Haxin Mainframes

A blog about stuff I do, find interesting, or want to blab about..

Checking Out Sublime Text 3 Binary Hex Diff Versus Cracked Version

I saw a site Sublime Text 3 with hack/crack and I am always paranoid. Wondering what the actual difference was between the 3056 build and the crack I checked.

Running:

xxd sublime_text\ crack\ linux\ 64\ build\ 3065 c1.hex
xxd /opt/sublime_text/sublime_text c2.hex
diff c1.hex c2.hex

I saw that there was the following diff:

2111c2111
< 00083e0: f88e 00e8 b751 0700 3bc0 0f94 c084 c088  .....Q..;.......
---
> 00083e0: f88e 00e8 b751 0700 85c0 0f94 c084 c088  .....Q..........

Putting that into an online assembler/disassembler:

The original file:

.data:0x00000000    f8  clc
.data:0x00000001    8e00    mov    es,WORD PTR [rax]
.data:0x00000003    e8b7510700  call   func_000751bf
.data:0x00000008    3bc0    cmp    eax,eax
.data:0x0000000a    0f94c0  sete   al
.data:0x0000000d    84c0    test   al,al

The cracked file:

.data:0x00000000    f8  clc
.data:0x00000001    8e00    mov    es,WORD PTR [rax]
.data:0x00000003    e8b7510700  call   func_000751bf
.data:0x00000008    85c0    test   eax,eax
.data:0x0000000a    0f94c0  sete   al
.data:0x0000000d    84c0    test   al,al

Notice the only different is the cmp to test. According to an assembly reference I see that test is just a bitwise AND comparison so test eax,eax will always AND the same values always having the same result.

Looks like a safe hack to me..

NOTE: I pay for Sublime Text 3. It is amazing software and I am all for supporting the authors. This page just came up when searching for Sublime Text 3 and I was curious.