Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex

Crack Sublime Text Windows and Linux.md

---

How to Crack Sublime Text 3.2.2 Build 3211 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 3.2.2 Build 3211
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Offset 0x8545: Original 84 -> 85
5. Offset 0x08FF19: Original 75 -> EB
6. Offset 0x1932C7: Original 75 -> 74 (remove UNREGISTERED in title bar, so no need to use a license)
7. Export File and save it to location you want
8. Backup sublime_text.exe file (just rename)
9. Copy sublime_text.exe modified to directory Sublime Text 3
10. Happy Coding :)

Screenshot

---

How to Crack Sublime Text 4 Alpha 4098 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 4 Alpha 4094
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Go to Address: 0000A700 change 80 38 00 to FE 00 90
5. Export File and save it to location you want
6. Backup sublime_text.exe file (just rename)
7. Copy sublime_text.exe modified to directory Sublime Text 4 (i.e C:\Program Files\Sublime Text)
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

Blocked by Microsoft Defender SmartScreen -> More Info -> Run Anyway

Screenshot

---

How to Crack Sublime Text 3 & 4 Alpha 4094 with Hex Editor (Linux & MacOS | With License) ↓

1. Download & Install Sublime Text 3 or 4
2. Visit https://hexed.it/
3. Open file select sublime_text
   • Linux Location: /opt/sublime_text/sublime_text
   • MacOS Location: /Application/Sublime Text [version].app (Correct Me If I'm Wrong)
4. Search 97 94 0D and Change to 00 00 00
5. Export File and save it to location you want
6. Backup sublime_text file (just rename)
7. Copy sublime_text modified to default directory Sublime Text
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

@strotee Had that setting configured already but thanks for the tip!

@strotee Guess I misunderstood, sorry about that.

checking online for an update & God knows what else

There's 3 telemetry-like checks in the program, update checking (config file like you showed can stop that that), a license check thread run once on startup (usually patched via hosts) and a license notify thread (that triggers whenever you enter/change a license, sending your IP, HWID, version and license info to the server). You can disable all of them by patching host file or disabling the methods (linked thread).

You get the same thing essentially but avoid having your IP address and HWID sent to the server which they can theoretically blacklist (or if they're serious enough and you're not using a VPN, contact your ISP).

@bms8197 You don't need to disable update checks (unless you click update and it replaces the patched binary) in the patched MacOS binaries -- they have everything "sketchy" disabled already. Ditto for anyone using my patching methods.

Here's my method for breaking their license protection. I've specifically applied the below to v4107.

Quick note: This isn't meant for newbies, this shows you how to patch the current and (most likely) future versions of Sublime Text. I've been using this for a while now.

Here's a basic rundown of how license validation and invalidation works:

• Licenses have hardcoded (lol, remove blacklist and patch server thread, 10/10 protection) blacklists in the executable and are signed via an RSA public key (which is 'encrypted' in the binary, basically some xor stuff).
• Application tries to validate an invalid license every 5 seconds. It expects this to fail but if it succeeds, it will unregister you after 480 seconds. This is why simply patching the validity function isn't enough.
• Application tries to validate your current license every 15 seconds. It expects this to succeed but if it fails, it will unregister you after 360 seconds.
• The application creates a thread to validate the current license with the server at license.sublimehq.com whenever the application is started (config file read) or when modifying your current license. If this succeeds to connect and your license isn't correct it will unregister you.

So how can you bypass all this? Dare I say, efficiently?

• Patch the validation function (isLicenseValid as I call it) for anything to always return 0 (valid). Values from 1-4 specify either an invalid, blacklisted or unsupported/expired license.
• Prevent thread creation for the validation/invalidation routines to avoid the license being unregistered after X seconds due to patching isLicenseValid. Optionally simply remove the "unregister" function here. Doesn't matter how you go about it really.
• Disable server validation thread or patch the HTTP host so it always fails to connect. Most people resort to using hosts to redirect the license server to localhost or renaming the host in the binary. A far better way is simply to avoid a dead thread being created that does this check.

Disabling creation of these 3 threads is my preferred method since you obviously save resources as you don't need to constantly have new threads opened every X seconds.

Why I consider this better than other methods?

• No need to find a "working"/"nonblacklisted" license. You can literally enter "Hello World!" as a valid license.
• No useless thread creation eating up resources. A small performance improvement you'll absolutely never notice.
• You don't have to patch /etc/hosts or system32/drivers/etc/hosts.
• Relies on patterns so you can build your own script to auto-patch on updates, provided patterns don't break of course.
• Doesn't decide to randomly expire.

