Crack Sublime Text 3.2.2 Build 3211 and Sublime Text 4 Alpha 4098 with Hex

Crack Sublime Text Windows and Linux.md

---

How to Crack Sublime Text 3.2.2 Build 3211 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 3.2.2 Build 3211
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Offset 0x8545: Original 84 -> 85
5. Offset 0x08FF19: Original 75 -> EB
6. Offset 0x1932C7: Original 75 -> 74 (remove UNREGISTERED in title bar, so no need to use a license)
7. Export File and save it to location you want
8. Backup sublime_text.exe file (just rename)
9. Copy sublime_text.exe modified to directory Sublime Text 3
10. Happy Coding :)

Screenshot

---

How to Crack Sublime Text 4 Alpha 4098 with Hex Editor (Windows | Without License) ↓

1. Download & Install Sublime Text 4 Alpha 4094
2. Visit https://hexed.it/
3. Open file select sublime_text.exe
4. Go to Address: 0000A700 change 80 38 00 to FE 00 90
5. Export File and save it to location you want
6. Backup sublime_text.exe file (just rename)
7. Copy sublime_text.exe modified to directory Sublime Text 4 (i.e C:\Program Files\Sublime Text)
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

Blocked by Microsoft Defender SmartScreen -> More Info -> Run Anyway

Screenshot

---

How to Crack Sublime Text 3 & 4 Alpha 4094 with Hex Editor (Linux & MacOS | With License) ↓

1. Download & Install Sublime Text 3 or 4
2. Visit https://hexed.it/
3. Open file select sublime_text
   • Linux Location: /opt/sublime_text/sublime_text
   • MacOS Location: /Application/Sublime Text [version].app (Correct Me If I'm Wrong)
4. Search 97 94 0D and Change to 00 00 00
5. Export File and save it to location you want
6. Backup sublime_text file (just rename)
7. Copy sublime_text modified to default directory Sublime Text
8. Use this License

----- BEGIN LICENSE ----- 
TwitterInc 
200 User License 
EA7E-890007 
1D77F72E 390CDD93 4DCBA022 FAF60790 
61AA12C0 A37081C5 D0316412 4584D136 
94D7F7D4 95BC8C1C 527DA828 560BB037 
D1EDDD8C AE7B379F 50C9D69D B35179EF 
2FE898C4 8E4277A8 555CE714 E1FB0E43 
D5D52613 C3D12E98 BC49967F 7652EED2 
9D2D2E61 67610860 6D338B72 5CF95C69 
E36B85CC 84991F19 7575D828 470A92AB 
------ END LICENSE ------

9. Happy Coding :)

Screenshot

---

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

Thanks man, it works perfectly.

@Hazuki-san, you forgot the patch for licenseNotifyThread. @leogx9r didn't mention it in the analysis, but put it in his/her own patcher script. See https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47?permalink_comment_id=3802197#gistcomment-3802197

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

It's works, thx

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169

https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?

OS: Pop!_OS 20.04

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/sublime-self-patcher

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?

OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I can't press. What I need to do?
OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

Thank you for your answer. But I found a better method:

sudo sed -i 's/\x80\x78\x05\x00\x0f\x94\xc1/\xc6\x40\x05\x01\x48\x85\xc9/g' /opt/sublime_text/sublime_text

@vodiylik you should also prevent ST from notifying its server about your ST.

Do we have something for macOS build 4169?

So for Linux/Windows x64, I have created a Sublime Text 4 plugin which can patch itself. Tested working on Sublime Text latest stable/dev build: 4168/4169
https://github.com/n6333373/warehouse/raw/main/SelfPatcher.zip

Quick Demo

I've installed this plugin, but this menu item is inactive, I ca'nt press. What I need to do?
OS: Pop!_OS 20.04

One possibility is that it the place it should be placed is Menu > Preferences > Browse Packages... rather than the Packages folder which lives aside sublime_text.

Success
@pop-os:/opt/sublime_text$ sudo ./sublime_text
while its open in admin mode. Preferences > Browse Packages
Folder will open ...paste SelfPatch folder here.
Navigate back to Sublime. Help > Patch this application
Restart sublime [relaunch normally]

I really hope no one is using that self patcher package. Hopefully @defencedog and @janabil are fake GH accounts (given lack of any real activity / loc) but if not almost certainly screwed as is @vodiylik . The binary uses TBF https://github.com/secretsquirrel/the-backdoor-factory possible to do legit patching with it? Sure. Are there far easier methods that don't use a literal backdoor kit? yes.

I really hope no one is using that self patcher package. Hopefully @defencedog and @janabil are fake GH accounts (given lack of any real activity / loc) but if not almost certainly screwed as is @vodiylik . The binary uses TBF github.com/secretsquirrel/the-backdoor-factory possible to do legit patching with it? Sure. Are there far easier methods that don't use a literal backdoor kit? yes.

