Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex

Crack Sublime Text Windows and Linux.md

---

How to Crack Sublime Text 3.2.2 Build 3211 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 3.2.2 Build 3211
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Offset 0x8545: Original 84 -> 85
5. Offset 0x08FF19: Original 75 -> EB
6. Offset 0x1932C7: Original 75 -> 74 (remove UNREGISTERED in title bar, so no need to use a license)
7. Export File and save it to location you want
8. Backup sublime_text.exe file (just rename)
9. Copy sublime_text.exe modified to directory Sublime Text 3
10. Happy Coding :)

Screenshot

---

How to Crack Sublime Text 4 Alpha 4098 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 4 Alpha 4094
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Go to Address: 0000A700 change 80 38 00 to FE 00 90
5. Export File and save it to location you want
6. Backup sublime_text.exe file (just rename)
7. Copy sublime_text.exe modified to directory Sublime Text 4 (i.e C:\Program Files\Sublime Text)
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

Blocked by Microsoft Defender SmartScreen -> More Info -> Run Anyway

Screenshot

---

How to Crack Sublime Text 3 & 4 Alpha 4094 with Hex Editor (Linux & MacOS | With License) ↓

1. Download & Install Sublime Text 3 or 4
2. Visit https://hexed.it/
3. Open file select sublime_text
   • Linux Location: /opt/sublime_text/sublime_text
   • MacOS Location: /Application/Sublime Text [version].app (Correct Me If I'm Wrong)
4. Search 97 94 0D and Change to 00 00 00
5. Export File and save it to location you want
6. Backup sublime_text file (just rename)
7. Copy sublime_text modified to default directory Sublime Text
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

Hex values to change for Sublime Merge, anyone?

@lowendgamer check this out. it worked on my ubuntu vm.

In the same link pls.

@4channel This works for both Merge and Text:

This works for most of the Sublime Text 4.X x64 (Including 4107) - block the license check via host or patch it out of EXE

RSA Key Patch (allows any key in right format to work)

Search for ...
4157415656575553B828210000
Replace with ...
33C0FEC0C3575553B828210000

Disable License Check (You can do this via hosts file if you rather)

Search for...
6C6963656E73652E7375626C696D6568712E636F6D
Replace with ...
7375626C696D6568712E6C6F63616C686F73740000

You can now use any license basically that follows the same syntax/format/key.

-- BEGIN LICENSE --
Generic Name
Unlimited User License
EA7E-81044230
0C0CD4A8 CAA317D9 CCABD1AC 434C984C
7E4A0B13 77893C3E DD0A5BA1 B2EB721C
4BAAB4C4 9B96437D 14EB743E 7DB55D9C
7CA26EE2 67C3B4EC 29B2C65A 88D90C59
CB6CCBA5 7DE6177B C02C2826 8C9A21B0
6AB1A5B6 20B09EA2 01C979BD 29670B19
92DC6D90 6E365849 4AB84739 5B4C3EA1
048CC1D0 9748ED54 CAC9D585 90CAD815
-- END LICENSE --```

Here's my method for breaking their license protection. I've specifically applied the below to v4107.

Quick note: This isn't meant for newbies, this shows you how to patch the current and (most likely) future versions of Sublime Text. I've been using this for a while now.

Here's a basic rundown of how license validation and invalidation works:

* Licenses have hardcoded (lol, remove blacklist and patch server thread, 10/10 protection) blacklists in the executable and are signed via an RSA public key (which is 'encrypted' in the binary, basically some `xor` stuff).

* Application tries to validate an invalid license every 5 seconds. It expects this to fail but if it succeeds, it will unregister you after 480 seconds. This is why simply patching the validity function isn't enough.

* Application tries to validate your current license every 15 seconds. It expects this to succeed but if it fails, it will unregister you after 360 seconds.

* The application creates a thread to validate the current license with the server at `license.sublimehq.com` whenever the application is started (config file read) or when modifying your current license. If this succeeds to connect and your license isn't correct it will unregister you.

So how can you bypass all this? Dare I say, efficiently?

* Patch the validation function (`isLicenseValid` as I call it) for anything to always return 0 (valid). Values from 1-4 specify either an invalid, blacklisted or unsupported/expired license.

* Prevent thread creation for the validation/invalidation routines to avoid the license being unregistered after X seconds due to patching `isLicenseValid`. Optionally simply remove the "unregister" function here. Doesn't matter how you go about it really.

