We are going to apply the three explained steps to a real application: Acquisition 112.3, an app developed from a stolen code.

The cracker wrote:

Acquisition 112.3 [k]

/Acquisition.app/Contents/MacOS/Acquisition
 
md5: feb943956a60081aad0214e39a508794 

 7c 08 02 a6 bd a1 ff b4 42 9f 00 05 
 -> 
 38 60 00 01 4e 80 00 20 42 9f 00 05 

 7c 08 02 a6 bd a1 ff b4 42 9f 00 05 
 -> 
 38 60 00 01 4e 80 00 20 42 9f 00 05 

 48 02 3d 91 
 -> 
 38 60 00 01 

 48 02 16 d9 
 -> 
 38 60 00 01 

 48 01 fa cd 
 -> 
 38 60 00 01 

 7c 08 02 a6 bd a1 ff b4 42 9f 00 05 
 -> 
 38 60 00 01 4e 80 00 20 42 9f 00 05 

 md5: 614751bb63336d2a8a47b5cf68fb03c1

First of all, get a copy of Acquisition 112.3, and then:

1. Find the file to modify

The cracker wrote:

/Acquisition.app/Contents/MacOS/Acquisition

This means: Control-click Acquisition/Show package contents and then go to Contents/MacOS/Acquisition. This Acquisition file is the main executable, and you'll have to apply the changes to that file (you don't need to take this file out of the application package to crack it). But first, you'll need that file to drag and drop it over the Terminal window in the step 2. b). Read below.

2. Check the MD5

Wee'll use Terminal this time (the drag and drop utilities do not need guidance):

The cracker wrote:
md5: feb943956a60081aad0214e39a508794
1. Open Terminal and type:
   md5<blank space>
   :



2. Drag and drop
   the Acquisition main executable on the Terminal window:



3. Hit
   Enter
   . Terminal will find out the MD5 value:




Cool! The MD5 matches the one listed by the cracker. Acquisition developer David Watanabe hasn't had the time to update Acquisition yet. You can crack it!

3. Apply the crack

We'll do it using HexEdit first and then Resorcerer. PeekIt and HexEditor work (for this issue) like HexEdit.

1. Using HexEdit
1. Launch HexEdit, go to File/Open... and browse to find the Acquisition main executable (
   Acquisition/Contents/MacOS/Acquisition
   ):



2. Select Acquisition and click Open. You'll see this window (isn't a beauty?):



3. The cracker wrote:

7c 08 02 a6 bd a1 ff b4 42 9f 00 05    <-- original chain of hex values 
->                                     <-- change to 
38 60 00 01 4e 80 00 20 42 9f 00 05    <-- new  chain of hex values

Note: In case where there are not blank spaces in the chain of hex values, do not bother writing them. Do not worry; HexEdit recognizes the chains anyway.

Go to the menu Find/Find... The search window will pop up. The "Matching Hex" button should be selected; if not, click it now.

Copy and paste the first
original chain of hex values
in the "Find" box and the
new chain of hex values
in the "Replace with" box.. Then click the "Find Next" button; HexEdit will find the
original chain of hex values
:


4. Now click the "Replace" button. You'll see this:


You have changed the first
original chain of hex values
to the
new chain of hex values
as indicated by the cracker.
5. Now copy and paste the second
   original chain of hex values
   in the "Find" box (clear it first) and the
   new chain of hex values
   in the "Replace with" box (this case you'll have to find and change identical chains once more):

7c 08 02 a6 bd a1 ff b4 42 9f 00 05 
 -> 
38 60 00 01 4e 80 00 20 42 9f 00 05

Click the "Find Next" button and then the "Replace" button.
6. Repeat the process with the next chain of hex values listed by the cracker until you've found and replaced each and every chain of hex values. Once you've made all the changes, close the Search window, save the changes and quit HexEdit.
7. You should now check the new MD5 to find out if you applied all the changes correctly:

Control-click
Acquisition/Show package contents
and then go to
Contents/MacOS/


This time you'll find two files, one named
Acquisition~
and other named just
Acquisition



Acquisition~
is a backup of the original (untouched) file. HexEdit has made it. You should save this file somewhere until you have tested the cracked app. If you have failed making the crack, you can try it again using this file (just do not forget to delete the
~
before to use the backuped file again).


Acquisition
is the modified file. You have to check the MD5 of this file to find out if you have applied the crack correctly.

To check the MD5 of the modified file, follow the same steps you did to check the MD5 of the original file in Step 2 above:



At the end of the instructions, the cracker wrote:
md5: 614751bb63336d2a8a47b5cf68fb03c1




Cool! The final MD5 matches the one the cracker calculated after applying the hack. You got it!

But no, you're not a cracker, the cracker is the one who found and you documented which hexadecimal values had to be changed to crack the app.

2. Using Resorcerer

You're going to crack the same app but this time using Resorcerer. Of course, you'll need a new (untouched) copy of Acquisition 112.3.



The first thing you have to do is to
delete all the blank spaces
in the
original chains of hex values
and the
new chains of hex values
the cracker wrote (if he/she did it), because Resorcerer does not accept the blank spaces. After that, you'll have these instructions:

Acquisition 112.3 [k]

/Acquisition.app/Contents/MacOS/Acquisition

md5:feb943956a60081aad0214e39a508794

7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005

7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005

48023d91
->
38600001

480216d9
->
38600001

4801facd
->
38600001

7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005

md5:614751bb63336d2a8a47b5cf68fb03c1

We're not going to repeat the MD5 checking procedure again. We'll skip that step now, but you should always check it to avoid wasting your time trying to apply a crack to the wrong file.

1. Launch Resorcerer, choose File/Open... and browse to find the Acquisition main executable, as indicated by the cracker (
   Acquisition/Contents/MacOS/Acquisition
   ):



2. Click Open. You'll see this window.



3. Select the "
   <Data Fork>
   " line and click the Open button. A new window will appear.

In the new window, click the grey triangle in the upper left corner, just to the left of the "Insertion Offset: 0" text.

You'll now see the "Find", "Replace with" and "Replace & Find" boxes, and the "Go to Offset" box. The "Hex" checkbox in the upper left corner should be checked; if not, check it now.





The cracker wrote:

7c0802a6bda1ffb4429f0005    <-- original chain of hex values
->                          <-- change to
386000014e800020429f0005    <-- new  chain of hex values

4. Copy and paste the first
   original chain of hex values
   in the "Find" box and the
   new chain of hex values
   in the "Replace with" box and click the "Find" button; Resorcerer will find the
   original chain of hex values
   . Then click the "Replace with" button:


You have changed the first
original chain of hex values
to the
new chain of hex values
indicated by the cracker.
5. Now copy and paste the second
   original chain of hex values
   in the "Find" box (clear it first) and the
   new chain of hex values
   in the "Replace with" box (this case you'll have to find and change identical chains once more):

7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005

Click the "Find" button and then the "Replace with" button.

6. Repeat the process with the next set of hex values listed by the cracker until you've found and replaced all of the chains of hex values indicated by the cracker. Then close the Search window. You'll be prompted to Save changes or not:




Click the "Save" button. You'll now be in the main Resorcerer window again. Close it, and you'll be prompted to save changes or not:





Click the "Save" button and quit Resorcerer. You're done.

7. You should check now the new MD5 to find out if you have applied all changes in the right way (see the "how to" above).