@JavaTryCatchMe do you have any proof or links you can provide if they have been using TBF?

@JavaTryCatchMe we are not fakes! Maybe some PC knowledge is required to understand how to apply patch

The patch is legit, I've used it on Linux and Windows and it works.

@JavaTryCatchMe we are not fakes! Maybe some PC knowledge is required to understand how to apply patch

The patch is legit, I've used it on Linux and Windows and it works.

it is not hard to apply the patch. I am not even saying it doesn't work. Plenty of malware disguises itself as something legitimate and may even do that legitimate thing (or in this case the act of cracking the application). Plenty also does not do anything suspect for some period of time, or even for most users only phoning home with some basic information and to wait to see if it should do something else or run something truly malicious.

What I am saying is you are running closed source binary executable code in full trust situations on your system from a stranger. I am saying that the binary itself has code in it from "The Backdoor Factory" linked above, that is a toolkit primarily used for remote code execution and root kits.

It is not impossible that code is used in a non-nefarious way but there are also plenty of ways not to use it.

If (hopefully) ones suspect level of random strangers binaries is a 8/10 by default and then that binary has ties with a known backdoor maybe think twice about running it...

@JavaTryCatchMe

I am the author of SelfPatcher. Please do share the proof you've found that my patcher uses TBF github.com/secretsquirrel/the-backdoor-factory. That would be interesting.

The only 3rd-party lib I used is https://github.com/secretsquirrel/SigThief whose code is fairly short and I believe it doesn't use TBF. I believe I don't I use TBF for sure. The only thing left is https://github.com/Nuitka/Nuitka which I used to compile my module into .pyd/.so files. I don't believe it uses TBF for sure (otherwise, a big news).

---

Fwiw, people are less active here. https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47 is much more active. Actually, SelfPatcher is open-source to some of trusted cracker there, but you don't have to believe me.

First, sorry @Aholicknight sorry I missed your initial comment requesting what I found related to TBF. I saw the defencedog notification and the reply after that, and didn't scroll back far enough.

@n6333373 if I made a mistake, and spending some more time in IDA it is likely so, I apologize. After being pointed to the plugin I noticed the binary distribution which was a bit odd, rather than just the dependencies/tools. I spent about 10 minutes looking for anything horrific originally. It involving compiled python always adds a layer of abstraction. There wasn't anything obvious. There were no obvious network imports but these things can be hidden.

Only a spurious comment about code from BDF.

This paired with the one obvious link as well in the code of "https://github.com/sponsors/secretsquirrel" which first and foremost talks about their primary project of the Back Door Factory and malware related topics.

Again this was a dozen minutes reviewing a suspect random binary in an area where things can often be fraught with malicious code. It wasn't run, there was no deep analysis.

So of course with the comments I went back and took some more time.

As I see it now now:

• After running the extension sandboxed and reviewing the changes made to the assembly on the main executable there is almost certainly no malicious changes made.

• The references I found, while existed, clearly were not from the BDF library but the SigThief library @n6333373 mentioned. Specifically https://github.com/secretsquirrel/SigThief/blob/ffb501bcd86acd439e4458a33e9fc5ebed4b59a8/sigthief.py#L14 . SigTheif doesn't do anything malicious only transfer signatures between PEBs and is not used in a malicious way here.

• There are no other signs of anything malicious, network connections, etc. This isn't a full breakdown but again with a deeper dive than a glancing pass. Can things hide through something like this? Sure but is it likely here? no. I will note I only looked at the windows binary and not the linux library.

As I said at the top and will say it again now, I was almost certainly wrong. @n6333373 is quite believable and I am sorry for the hasty conclusions I initially made.

4169 hex (Windows x64/leogx9r's method): E8 93 58 20 00 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 E8 7A 58 20 00 -> 90 90 90 90 90 49 8B 96 B8 02 00 00 48 8D 0D 5D 0C 00 00 41 B8 98 3A 00 00 90 90 90 90 90 (Invalidation/Validation Functions) E4 24 00 00 55 41 57 41 56 41 55 41 -> E4 24 00 00 48 31 C0 C3 56 41 55 41 (License Validity Checking) 55 56 57 48 83 EC 30 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 -> 48 31 C0 48 FF C0 C3 48 8D 6C 24 30 48 C7 45 F8 FE FF FF FF 89 D6 48 89 CF 6A 28 (Server Validation Thread)

After patch just enter anything to license and it should work.

Thank you so much!!!!

@n6333373
fun fact, you could simply provide the source to make it more trusted. If it's using posted methods and just automates it, no reason not to. We are on github already.

@n6333373
fun fact, you could simply provide the source to make it more trusted. If it's using posted methods and just automates it, no reason not to. We are on github already.

