sublime_merge.exe
    00000000000250AC:27->0F
    00000000000250AD:00->01
    0000000000027FB5:38->08
    0000000000027FB6:00->01
    000000000002AD45:00->01
    

    v1103 Linux
    Code:
    >sublime_merge.exe
    0000000000305DFC:27->0F
    0000000000305DFD:00->01
    0000000000306AD0:38->08
    0000000000306AD1:00->01
    00000000003086D8:00->01
    
    v1111 Linux
    Code:
    >sublime_merge.exe
    0000000000310298: 27->0F
    0000000000310299: 00->01
    0000000000310F6C: 38->08
    0000000000310F6D: 00->01
    0000000000312C15: 00->01
    
    
     
    Last edited: Apr 10, 2019
  8. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    x64dbg patch file for Dev Build 1112
    Code:
    >sublime_merge.exe
    000000000002A24A:25->0D
    000000000002A24F:00->01
    000000000002AD48:38->08
    000000000002AD49:00->01
    000000000002FBED:00->01
    
    (Script I posted (for Build 1103) still works.)
     
    David Wang and Lucci06225 like this.
  9. Lucci06225

    Lucci06225 Registered User

    Joined:
    Jan 15, 2019
    Messages:
    16
    Likes Received:
    106
    do you have a packed .exe file? thanks for sharing.
     
  10. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    No, I don't because I wouldn't trust it myself, which is why I only post the script and the x64dbg patch file.
    For the script, you just need python installed and then use the command line:
    Code:
    python slm.py sublime_merge.exe
    Other option would be to get yourself a copy of x64dbg and follow this post.
     
    Lucci06225 likes this.
  11. Lucci06225

    Lucci06225 Registered User

    Joined:
    Jan 15, 2019
    Messages:
    16
    Likes Received:
    106
    i don't have a patch file :(
     
  12. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    It's the one you quoted originally...
     
  13. keyser soze

    keyser soze Registered User

    Joined:
    Feb 17, 2017
    Messages:
    238
    Likes Received:
    2,091
    That is weird. I searched for the script's patterns, applied the changes, but I got different addresses! The patch indeed works, but at different locations.
    [​IMG]
    left is the patched file
     
  14. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    The patch file uses the relocated addresses used for running executables.
    Since you are patching a saved executable file, the addresses will differ.
    That's also the reason why the patch (python) script gives you a different set of addresses than the patch files I am posting.
    I did write a program which can translate between the two (and IDA Pro), but it is primarily written for pattern scanning.
     
  15. draww

    draww is a Trusted Warez Posterdraww ᴆᴙåωω ḀℓῑƐᴎ Staff Member Super Moderator DEV Guild Reverser

    Joined:
    Aug 22, 2008
    Messages:
    2,361
    Likes Received:
    50,835
  16. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    Last edited: Apr 18, 2019
  17. popper0

    popper0 Registered User Reverser

    Joined:
    Mar 17, 2019
    Messages:
    48
    Likes Received:
    863
    The only difference is having to install python/x64dbg vs not having to do it. At least under Windows, script probably works under Linux/Mac which is an advantage.
    That Virustotal report is cute though, 12 unknown AVs detecting a non-threat as a threat. Wonder why VT even added those AVs to their list, lol.
     
  18. Randshot

    Randshot Registered User

    Joined:
    Jan 6, 2018
    Messages:
    28
    Likes Received:
    118
    I wouldn't call Sophos ML an unknown AV, but that's beside the point, since patchers and packed executables often trigger similar warnings.

    If you don't want to install python, you can just download a portable version of x64dbg and apply the patch file.
    And yes, I could just unpack your executable and reverse it, but that's too much work, if there is a simpler alternative.
     
  19. David Wang

    David Wang Registered User

    Joined:
    Jan 25, 2019
    Messages:
    6
    Likes Received:
    1
    @Randshot 1113 has been released. and seems ur script still works. ;)
     
  20. Bi

    Billy Biro Registered User

    Joined:
    Jul 16, 2017
    Messages:
    1
    Likes Received:
    0
    @Randshot latest patch no longer works with the latest build on Windows (Build 1116).

    Any patch for this version?

    Thanks in advance.