In my efforts to expose some webservices at a stock exchange site for my own app, i needed some software for sniffing http packets.
One “http sniffer osx” search on google revealed what should be my target for reverse engineering. The software had a bug so the 14 day trial was already expired upon install. A serial seemed to be more difficult than i expected so i decided to try out reverse engineering 101.
dylanedwards gave me a good introduction for what to look at and on i went.
I used OTX for disassembly as it gives a nicer output than apples own otool. For hex editing i use Hex fiend. No more software is needed.
Patching said software were done two places. First to get the nagging screen away and second to circumvent license check on the scoop button.
Noticing (long)encryptedAntiRegBypassCode in the startCapture method i knew something fishy was going on.
+1172 00005b3a 0f85da010000 jnel 0x00005d1a
as seen above, next interesting line was the jump if not equal. Basically this jumps to the end of the method without performing the rest of the scoop buttons functionality.
I ended up jumping to offset 00005b3a in the binary using Hex Fiend and replacing 0f85da010000 with 909090909090 which are a bunch of nop’s.
A broken trial version led to an unlimited trial version. Let’s see if the software is good enough to buy after 14 days ;)