Well. I don't care whether you trust it or not. Make your decision. Or buy a license = 100% safe. I have a legit license seriously. I do this for fun.

Fwiw, people are less active here. maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47 is much more active. Actually, SelfPatcher is open-source to some of trusted cracker there, but you don't have to believe me.

I also provided discussion link there. If you don't trust it, do patch by yourself manually.

it's not safe to run the patcher. Nobody knows if it does anything else. You should run it inside a virtual machine and compare the patched binary to see if something suspicious was added. Go to https://gist.github.com/maboloshi/5baecbddacf43855f13240b63be5673d it's easier to verify the instructions and patch it yourself.

I found a very simple way. We have 2 byte value at 00007FF77C7D9144 (in build 4180). This value is set when the program is started to 0 by the instruction:

and word ptr [00007FF77C7D9144], 0

Since the instruction is eight-byte, and I do not want to rebase the program, we replace it with an eight-byte instruction:

or word ptr [00007FF77C7D9144], 0FFFFh

When this value compares with 0 (instruction 00007FF77C0841CF), zf flag doesnt sets to 1, and we have licensed program.

Found elsewhere but it works on Win64. Make sure to run a firewall & prevent from accessing web.

4180: 80 79 05 00 0F 94 C2 -> C6 41 05 01 B2 00 90

This works for most of the Sublime Text 4.X x64 (Including 4107) - block the license check via host or patch it out of EXE

RSA Key Patch (allows any key in right format to work)

Search for ...
4157415656575553B828210000
Replace with ...
33C0FEC0C3575553B828210000

Disable License Check (You can do this via hosts file if you rather)

Search for...
6C6963656E73652E7375626C696D6568712E636F6D
Replace with ...
7375626C696D6568712E6C6F63616C686F73740000

You can now use any license basically that follows the same syntax/format/key.

-- BEGIN LICENSE --
Generic Name
Unlimited User License
EA7E-81044230
0C0CD4A8 CAA317D9 CCABD1AC 434C984C
7E4A0B13 77893C3E DD0A5BA1 B2EB721C
4BAAB4C4 9B96437D 14EB743E 7DB55D9C
7CA26EE2 67C3B4EC 29B2C65A 88D90C59
CB6CCBA5 7DE6177B C02C2826 8C9A21B0
6AB1A5B6 20B09EA2 01C979BD 29670B19
92DC6D90 6E365849 4AB84739 5B4C3EA1
048CC1D0 9748ED54 CAC9D585 90CAD815
-- END LICENSE --```

so this has always been my go-to pair of hex strings to edit since the 4.x age, but since yesterday it's doesn't work anymore with 4180 (string not found)

It's also works for Linux too, btw 😮

Found elsewhere but it works on Win64. Make sure to run a firewall & prevent from accessing web.

4180: 80 79 05 00 0F 94 C2 -> C6 41 05 01 B2 00 90

@Fireshtorm1k your patch is very interesting.

it makes you registered, but at the same time requires a license upgrade.

Found elsewhere but it works on Win64. Make sure to run a firewall & prevent from accessing web.

4180: 80 79 05 00 0F 94 C2 -> C6 41 05 01 B2 00 90

Ditto this. Works on Arch after hexed and chmod.

Click To Download Crack Sublime Text Windows and Linux.md

This link to corlubar . com looks suspicious.
You could be infected with malware when visiting it.
It's safer to stay on gist.github.com

Click To Download Crack Sublime Text Windows and Linux.md

This link to corlubar . com looks suspicious. You could be infected with malware when visiting it. It's safer to stay on gist.github.com

It is... Some kind of scam (advertise spam).
https://www.virustotal.com/gui/url/c7fb2551bbac3b03f79a2630786c883b560957dbc9b13c5f73cd451e9e607acb/details

4180 hex (Windows x64/leogx9r's method):
48 8B 96 B0 02 00 00 48 8D 0D 4A 06 00 00 41 B8 88 13 00 00 E8 11 D0 1A 00 48 8B 96 B0 02 00 00 48 8D 0D BB 07 00 00 41 B8 98 3A 00 00 E8 F8 CF 1A 00 -> 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 (Invalidation/Validation Functions)
41 57 41 56 41 54 56 57 53 48 81 EC E8 03 -> C3 57 41 56 41 54 56 57 53 48 81 EC E8 03 (License Notify Thread)
20 C8 C3 41 57 41 56 -> 20 C8 C3 48 31 C0 C3 (License Validity Checking)
5F C3 56 57 53 48 83 EC 20 89 D6 -> 5F C3 48 31 C0 48 FF C0 C3 89 D6 (Server Validation Thread)

There was no crash reporter code found in this version.
After patch just enter anything to license and it should work.

Also available here