How tho?

Patch the following methods:

• License Validity Checking (Aka IsValidLicense

Make isLicenseValid return 0, pattern is a reference to call isLicenseValid. I personally just replaced the method with xor rax, rax; ret so 48 31 C0 C3.

    Linux/MacOS x64 Pattern: `direct reference sig: E8 ? ? ? ? 49 8B BF ? ? ? ? 85 C0`
    Windows x64 Pattern:     `direct reference sig: E8 ? ? ? ? 48 8B 8B ? ? ? ? 85 C0`

• Invalidation/Validation Functions

These cause delayed unregistration after 360/480 seconds so NOP out the calls to avoid them. Aka replace E8 XX XX XX XX with 90 90 90 90 90.

    Windows x64 Pattern 1: `direct reference sig: (+0x6) 41 B8 ? ? ? ? E8 ? ? ? ? 49 8B 96`
                Pattern 2: `raw sig: E8 ? ? ? ? E8 ? ? ? ? 4C 89 F1 E8`
    Linux x64   Pattern 1: `raw sig: E8 ? ? ? ? 48 89 5C 24 ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? BF ? ? ? ? E8 ? ? ? ? 83 25`
    MacOS       Pattern 1: `raw sig: E8 ? ? ? ? 48 89 9D ? ? ? ? 48 8B B3`
                Pattern 2: `raw sig: E8 ? ? ? ? 48 8D 3D ? ? ? ? E8 ? ? ? ? 83 25`

• Server Validation Thread

Simply make this instantly return 1 to disable thread creation or patch the hostname to something invalid. I personally prefer to simply disable thread creation by making this return 1, aka 48 31 C0 48 FF C0 C3, xor rax, rax; inc rax; ret.

    Windows x64 Pattern: `raw sig: 55 56 57 48 83 EC 30 48 8D 6C 24 ? 48 C7 45 ? ? ? ? ? 89 D6 48 89 CF 6A 28`
    Linux x64   Pattern: `raw sig: 55 41 56 53 41 89 F6 48 89 FD 6A 28`
    MacOS       Pattern: `raw sig: 55 48 89 E5 41 57 41 56 53 50 41 89 F6 49 89 FF 6A 20`

Now what?

After patching simply register with anything you want. It can even be just a random letter, a space, a word, a sentence, a valid or invalid license -- whatever you want. Here's what I registered with:

Paying 80$ For A License Is Stupid

But I wanna download!

Linux

For Linux x64 on v4107, you can use this (replace /opt/sublime_text/sublime_text with the path to the binary):

# 554157415641554154534881EC68240000 -> 4831C0C390909090909090909090909090
sed -i 's/\x55\x41\x57\x41\x56\x41\x55\x41\x54\x53\x48\x81\xEC\x68\x24\x00\x00/\x48\x31\xC0\xC3\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# E8C2781800 -> 9090909090
sed -i 's/\xE8\xC2\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text
# E8A7781800 -> 9090909090
sed -i 's/\xE8\xA7\x78\x18\x00/\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

# 554156534189F64889FD6A28 -> 4831C048FFC0C39090909090
sed -i 's/\x55\x41\x56\x53\x41\x89\xF6\x48\x89\xFD\x6A\x28/\x48\x31\xC0\x48\xFF\xC0\xC3\x90\x90\x90\x90\x90/g' /opt/sublime_text/sublime_text

Windows

I've uploaded a portable copy of the Windows x64 bit version, already patched, here. Simply replace the sublime_text.exe file from the portable download with the above. Here's the virus scan. Note: PE.Heur.InvalidSig is due to patching the executable to bypass the license checks. Don't trust it? Then patch it yourself :P

I've been using this on both Windows and Linux since the new version dropped without issues.

MacOS

No.

Proof

You sir, are a legend! Worked like a charm. Thank you very much!

@leogx9r Here they patched the domain name inside ST (license.sublimehq.com) and the RSA key function. There are 2 places to patch (1 plain text, 1 machine code). So it's more stable in future version (in comparison to your method of patching 6 functions).

Of course, your method is the most complete (their method may not able to block the crash reporter, and the checking threads are left running in the background).

There's 3 telemetry-like checks in the program, update checking (config file like you showed can stop that that), a license check thread run once on startup (usually patched via hosts) and a license notify thread (that triggers whenever you enter/change a license, sending your IP, HWID, version and license info to the server). You can disable all of them by patching host file or disabling the methods (linked thread).

