Another fun “crack” working on the latest version (1.8.0). This one works by giving you an infinite number of “trial” zaps.

I ran through the usual process of dumping the binary with otool and grepping for interesting lines. I ended up finding a couple interesting methods, the first of which is titled -(void)[AZPreferencesController showNag:]. Within that method is a call to -(BOOL)[AZRegistrationController validateExistingRegistrationInformation]. nop’ing out that call prevented the registration nag dialog from showing when launching, but did not allow any extra functionality- I left it in anyway. To do this, open up the AppZapper excutable in your favorite hex editor and skip to offset 0x3bb1b. All you have to do is replace the opcodes for the method call (e883450100) with nops (9090909090). A nop (opcode 90) basically just means “do nothing” in assembly.

The next interesting method I came across was titled -(void)[AZAppController _finishProcessingApps:]. Sounds boring- I know- but it contains an important call to the method -(BOOL)[AZRegistrationController canZap]. This is the method that determines whether or not the application is allowed to zap. All I had to do was nop out the jel immediately after this call, and the app would allow me to zap indefinitely beyond “0 trial zaps remaining” (I think I’m at -17 now). All you have to do is nop out 0f848d010000 with the good ol’ 909090909090 at offset 0x35527.

NOTE: This only works on x86-32. If you aren’t running an Intel chip, buy a new computer already.

AppZapper, cracks, os x, Reverse Engineering Hide