* Disable server validation thread or patch the HTTP host so it always fails to connect. Most people resort to using `hosts` to redirect the license server to `localhost` or renaming the host in the binary. A far better way is simply to avoid a dead thread being created that does this check.

Disabling creation of these 3 threads is my preferred method since you obviously save resources as you don't need to constantly have new threads opened every X seconds.

Why I consider this better than other methods?

* No need to find a "working"/"nonblacklisted" license. You can literally enter "Hello World!" as a valid license.

* No useless thread creation eating up resources. A small performance improvement you'll _absolutely_ never notice.

* You don't have to patch `/etc/hosts` or `system32/drivers/etc/hosts`.

* Relies on patterns so you can build your own script to auto-patch on updates, provided patterns don't break of course.

* Doesn't decide to randomly expire.

How tho?

Patch the following methods:

* **License Validity Checking** (Aka `IsValidLicense`

Make isLicenseValid return 0, pattern is a reference to call isLicenseValid. I personally just replaced the method with xor rax, rax; ret so 48 31 C0 C3.

    Linux/MacOS x64 Pattern: `direct reference sig: E8 ? ? ? ? 49 8B BF ? ? ? ? 85 C0`
    Windows x64 Pattern:     `direct reference sig: E8 ? ? ? ? 48 8B 8B ? ? ? ? 85 C0`

* **Invalidation/Validation Functions**

These cause delayed unregistration after 360/480 seconds so NOP out the calls to avoid them. Aka replace E8 XX XX XX XX with 90 90 90 90 90.

    Windows x64 Pattern 1: `direct reference sig: (+0x6) 41 B8 ? ? ? ? E8 ? ? ? ? 49 8B 96`
                Pattern 2: `raw sig: E8 ? ? ? ? E8 ? ? ? ? 4C 89 F1 E8`
    Linux x64   Pattern 1: `raw sig: E8 ? ? ? ? 48 89 5C 24 ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? BF ? ? ? ? E8 ? ? ? ? 83 25`
    MacOS       Pattern 1: `raw sig: E8 ? ? ? ? 48 89 9D ? ? ? ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? 48 8D 3D ? ? ? ? E8 ? ? ? ? 83 25`

* **Server Validation Thread**

Simply make this instantly return 1 to disable thread creation or patch the hostname to something invalid. I personally prefer to simply disable thread creation by making this return 1, aka 48 31 C0 48 FF C0 C3, xor rax, rax; inc rax; ret.

    Windows x64 Pattern: `raw sig: 55 56 57 48 83 EC 30 48 8D 6C 24 ? 48 C7 45 ? ? ? ? ? 89 D6 48 89 CF 6A 28`
    Linux x64   Pattern: `raw sig: 55 41 56 53 41 89 F6 48 89 FD 6A 28`
    MacOS       Pattern: `raw sig: 55 48 89 E5 41 57 41 56 53 50 41 89 F6 49 89 FF 6A 20`

Now what?

After patching simply register with anything you want. It can even be just a random letter, a space, a word, a sentence, a valid or invalid license -- whatever you want. Here's what I registered with:

Paying 80$ For A License Is Stupid

But I wanna download!

Linux

For Linux x64 on v4107, you can use this (replace /opt/sublime_text/sublime_text with the path to the binary):

# 554157415641554154534881EC68240000 -> 4831C0C390909090909090909090909090
sed -i 's/\x55\x41\x57\x41\x56\x41\x55\x41\x54\x53\x48\x81\xEC\x68\x24\x00\x00/\x48\x31\xC0\xC3\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# E8C2781800 -> 9090909090
sed -i 's/\xE8\xC2\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text
# E8A7781800 -> 9090909090
sed -i 's/\xE8\xA7\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# 554156534189F64889FD6A28 -> 4831C048FFC0C39090909090
sed -i 's/\x55\x41\x56\x53\x41\x89\xF6\x48\x89\xFD\x6A\x28/\x48\x31\xC0\x48\xFF\xC0\xC3\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

Windows

I've uploaded a portable copy of the Windows x64 bit version, already patched, here. Simply replace the sublime_text.exe file from the portable download with the above. Here's the virus scan. Note: PE.Heur.InvalidSig is due to patching the executable to bypass the license checks. Don't trust it? Then patch it yourself :P

I've been using this on both Windows and Linux since the new version dropped without issues.

