About version 1103 for Linux x64

Question

About version 1103 for Linux x64

tomay3000 opened this issue 6 years ago · comments

I get it only working for the INITIAL_LICENSE_CHECK_AOB.
Neither PERSISTENT_LICENSE_CHECK_AOB nor THEME_CHECK_AOB worked for this version.
Could you please provide us with the correct offsets for this version 1103.

Thank you for your understanding.

HCiSO · Answer 1 · Sun Feb 03 2019 07:23:03 GMT+0800 (China Standard Time)

Build 1103 Linux 64-bit (With reservation because I don't have Linux and unfortunately couldn't test it)

Name	Offset	Original	Patched
Initial License Check	0x306AD0	0x38	0x08
	0x306AD1	0x00	0x01
Persistent License Check	0x305DFD	0x00	0x01
Theme Check	0x3086D8	0x00	0x01

Initial License Check
38 00 74 42 48 8B 83 28 01 00 00 48 --> 08 01 74 42 48 8B 83 28 01 00 00 48
Persistent License Check
E8 67 0D 56 00 CC 66 83 27 00 83 67 --> E8 67 0D 56 00 CC 66 83 27 01 83 67
Theme Check must be here somewhere...
55 00 C6 07 00 C3 48 8B 3F 8B 77 20

Youcef Kouchkar · Answer 2 · Sun Feb 03 2019 07:29:21 GMT+0800 (China Standard Time)

I am gonna check it.

Youcef Kouchkar · Answer 3 · Sun Feb 03 2019 07:43:51 GMT+0800 (China Standard Time)

The dark theme is still not working :(

Youcef Kouchkar · Answer 4 · Sun Feb 03 2019 07:44:51 GMT+0800 (China Standard Time)

Could you please provide at least some before and after hex values.

Youcef Kouchkar · Answer 5 · Sun Feb 03 2019 07:51:37 GMT+0800 (China Standard Time)

The dark theme is only applied after a while not on the first startup.

HCiSO · Answer 6 · Sun Feb 03 2019 08:01:08 GMT+0800 (China Standard Time)

That's what I thought with the Theme Check...
As @tostercx has already written, the Dev has changed everything and the values are completely different as in build 1070

Youcef Kouchkar · Answer 7 · Sun Feb 03 2019 08:26:25 GMT+0800 (China Standard Time)

The Dev must have changed it a Little bit.

Youcef Kouchkar · Answer 8 · Sun Feb 03 2019 09:05:35 GMT+0800 (China Standard Time)

OK will try to debug it myself, which disassembler/debugger do you use?

HCiSO · Answer 9 · Sun Feb 03 2019 09:08:14 GMT+0800 (China Standard Time)

I use Hopper Disassembler v4, good luck ;)

Youcef Kouchkar · Answer 10 · Sun Feb 03 2019 09:10:59 GMT+0800 (China Standard Time)

Thank you.

HCiSO · Answer 11 · Sun Feb 03 2019 09:15:17 GMT+0800 (China Standard Time)

Old Build 1070:

0000000000495cc9 | 50                   | push rax                  |
0000000000495cca | E8 59 E0 FF FF       | call sub_493d28           |
0000000000495ccf | 48 8D 05 62 05 65 00 | lea rax, qword [0xae6238] |
0000000000495cd6 | 48 8B 0D 73 AA 64 00 | mov rcx, qword [0xae0750] |
0000000000495cdd | 48 89 01             | mov qword [rcx], rax      |
0000000000495ce0 | 48 8B 35 41 AA 64 00 | mov rsi, qword [0xae0728] |
0000000000495ce7 | 66 C7 06 00 00       | mov word [rsi], 0x0       | <-- patch this to 1
0000000000495cec | C7 46 04 00 00 00 00 | mov dword [rsi+4], 0x0    |
0000000000495cf3 | 48 8D 46 18          | lea rax, qword [rsi+0x18] |

New Build 1103:

0000000000505f7b | 53                   | push rbx                  |
0000000000505f7c | E8 5B E6 FF FF       | call sub_5045dc           |
0000000000505f81 | 48 8D 05 70 02 5C 00 | lea rax, qword [0xac61f8] |
0000000000505f88 | 48 8B 0D 91 A1 5B 00 | mov rcx, qword [0xac0120] |
0000000000505f8f | 48 89 01             | mov qword [rcx], rax      |
0000000000505f92 | 48 8B 1D 5F A1 5B 00 | mov rbx, qword [0xac00f8] |
0000000000505f99 | 48 89 DF             | mov rdi, rbx              |
0000000000505f9c | E8 59 FE FF FF       | call sub_505dfa           | <-- now using ANDs O__O
0000000000505fa1 | 48 8B 3D 88 A1 5B 00 | mov rdi, qword [0xac0130] |
0000000000505fa8 | 48 8D 15 59 40 56 00 | lea rdx, qword [0xa6a008] |

Surendrajat · Answer 12 · Mon Mar 23 2020 01:21:06 GMT+0800 (China Standard Time)

This works on 1119 build but not on beta 2002.