You get the same thing essentially but avoid having your IP address and HWID sent to the server which they can theoretically blacklist (or if they're serious enough and you're not using a VPN, contact your ISP).

Hey @leogx9r, do you know where the crash reporter send the request to? If it's the same domain (license.sublimehq.com), then their method is good enough (just using more CPU & energy in the background).

Is this still working on build 4121 ?

Is this still working on build 4121 ?

yes, at least on Win x64, see https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3758682

Edit: If you don't use a firewall, then it'll attempt to connect. Block the update check (link) or use hosts. (link)
I don't take credit for the cracks, I'm just a messenger.

@vanja-san take a look at this one

Is this still working on build 4121 ?

it does not seem to work on linux. i've just tried it using this https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3933346. it works on previous version.

or maybe i've missed something ?

@Destitute-Streetdwelling-Guttersnipe The crash reporter function in sublime_text[.exe] is a wrapper function that spawns a new process with some parameters (<build_id> /path/to/dump_file /path/to/executable_file), calling another executable in the main directory, crash_reporter[.exe].

The crash_reporter[.exe] handles all the magic and contains the actual server name it sends telemetry to, crash-report.sublimehq.com, basically sending an HTTP POST request to that URL (<URI>/crash) with the SHA-256 checksum of the binary and a deflated compressed dump of the crash.

Pretty sure it also sets the user-agent to sublime-crash-reporter/3.0 to potentially rule out fake requests but that's easy to bypass. If you were particularly evil, you could load their servers up with tons of invalid files since there doesn't seem to be any security checking here.

Thanks @leogx9r for the analysis of crash reporter. I think I can delete crash_reporter in case I can't patch the crash reporter function in ST/SM.

Is this still working on build 4121 ?

Thank you @andhika96 https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47#gistcomment-3941342

Replace following, [PREFERRED]

0000711A: E8 > 90
0000711B: 55 > 90
0000711C: 1E > 90
0000711D: 20 > 90
0000711E: 00 > 90

000A84E3: 55 > 48
000A84E4: 56 > 31
000A84E5: 57 > C0

000A84E7: 83 > FF
000A84E8: EC > C0
000A84E9: 30 > C3

OR
Search and replace following (make sure replace at the correct positions),

E8 55 1E 20 00  >  90 90 90 90 90
55 56 57  >  48 31 C0
83 EC 30  >  FF C0 C3

Tool used,
https://hexed.it/

Thanks for this mate!

Any chances to have this for linux too?

4125 Win x64?

@fredgolightly
see this for similar instructions as 4125 is working fine for me. https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3939838

hey im getting this error when running in linux : md5sum: WARNING: 1 computed checksum did NOT match

I don't can patch BUILD 4126 linux x64 ((

@vnt-83 patch 4126 for linux x64 :)
https://youtu.be/8gd6A-5e9Ik

@Stuff121 https://github.com/CodigoCristo/sublimepatch

Para windows

@Stuff121 > I think it is because of your antivirus, although it does not detect anything, try deactivating it
https://we.tl/t-IklK4rP9x3
If you can upload it to another server as an example mega or mediafire

For windows patch Sublime text 4126 and Sublime merge 2068

https://github.com/CodigoCristo/sublimepatch/

https://www.youtube.com/watch?v=wi6_sxJiJ0s

For Linux patch Sublime text 4126 and Sublime merge 2068

https://github.com/CodigoCristo/sublimepatch/

https://www.youtube.com/watch?v=8gd6A-5e9Ik

@Stuff121 if you're aware of the risk, you shouldn't trust an uploaded file from someone on the internet. It's safer to patch it yourself.

@Stuff121 it's not better, it's just another exe. You can never be sure unless you compare it with the original file. Or you can patch it yourself without download any patcher just by using the steps at https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3761049

@Stuff121 Use https://hexed.it/ perfetct perfect nice viva el Perú !

Download https://we.tl/t-IklK4rP9x3

@Stuff121 Why? Because nobody is responsible to give it to you. You get it for free here. Honestly, if you have no idea why it's so hard, then show some respect.

https://github.com/Hazuki-san/ST-collections

this worked for me on version 4126 Linux https://gist.github.com/dmknght/bfd8d25a8b4c804889f8eeaf026efbe8

@PixelMelt won't works for me this python code, can u send me through wetransfer your /opt/sublime_text/sublime_text?