MacOS

No.

Proof

man its awesome its works, you are a real programmer

Here's my method for breaking their license protection. I've specifically applied the below to v4107.
Quick note: This isn't meant for newbies, this shows you how to patch the current and (most likely) future versions of Sublime Text. I've been using this for a while now.

Here's a basic rundown of how license validation and invalidation works:

* Licenses have hardcoded (lol, remove blacklist and patch server thread, 10/10 protection) blacklists in the executable and are signed via an RSA public key (which is 'encrypted' in the binary, basically some `xor` stuff).

* Application tries to validate an invalid license every 5 seconds. It expects this to fail but if it succeeds, it will unregister you after 480 seconds. This is why simply patching the validity function isn't enough.

* Application tries to validate your current license every 15 seconds. It expects this to succeed but if it fails, it will unregister you after 360 seconds.

* The application creates a thread to validate the current license with the server at `license.sublimehq.com` whenever the application is started (config file read) or when modifying your current license. If this succeeds to connect and your license isn't correct it will unregister you.

So how can you bypass all this? Dare I say, efficiently?

* Patch the validation function (`isLicenseValid` as I call it) for anything to always return 0 (valid). Values from 1-4 specify either an invalid, blacklisted or unsupported/expired license.

* Prevent thread creation for the validation/invalidation routines to avoid the license being unregistered after X seconds due to patching `isLicenseValid`. Optionally simply remove the "unregister" function here. Doesn't matter how you go about it really.

* Disable server validation thread or patch the HTTP host so it always fails to connect. Most people resort to using `hosts` to redirect the license server to `localhost` or renaming the host in the binary. A far better way is simply to avoid a dead thread being created that does this check.

Disabling creation of these 3 threads is my preferred method since you obviously save resources as you don't need to constantly have new threads opened every X seconds.

Why I consider this better than other methods?

* No need to find a "working"/"nonblacklisted" license. You can literally enter "Hello World!" as a valid license.

* No useless thread creation eating up resources. A small performance improvement you'll _absolutely_ never notice.

* You don't have to patch `/etc/hosts` or `system32/drivers/etc/hosts`.

* Relies on patterns so you can build your own script to auto-patch on updates, provided patterns don't break of course.

* Doesn't decide to randomly expire.

How tho?

Patch the following methods:

* **License Validity Checking** (Aka `IsValidLicense`

Make isLicenseValid return 0, pattern is a reference to call isLicenseValid. I personally just replaced the method with xor rax, rax; ret so 48 31 C0 C3.

    Linux/MacOS x64 Pattern: `direct reference sig: E8 ? ? ? ? 49 8B BF ? ? ? ? 85 C0`
    Windows x64 Pattern:     `direct reference sig: E8 ? ? ? ? 48 8B 8B ? ? ? ? 85 C0`

* **Invalidation/Validation Functions**

These cause delayed unregistration after 360/480 seconds so NOP out the calls to avoid them. Aka replace E8 XX XX XX XX with 90 90 90 90 90.

    Windows x64 Pattern 1: `direct reference sig: (+0x6) 41 B8 ? ? ? ? E8 ? ? ? ? 49 8B 96`
                Pattern 2: `raw sig: E8 ? ? ? ? E8 ? ? ? ? 4C 89 F1 E8`
    Linux x64   Pattern 1: `raw sig: E8 ? ? ? ? 48 89 5C 24 ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? BF ? ? ? ? E8 ? ? ? ? 83 25`
    MacOS       Pattern 1: `raw sig: E8 ? ? ? ? 48 89 9D ? ? ? ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? 48 8D 3D ? ? ? ? E8 ? ? ? ? 83 25`

* **Server Validation Thread**

Simply make this instantly return 1 to disable thread creation or patch the hostname to something invalid. I personally prefer to simply disable thread creation by making this return 1, aka 48 31 C0 48 FF C0 C3, xor rax, rax; inc rax; ret.

    Windows x64 Pattern: `raw sig: 55 56 57 48 83 EC 30 48 8D 6C 24 ? 48 C7 45 ? ? ? ? ? 89 D6 48 89 CF 6A 28`
    Linux x64   Pattern: `raw sig: 55 41 56 53 41 89 F6 48 89 FD 6A 28`
    MacOS       Pattern: `raw sig: 55 48 89 E5 41 57 41 56 53 50 41 89 F6 49 89 FF 6A 20`

Now what?

