Reversing uTorrent for Mac with IDA

I've tried several torrent clients for MacOSX, and I found that no client can match uTorrent in terms of size, functionality and performance. However, it has one annoying feature: ads.

While in Windows version one can get rid of ads by editing hidden setting option, Mac users are limited to using firewall to block ads from loading. This, however, still leaves an empty "Advertisement" box, as well as "Upgrade Now" button.

Luckily, thanks to an amazing reverse-engineering toolkit IDA, we can take a look under the hood of uTorrent and see if there is a better way of removing ads. Let's do some reverse-engineering!

After the analysis process has finished, we can start exploring disassembled binary. Let's go to Search - Text menu and search for "upgrade". Wow, the search results look intriguing:

removeAds function in MainWindowController, this is what we need! Let's take a look at the graph of this function.

Looking at the names of variables, we can guess that the block on the right enables ads, and the block on the left disables ads and removes "Upgrade Now" button. Great! Now let's find where the latter block is called from.

Aha! Looks like if we replace the conditional jump instruction at address 0001B42F with two NOP (No Operand) instructions (they are half the size of conditional jump), it will get the job done. After highlighting the address, go to Edit - Patch program - Assemble and enter NOP twice. You will notice that the graph changed:

Now the block which disables the ads will be executed no matter what. The only thing left to do now is to save the changes by going to Edit - Patch program - Apply patches to input file and click OK.

We replaced two bytes:

File offset 0001A42F: replaced 74 with 90
File offset 0001A430: replaced 2B with 90

Now, lets find out if it actually works and run the app...

Viola!

Originally, there was a link to download the patched uTorrent here. However, this app no longer runs on modern Macs :(