Shortnote

Path Finder is a replacement for Finder with lots of features that the regular Finder lacks. The trial is responsible for displaying a nag screen on launch, as well as placing an annoying Buy now button in the top right corner. Both of these can be circumvented in order to turn the program in a never-ending trial without any nagging or graphical distractions.

Purchase Prompt

When launching Path Finder, a pop-up window reminds the user to purchase an unlock code. This window can be skipped by jumping over the instructions responsible for showing the window:

                                            methImpl_PathFinderAppController_applicationDidFinishLaunching_:
0000000100010415 55                              push       rbp
0000000100010416 4889E5                          mov        rbp, rsp
0000000100010419 4156                            push       r14
000000010001041b 53                              push       rbx
...
0000000100010530 7517                            jne        0x100010549
                                       ; Basic Block Input Regs: r14 -  Killed Regs: rdx rsi rdi
0000000100010532 488B35F7A42200                  mov        rsi, qword [ds:objc_sel_showPurchaseWindow_] ; @selector(showPurchaseWindow:)
0000000100010539 4C89F7                          mov        rdi, r14
000000010001053c BA01000000                      mov        edx, 0x1
0000000100010541 FF15091E1C00                    call       qword [ds:imp___got__objc_msgSend]
0000000100010547 EB10                            jmp        0x100010559

By turning the jne into a jmp. The window shows up based on a test about isLicensed which appears two times in the disassembled binary.

The next occurrence is at 0x100130c97:

0000000100130ca6 7538                            jne        0x100130CE0
                                       ; Basic Block Input Regs: rcx rbx rsp -  Killed Regs: rax rcx rdx rbx rbp rsi rdi r14 xmm0
0000000100130ca8 488B3529551100                  mov        rsi, qword [ds:objc_sel_createOverlay] ; @selector(createOverlay)
0000000100130caf 4889DF                          mov        rdi, rbx
0000000100130cb2 FF1598160A00                    call       qword [ds:imp___got__objc_msgSend]
0000000100130cb8 F20F100528DD0200                movsd      xmm0, qword [ds:0x10015E9E8]
0000000100130cc0 488B35F9CD1000                  mov        rsi, qword [ds:objc_sel_performDelayedSelector_withObject_delay_] ; @selector(performDelayedSelector:withObject:delay:)
0000000100130cc7 488B15A2551100                  mov        rdx, qword [ds:objc_sel_orderWindowAfterDelay] ; @selector(orderWindowAfterDelay)
0000000100130cce 4889DF                          mov        rdi, rbx
0000000100130cd1 31C9                            xor        ecx, ecx
0000000100130cd3 488B0576160A00                  mov        rax, qword [ds:imp___got__objc_msgSend]
0000000100130cda 5B                              pop        rbx
0000000100130cdb 415E                            pop        r14
0000000100130cdd 5D                              pop        rbp
0000000100130cde FFE0                            jmp        rax
                                       ; Basic Block Input Regs: rbx rsp -  Killed Regs: rbx rbp rsi rdi r14
0000000100130ce0 488B35A1541100                  mov        rsi, qword [ds:objc_sel_destroyOverlay] ; @selector(destroyOverlay) XREF=0x100130c7d, 0x100130ca6

We change the jne to a jmp and the result is that we get rid of the annoying Buy now button in the top right corner.

That's it for Path Finder, it will never bug about purchasing the full version and will have all the features available.


cracks/pathfinder.txt ยท Last modified: 2022/04/19 08:28 by 127.0.0.1

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.