After patching simply register with anything you want. It can even be just a random letter, a space, a word, a sentence, a valid or invalid license -- whatever you want. Here's what I registered with:

Paying 80$ For A License Is Stupid

But I wanna download!

Linux

For Linux x64 on v4107, you can use this (replace /opt/sublime_text/sublime_text with the path to the binary):

# 554157415641554154534881EC68240000 -> 4831C0C390909090909090909090909090
sed -i 's/\x55\x41\x57\x41\x56\x41\x55\x41\x54\x53\x48\x81\xEC\x68\x24\x00\x00/\x48\x31\xC0\xC3\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# E8C2781800 -> 9090909090
sed -i 's/\xE8\xC2\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text
# E8A7781800 -> 9090909090
sed -i 's/\xE8\xA7\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# 554156534189F64889FD6A28 -> 4831C048FFC0C39090909090
sed -i 's/\x55\x41\x56\x53\x41\x89\xF6\x48\x89\xFD\x6A\x28/\x48\x31\xC0\x48\xFF\xC0\xC3\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

Windows

I've uploaded a portable copy of the Windows x64 bit version, already patched, here. Simply replace the sublime_text.exe file from the portable download with the above. Here's the virus scan. Note: PE.Heur.InvalidSig is due to patching the executable to bypass the license checks. Don't trust it? Then patch it yourself :P
I've been using this on both Windows and Linux since the new version dropped without issues.

MacOS

No.

Proof

man its awesome its works, you are a real programmer

this worked thanks ❤

Works but, it says licensing upgrade required for sublime-text version 4113. I think that the Twitter license it is available till sublime text 3

At the top bar License upgrade required is mentioned.

See EDIT

EDIT:

Works perfectly (checked after a week of usage)

@rohit-kumar-j If you scrolled up a bit you'd see various methods on how to patch v4113. Using the old twitter license requires workarounds to avoid it showing expired/upgrade required or unregistering itself after a certain period of time.

See this for an in-depth tutorial on how to crack the latest versions.

I have made a rough Python 3 patcher for Sublime Text v4113 Windows x64 that uses leogx9r's signatures instead of hardcoded offsets.

https://github.com/rainbowpigeon/sublime-text-4-patcher

If there is demand, I can probably update it to support Linux and macOS.

awesome mate thanks for all the work, is arm do-able?

Thanks for sharing! Working on linux with latest version

@leo

@rohit-kumar-j If you scrolled up a bit you'd see various methods on how to patch v4113. Using the old twitter license requires workarounds to avoid it showing expired/upgrade required or unregistering itself after a certain period of time.

See this for an in-depth tutorial on how to crack the latest versions.

Thanks! This is works!

Anyone managed to patch/crack SublimeText build 4113 for MacOS Bigsur M1 cpu? (the arm version)

Anyone managed to patch/crack SublimeText build 4113 for MacOS Bigsur M1 cpu? (the arm version)

@bms8197

Try this: https://macoscrack.com/sublime-text/

@rohit-kumar-j thanks but I don't actually trust that site. The only site I have ever downloaded cracked software for mac is macdrop.

Has anyone cracked build 4114 yet?

Has anyone cracked build 4114 yet?

see https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3865017 but why not wait until a final version instead of beta?

@tiencoffee

I've updated my Windows x64 patcher to support the Dev builds too (from v4109 onwards), so v4114 should work. Feel free to test it out!
https://github.com/rainbowpigeon/sublime-text-4-patcher

@Rain

@tiencoffee

I've updated my Windows x64 patcher to support the Dev builds too (from v4109 onwards), so v4114 should work. Feel free to test it out!
https://github.com/rainbowpigeon/sublime-text-4-patcher

Bro do you have merge patcher..?

:)

@rainbowpigeon How does your script calculate the actual address from the relative address?

How does your script calculate the actual address from the relative address?

