![]() ![]() Instead, use a proper macho editor such as this one. Otherwise it will compute the executable’s _LINKEDIT segment size incorrectly and “codesign” will refuse to sign the file later. When saving the executable in Hopper Disassembler do choose not to remove the code signature when saving the file: □Īs stated by various users through the comments and emails, recent versions of XtraFinder will crash now if not signed properly. Reboot your Mac and you’ll see the application works without forcing you to update. Save your changes via File -> Produce New Executable and replace the old binary file with your modified one. You can find an option to do so in the main menu > Scripts > JE > JMP : We won’t even bother much analyzing the code behind, since we may simply patch the JNE with JMP (always jump). So if the comparison before that JNE turns out to be not equal, it won’t show the nag screen. JNE is an assembly instruction meaning JUMP IF NOT EQUAL. So we basically just found the check determining whether or not to show the nag screen. However, since this is a function (and functions usually get called), we can repeat the search for places referencing this Objective-C method ( SHIFT + ALT + X). Mark the very first line in this procedure:Īnd try to search for XREF‘s to this offset:ĭang! No results. Taking a look at the code indicates there’s a method called forceCheckForUpdates: So yeah we basically reach the code that is using the string we no longer want to see. Repeat the same step again (press X to find cross references). Make sure to click on XREF so it gets highlighted: Since there’s only one result you can double click on it and it will bring you there. Hit X on your keyboard and Hopper will show you the cross references to this specific text. The search will return one result, click on it and it will bring you to the location in the file it is stored in. The file is located at /Library/ScriptingAdditions/XtraFinder.osax/Contents/MacOS/XtraFinderĪfter loading it, the first thing you’d like to do is to search e.g. If you ever were forced to update (or stop using) XtraFinder due to said error message (Xtra Finder Beta has expired) rest assured – I got an easy solution for you that comes with this tiny reverse engineering tutorial.įirst off, load the target file into Hopper. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |