@yuzhouheike wrote:
写在前面的话 罗列下本次逆向要使用的几个工具
- MonkeyDev 或者IPAPatch
- HookZz
事情起源
最近我的朋友圈充满了世界杯!几乎每个伪球迷都在刷直播世界杯!还有热心的朋友发出了世界杯直播的App(央视影音 iOS)链接!点进去看了一下,但是看直播之前需要先看长达60秒的广告。作为iOS逆向爱好者,决定为广大球迷做点儿力所能及的事情----那就是去掉广告带60广告的证据图
下面简单说下逆向过程和思路
思路
- 因为只是给央视影音App去广告!所以思路很简单(把广告相关的对象置为空即可)
逆向过程
第一步 动态分析
- 使用HookZZ的objc_msgSend模块 打印函数调用
- 只关注Ad开头的类
- 下面是相关代码
void objc_msgSend_pre_call(RegState *rs, ThreadStackPublic *ts, CallStackPublic *cs, const HookEntryInfo *info) { char *selector = (char *)rs->ZREG(1); id tmpObject = (id)rs->ZREG(0); Class tmpClass = object_getClass(tmpObject); if (!tmpClass) return; const char *className = class_getName(tmpClass); if (!strstr(className, "Ad") && !strstr(className, "Home")) { return; } memset(decollators, '-', 512); if (ts->size * 3 >= 512) return; decollators[ts->size * 3] = '\0'; printf("[OCMethodMonitor|%ld] %s [%s %s]\n", ts->thread_id, decollators, className, selector); }
- 简单展示下这个HookZz的objc_msgSend模块打印出来的内容
- CNAdPlayerView
[OCMethodMonitor|7341845312] --- [CNAdPlayerView beatHandleForTime:] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView adTime] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView setSurplusSec:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlayerUIKit] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView queuePlayer] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView indexForPlayerItem:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView playerEventType:value:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView playDelayTime] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlaying] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adTimeout]
- AdsameBannerView
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView alloc] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView initWithFrame:] [OCMethodMonitor|7341845312] --------------- [AdsameBannerView setClipsToBounds:] [OCMethodMonitor|7341845312] --------------- [AdsameBannerView setSlotStr:] [OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK] [OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK def_volume] [OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK] [OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK m_isMute] [OCMethodMonitor|7341845312] --------------- [AdsameBannerView setIsOrderedBannerPaused:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUsingCache:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setCId:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setSlotStr:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUserExposure:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setParentSDK:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setDelegateBanner:] [OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsRetina:]
- 还有其它一些带Ad的类就不一一列举了
第二步 编写hook代码
- 按照之前的思路把Ad相关的类的初始化代码返回nil
// See http://iphonedevwiki.net/index.php/Logos #import <UIKit/UIKit.h> //AdsameBannerView %hook AdsameBannerView - (AdsameBannerView*)initWithFrame:(id)arg1{ return nil; } %end %hook CNAdPlayerView -(CNAdPlayerView*)initWithFrame:(id)arg1{ return nil; } %end %hook CNADPlayerUIKit -(CNADPlayerUIKit *)initWithFrame:(id)arg1{ return nil; } %end %hook AdMasterMobileTracking +(id)sharedInstance{ return nil; } -(AdMasterMobileTracking*)init { %log; return nil; } %end第三步 打包重签
- MonkeyDev 或者 IPAPatch 用的第一个,第二个也是可以的
最后再附上去掉广告的IPA链接()
http://yuzhouheike.0a6j.cn/YSYY.ipa
最后的最后
- 感谢您在百忙之中看我的文章
发福利:打开支付宝首页搜索“8074157”,即可领红包
Posts: 14
Participants: 4