@Dannyboi21 When code/data is being referenced across sections, I calculate it by using the PointerToRawData and VirtualAddress values of the sections involved.

https://github.com/rainbowpigeon/sublime-text-4-patcher/blob/main/sublime_text_4_patcher.py#L244

    def off_to_rva(self, section: str):
        return self.offset - self.file.sections[section].PointerToRawData + self.file.sections[section].VirtualAddress

    def rva_to_off(self, section: str):
        return self.offset - self.file.sections[section].VirtualAddress + self.file.sections[section].PointerToRawData

For info on how to crack it, I followed these steps (I'm on Win x64, I can't guarantee this will work for other platforms): https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3758682

@strotee What's the point of showing that off without providing a way to patch it? To show off?

To those of you that do want Sublime Text/Merge patched and can't be bothered to beg strotee, check here. There's also ARM64 patches for Sublime Text and Merge too.

@leogx9r - if one were to scroll up, I first mention how to crack it in https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3881935. It's definitely not to show off, merely to show a new version came out and the existing crack works (just two items to search and throw in a custom, generic license) and one has an updated, newer version of Sublime. I can certainly provide a link to the steps I followed.

@strotee A link with the steps would be really helpfull :)
@leogx9r Thank you again for patching v4118 MacOS M1 version!

Tip: If you don't use a firewall, just know that it checks every time the application starts. To prevent Sublime from checking online for an update & God knows what else, disable it by doing this: Click Preferences, Settings. On the right side, add "update_check": false

@strotee Had that setting configured already but thanks for the tip!

@strotee Guess I misunderstood, sorry about that.

checking online for an update & God knows what else

There's 3 telemetry-like checks in the program, update checking (config file like you showed can stop that that), a license check thread run once on startup (usually patched via hosts) and a license notify thread (that triggers whenever you enter/change a license, sending your IP, HWID, version and license info to the server). You can disable all of them by patching host file or disabling the methods (linked thread).

You get the same thing essentially but avoid having your IP address and HWID sent to the server which they can theoretically blacklist (or if they're serious enough and you're not using a VPN, contact your ISP).

@bms8197 You don't need to disable update checks (unless you click update and it replaces the patched binary) in the patched MacOS binaries -- they have everything "sketchy" disabled already. Ditto for anyone using my patching methods.

Here's my method for breaking their license protection. I've specifically applied the below to v4107.

Quick note: This isn't meant for newbies, this shows you how to patch the current and (most likely) future versions of Sublime Text. I've been using this for a while now.

Here's a basic rundown of how license validation and invalidation works:

• Licenses have hardcoded (lol, remove blacklist and patch server thread, 10/10 protection) blacklists in the executable and are signed via an RSA public key (which is 'encrypted' in the binary, basically some xor stuff).
• Application tries to validate an invalid license every 5 seconds. It expects this to fail but if it succeeds, it will unregister you after 480 seconds. This is why simply patching the validity function isn't enough.
• Application tries to validate your current license every 15 seconds. It expects this to succeed but if it fails, it will unregister you after 360 seconds.
• The application creates a thread to validate the current license with the server at license.sublimehq.com whenever the application is started (config file read) or when modifying your current license. If this succeeds to connect and your license isn't correct it will unregister you.

So how can you bypass all this? Dare I say, efficiently?

• Patch the validation function (isLicenseValid as I call it) for anything to always return 0 (valid). Values from 1-4 specify either an invalid, blacklisted or unsupported/expired license.
• Prevent thread creation for the validation/invalidation routines to avoid the license being unregistered after X seconds due to patching isLicenseValid. Optionally simply remove the "unregister" function here. Doesn't matter how you go about it really.
• Disable server validation thread or patch the HTTP host so it always fails to connect. Most people resort to using hosts to redirect the license server to localhost or renaming the host in the binary. A far better way is simply to avoid a dead thread being created that does this check.

Disabling creation of these 3 threads is my preferred method since you obviously save resources as you don't need to constantly have new threads opened every X seconds.

Why I consider this better than other methods?

• No need to find a "working"/"nonblacklisted" license. You can literally enter "Hello World!" as a valid license.
• No useless thread creation eating up resources. A small performance improvement you'll absolutely never notice.
• You don't have to patch /etc/hosts or system32/drivers/etc/hosts.
• Relies on patterns so you can build your own script to auto-patch on updates, provided patterns don't break of course.
• Doesn't decide to randomly expire.

How tho?

Patch the following methods:

• License Validity Checking (Aka IsValidLicense

Make isLicenseValid return 0, pattern is a reference to call isLicenseValid. I personally just replaced the method with xor rax, rax; ret so 48 31 C0 C3.

