The “crack” here is pretty simple and appears to still work on the latest version of the app (2.0.6), though the offset has changed throughout the versions. After dumping the app with otool and grepping my way through the file, I stumbled upon quite a few interesting methods. The most important of which is +(BOOL)[LicenseController isTrial]. Within this method is a je instruction at offset 0x114ab. Changing this je (jump if equal) to a jne (jump if not equal) tricks the app into doing the opposite of what it should in detecting whether or not we are running a trial. If you have a valid license (I now do), it will kick you out; if you do not have a valid license, you can enjoy your “registered” copy! All that you need to do is fire up your favorite hex editor and change 0x114ab from 74 (opcode for je) to 75 (jne).

NOTE: This only works on x86-32. If you aren’t running an Intel chip, buy a new computer already.

cracks, expandrive, os x, Reverse Engineering Hide