You are here: start / cracks / leech

Shortnote

Leech is a download manager with a clean interface for OSX. The trial version uses the method enterLicense around 0x1000016d8 to display a nag screen after leech has been launched more than 25 times. That is the only limitation of the trial version.

In order to circumvent this, we simply stub the enterLicense window: 

 
====== B E G I N   O F   P R O C E D U R E ======
 
 
                                       ; Basic Block Input Regs: rdi -  Killed Regs: rax r13
                                            methImpl_PMMainController_enterLicense_:
00000001000016d8 55                              push       rbp
00000001000016d9 4889E5                          mov        rbp, rsp
00000001000016dc 4157                            push       r15
00000001000016de 4156                            push       r14
00000001000016e0 4155                            push       r13
00000001000016e2 4154                            push       r12
00000001000016e4 53                              push       rbx
00000001000016e5 4883EC58                        sub        rsp, 0x58
00000001000016e9 4989FD                          mov        r13, rdi
00000001000016ec 488B0515700600                  mov        rax, qword [ds:_OBJC_IVAR_$_PMMainController.licenseWindow]
00000001000016f3 49837C050000                    cmp        qword [ds:r13+rax+0x0], 0x0
00000001000016f9 754A                            jne        0x100001745

We turn the jne into a jmp and skip the rest of the method till the return at 0x100001fa4. The necessary change is thus: 

00000001000016f9 E9A6080000                      jmp        0x100001FA4
00000001000016fe 90                              nop        
00000001000016ff 90                              nop        
0000000100001700 90                              nop        
0000000100001701 90                              nop

Also, since after the change, the Buy Leech… menu item will not work anymore, we blank it out in validateMenuItem at 0x10000eb9e: 

000000010000ee62 E90F000000                      jmp        0x10000EE76                   ; @"License"
000000010000ee67 90                              nop        
000000010000ee68 90                              nop        
000000010000ee69 488D15F0690500                  lea        rdx, qword [ds:cfstring_Buy_Leech___] ; @"Buy Leech..."
000000010000ee70 84C0                            test       al, al
000000010000ee72 480F45D1                        cmovne     rdx, rcx
000000010000ee76 488B35FB100500                  mov        rsi, qword [ds:objc_sel_localizedStringForKey_value_table_] ; @selector(localizedStringForKey:value:table:) XREF=0x10000ee62

There are nicer ways of course, one could actually write something instead of having a blank menu, but this will do just fine.

cracks/leech.txt · Last modified: 2022/04/19 08:28 by 127.0.0.1
You are here: start / cracks / leech

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.