    Linux/MacOS x64 Pattern: `direct reference sig: E8 ? ? ? ? 49 8B BF ? ? ? ? 85 C0`
    Windows x64 Pattern:     `direct reference sig: E8 ? ? ? ? 48 8B 8B ? ? ? ? 85 C0`

• Invalidation/Validation Functions

These cause delayed unregistration after 360/480 seconds so NOP out the calls to avoid them. Aka replace E8 XX XX XX XX with 90 90 90 90 90.

    Windows x64 Pattern 1: `direct reference sig: (+0x6) 41 B8 ? ? ? ? E8 ? ? ? ? 49 8B 96`
                Pattern 2: `raw sig: E8 ? ? ? ? E8 ? ? ? ? 4C 89 F1 E8`
    Linux x64   Pattern 1: `raw sig: E8 ? ? ? ? 48 89 5C 24 ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? BF ? ? ? ? E8 ? ? ? ? 83 25`
    MacOS       Pattern 1: `raw sig: E8 ? ? ? ? 48 89 9D ? ? ? ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? 48 8D 3D ? ? ? ? E8 ? ? ? ? 83 25`

• Server Validation Thread

Simply make this instantly return 1 to disable thread creation or patch the hostname to something invalid. I personally prefer to simply disable thread creation by making this return 1, aka 48 31 C0 48 FF C0 C3, xor rax, rax; inc rax; ret.

    Windows x64 Pattern: `raw sig: 55 56 57 48 83 EC 30 48 8D 6C 24 ? 48 C7 45 ? ? ? ? ? 89 D6 48 89 CF 6A 28`
    Linux x64   Pattern: `raw sig: 55 41 56 53 41 89 F6 48 89 FD 6A 28`
    MacOS       Pattern: `raw sig: 55 48 89 E5 41 57 41 56 53 50 41 89 F6 49 89 FF 6A 20`

Now what?

After patching simply register with anything you want. It can even be just a random letter, a space, a word, a sentence, a valid or invalid license -- whatever you want. Here's what I registered with:

Paying 80$ For A License Is Stupid

But I wanna download!

Linux

For Linux x64 on v4107, you can use this (replace /opt/sublime_text/sublime_text with the path to the binary):

# 554157415641554154534881EC68240000 -> 4831C0C390909090909090909090909090
sed -i 's/\x55\x41\x57\x41\x56\x41\x55\x41\x54\x53\x48\x81\xEC\x68\x24\x00\x00/\x48\x31\xC0\xC3\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# E8C2781800 -> 9090909090
sed -i 's/\xE8\xC2\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text
# E8A7781800 -> 9090909090
sed -i 's/\xE8\xA7\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# 554156534189F64889FD6A28 -> 4831C048FFC0C39090909090
sed -i 's/\x55\x41\x56\x53\x41\x89\xF6\x48\x89\xFD\x6A\x28/\x48\x31\xC0\x48\xFF\xC0\xC3\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

Windows

I've uploaded a portable copy of the Windows x64 bit version, already patched, here. Simply replace the sublime_text.exe file from the portable download with the above. Here's the virus scan. Note: PE.Heur.InvalidSig is due to patching the executable to bypass the license checks. Don't trust it? Then patch it yourself :P

I've been using this on both Windows and Linux since the new version dropped without issues.

MacOS

No.

Proof

You sir, are a legend! Worked like a charm. Thank you very much!

@leogx9r Here they patched the domain name inside ST (license.sublimehq.com) and the RSA key function. There are 2 places to patch (1 plain text, 1 machine code). So it's more stable in future version (in comparison to your method of patching 6 functions).

Of course, your method is the most complete (their method may not able to block the crash reporter, and the checking threads are left running in the background).

There's 3 telemetry-like checks in the program, update checking (config file like you showed can stop that that), a license check thread run once on startup (usually patched via hosts) and a license notify thread (that triggers whenever you enter/change a license, sending your IP, HWID, version and license info to the server). You can disable all of them by patching host file or disabling the methods (linked thread).

You get the same thing essentially but avoid having your IP address and HWID sent to the server which they can theoretically blacklist (or if they're serious enough and you're not using a VPN, contact your ISP).

Hey @leogx9r, do you know where the crash reporter send the request to? If it's the same domain (license.sublimehq.com), then their method is good enough (just using more CPU & energy in the background).