XRD Forums

A traditional forum for reverse engineers and security enthusiasts offering a break from modern noise.
https://xrd.sh/

Sublime 4200 patcher (Max/Linux)

https://xrd.sh/viewtopic.php?t=3

Page 1 of 1

Sublime 4200 patcher (Max/Linux)

Posted: Tue Mar 03, 2026 3:45 pm
by nuLLwire
Linux:

Code: Select all

#!/usr/bin/env python3
import sys

def patch_binary(filepath):
    with open(filepath, 'r+b') as f:
        data = bytearray(f.read())

        patches = [
            # Patch 1: 0x585cc0 -> MOV byte ptr [RDI + 0x5], 1
            (0x585cc0, bytes.fromhex('C6 47 05 01')),
            # Patch 2: 0x1484ee -> JMP +0x3e
            (0x1484ee, bytes.fromhex('EB 3E')),
            # Patch 3: 0x584658 -> MOV AL, 0; RET
            (0x584658, bytes.fromhex('B0 00 C3')),
        ]

        for offset, patch in patches:
            original = data[offset:offset+len(patch)]
            print(f"[*] File offset 0x{offset:x}: {original.hex()} -> {patch.hex()}")
            data[offset:offset+len(patch)] = patch

        # Backup original
        backup_path = filepath + '.bak'
        with open(backup_path, 'wb') as bf:
            f.seek(0)
            bf.write(f.read())
        print(f"[+] Backup saved to {backup_path}")

        # Write patched
        f.seek(0)
        f.write(data)
        print(f"[+] Patched binary saved to {filepath}")

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <sublime_text_binary>")
        sys.exit(1)
    patch_binary(sys.argv[1])
Mac:

Code: Select all

#!/usr/bin/env python3
import sys

def patch_binary(filepath):
    with open(filepath, 'r+b') as f:
        data = f.read()

    # Direct file offset for VA 0x100235dcf (found via pattern search)
    offset = 0x239dcf

    # Patch: MOV AL, 0; RET; NOPs to fill rest (20 bytes total)
    patch = bytes([
        0xB0, 0x00, 0xC3, 0x90, 0x90, 0x90, 0x90, 0x90,
        0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90,
        0x90, 0x90, 0x90, 0x90
    ])

    print(f"[+] Patching apple_fruit at file offset 0x{offset:x}")

    # Backup
    backup_path = filepath + '.bak'
    with open(backup_path, 'wb') as bf:
        bf.write(data)
    print(f"[+] Backup saved to {backup_path}")

    # Patch
    data = bytearray(data)
    data[offset:offset+len(patch)] = patch

    with open(filepath, 'wb') as f:
        f.write(data)

    print(f"[+] Patched: apple_fruit now returns 0")
    original = data[offset:offset+len(patch)]
    print(f"[+] Original: {original.hex()}")
    print(f"[+] Patched to: {patch.hex()}")

if __name__ == '__main__':
    if len(sys.argv) < 2:
        print(f"Usage: {sys.argv[0]} <sublime_text_binary>")
        sys.exit(1)
    patch_binary(sys.argv[1])
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited