由于时间和水平有限,本文会存在诸多不足,希望得到您的及时反馈与指正,多谢!
工具环境:
iPhone 6、
系统版本10.1.1
IDA Pro 7.0
0x00:防作弊产品介绍
1.由于IOS系统的不开放性,能获取的信息太少,所在IOS上的防作弊产品可做的功能就相比较于安卓要少很多了。硬件方面主要获取IDFA、IDFV这两个值,软件方面主要获取一些风险APP的名称。
0x01:SDK整体框架
1.该防作弊产品提供SDK形式给开发者调用,当开发者成功集成到APP后,APP启动时就会生成一个唯一的ID值。
2.SDK客户端整体流程如图1所示:
图1
3.服务器返回的ID会存放在系统中,这个ID值用通俗的话说,就是为每台设备注册一个身份证号,它代表了设备。这样一来,如果刷量者通过hook机制来修改IDFA、mac等设备模拟新用户就不起作用了。
0x02:技术细节分析
1.APP启动时会解密会判断本地是否缓存了deviceID值与风险app名单,如果没有就生成一个随机的deviceid然后解密写死在app中的风险文件名单。
2.从服务器获取deviceid值
如果没有缓存ID就生成一个ID,生成随机的deviceID代码如下:
// 第一次生成deviceid (uuid+当前时间)
id __cdecl -[SmidManager genFpId](SmidManager *self, SEL a2)
{
__int64 v2; // x0
__int64 v3; // x0
__int64 v4; // x0
__int64 v5; // x0
void *v6; // x0
void *v7; // x0
void *v8; // x0
void *v9; // x0
void *second; // x0
void *v11; // x0
__int64 v12; // x0
__int64 currtime; // ST68_8
id v14; // x0
__int64 uuid_md5; // x0
__int64 v16; // ST58_8
void *v17; // x0
void *v18; // x0
void *v19; // x0
void *v20; // x0
void *v21; // x9
void *v22; // x0
void *v23; // x0
void *v24; // x9
void *v25; // x0
void *v26; // x0
void *v27; // x9
void *v28; // x0
void *v29; // x0
void *v30; // x9
void *v31; // x0
void *v32; // x0
void *v33; // x9
void *v34; // x0
void *v35; // x0
void *v36; // x9
void *v37; // x0
void *v38; // x0
void *v39; // x9
void *v40; // x0
void *v41; // x0
void *v42; // x9
void *v43; // x0
struct objc_object *v44; // x0
struct objc_object *v45; // ST38_8
id v46; // x0
void *v47; // x0
__int64 v48; // x0
void *v49; // x0
__int64 v50; // ST30_8
__int64 v52; // [xsp+98h] [xbp-B8h]
void *v53; // [xsp+A0h] [xbp-B0h]
void *v54; // [xsp+A8h] [xbp-A8h]
void *v55; // [xsp+B0h] [xbp-A0h]
__int64 v56; // [xsp+B8h] [xbp-98h]
void *v57; // [xsp+C0h] [xbp-90h]
void *minute; // [xsp+C8h] [xbp-88h]
void *hour; // [xsp+D0h] [xbp-80h]
void *day; // [xsp+D8h] [xbp-78h]
void *month; // [xsp+E0h] [xbp-70h]
void *year; // [xsp+E8h] [xbp-68h]
void *v63; // [xsp+F0h] [xbp-60h]
__int64 v64; // [xsp+F8h] [xbp-58h]
void *v65; // [xsp+100h] [xbp-50h]
__int64 v66; // [xsp+108h] [xbp-48h]
struct objc_object *uuid; // [xsp+110h] [xbp-40h]
__int64 v68; // [xsp+118h] [xbp-38h]
__int64 v69; // [xsp+120h] [xbp-30h]
SEL v70; // [xsp+128h] [xbp-28h]
SmidManager *v71; // [xsp+130h] [xbp-20h]
__int64 v72; // [xsp+138h] [xbp-18h] v71 = self;
v70 = a2;
v2 = CFUUIDCreate();
v69 = v2;
v3 = CFUUIDCreateString(0LL, v2);
v68 = v3;
v4 = CFStringCreateCopy(0LL, v3);
v72 = v4;
v5 = objc_autoreleaseReturnValue(v4);
uuid = (struct objc_object *)objc_retainAutoreleasedReturnValue(v5);
CFRelease(v69);
CFRelease(v68);
v6 = objc_msgSend(&OBJC_CLASS___NSDate, (const char *)&unk_195EEC6AF);
v66 = objc_retainAutoreleasedReturnValue(v6);
v7 = objc_msgSend(&OBJC_CLASS___NSCalendar, (const char *)&unk_195F34590);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v65 = v8;
v64 = 252LL;
v9 = objc_msgSend(v8, (const char *)&unk_195F345E4, 252LL, v66);
v63 = (void *)objc_retainAutoreleasedReturnValue(v9);
year = objc_msgSend(v63, (const char *)&unk_195F9F96E);
month = objc_msgSend(v63, (const char *)&unk_195F9F973);
day = objc_msgSend(v63, (const char *)&unk_195F9F979);
hour = objc_msgSend(v63, (const char *)&unk_195F34810);
minute = objc_msgSend(v63, (const char *)&unk_195F5F105);
second = objc_msgSend(v63, (const char *)&unk_195F5F10C);
v57 = second;
v11 = objc_msgSend(
&OBJC_CLASS___NSString,
(const char *)&unk_195EDDC2A,
CFSTR("%04d%02d%02d%02d%02d%02d"),
year,
month,
day,
hour,
minute,
second);
v12 = objc_retainAutoreleasedReturnValue(v11);
v56 = v12;
currtime = v12;
v14 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"md5EncodeStr:",
uuid);
uuid_md5 = objc_retainAutoreleasedReturnValue(v14);
v16 = uuid_md5;
v17 = objc_msgSend(
&OBJC_CLASS___NSString,
(const char *)&unk_195EDDC2A,
CFSTR("%@%@%@"),
currtime,
uuid_md5,
CFSTR(""));
v55 = (void *)objc_retainAutoreleasedReturnValue(v17);
objc_release(v16);
v18 = (void *)objc_retain(&stru_1027FA700);
v54 = v18;
v19 = objc_msgSend(v18, (const char *)&unk_195EF0B91, CFSTR("shumei"));
v20 = (void *)objc_retainAutoreleasedReturnValue(v19);
v21 = v54;
v54 = v20;
objc_release(v21);
v22 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
v23 = (void *)objc_retainAutoreleasedReturnValue(v22);
v24 = v54;
v54 = v23;
objc_release(v24);
v25 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("ios"));
v26 = (void *)objc_retainAutoreleasedReturnValue(v25);
v27 = v54;
v54 = v26;
objc_release(v27);
v28 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
v29 = (void *)objc_retainAutoreleasedReturnValue(v28);
v30 = v54;
v54 = v29;
objc_release(v30);
v31 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("sec"));
v32 = (void *)objc_retainAutoreleasedReturnValue(v31);
v33 = v54;
v54 = v32;
objc_release(v33);
v34 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
v35 = (void *)objc_retainAutoreleasedReturnValue(v34);
v36 = v54;
v54 = v35;
objc_release(v36);
v37 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("key"));
v38 = (void *)objc_retainAutoreleasedReturnValue(v37);
v39 = v54;
v54 = v38;
objc_release(v39);
v40 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
v41 = (void *)objc_retainAutoreleasedReturnValue(v40);
v42 = v54;
v54 = v41;
objc_release(v42);
v43 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@%@"), v54, v55);
v44 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v43);
v45 = v44;
v46 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"md5EncodeStr:",
v44);
v53 = (void *)objc_retainAutoreleasedReturnValue(v46);
objc_release(v45);
v47 = objc_msgSend(v53, (const char *)&unk_195F19145, 14LL);
v48 = objc_retainAutoreleasedReturnValue(v47);
v52 = v48;
v49 = objc_msgSend(v55, (const char *)&unk_195EF0B91, v48);
v50 = objc_retainAutoreleasedReturnValue(v49);
objc_storeStrong(&v52, 0LL);
objc_storeStrong(&v53, 0LL);
objc_storeStrong(&v54, 0LL);
objc_storeStrong(&v55, 0LL);
objc_storeStrong(&v56, 0LL);
objc_storeStrong(&v63, 0LL);
objc_storeStrong(&v65, 0LL);
objc_storeStrong(&v66, 0LL);
objc_storeStrong(&uuid, 0LL);
return (id)objc_autoreleaseReturnValue(v50);
}
判断deviceID类型 本地随机生成为0 服务下发的为1
signed __int64 __cdecl +[SmidManager typeId:](SmidManager_meta *self, SEL a2, id a3)
{
void *v3; // x0
void *v4; // x0
void *v5; // x0
void *v6; // x8
void *v7; // x0
void *v8; // x0
void *v9; // x8
void *v10; // x0
void *v11; // x0
void *v12; // x8
void *v13; // x0
void *v14; // x0
void *v15; // x8
void *v16; // x0
void *v17; // x0
void *v18; // x8
void *v19; // x0
void *v20; // x0
void *v21; // x8
void *v22; // x0
void *v23; // x0
void *v24; // x8
void *v25; // x0
void *v26; // x0
void *v27; // x8
void *v28; // x0
__int64 v29; // x0
__int64 v30; // ST18_8
void *v31; // x0
id v32; // x0
void *v33; // x0
void *v34; // x0
__int64 v35; // x0
__int64 v36; // x8
void *v37; // x0
__int64 v39; // [xsp+68h] [xbp-48h]
void *v40; // [xsp+70h] [xbp-40h]
struct objc_object *v41; // [xsp+78h] [xbp-38h]
void *v42; // [xsp+80h] [xbp-30h]
int v43; // [xsp+8Ch] [xbp-24h]
void *v44; // [xsp+90h] [xbp-20h]
SEL v45; // [xsp+98h] [xbp-18h]
SmidManager_meta *v46; // [xsp+A0h] [xbp-10h]
__int64 v47; // [xsp+A8h] [xbp-8h] v46 = self;
v45 = a2;
v44 = 0LL;
objc_storeStrong(&v44, a3);
if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v44) &
|| objc_msgSend(v44, (const char *)&unk_195EE38EE) != &unk_3E )
{
v47 = -1LL;
v43 = ;
}
else
{
v3 = (void *)objc_retain(&stru_1027FA700);
v42 = v3;
v4 = objc_msgSend(v3, (const char *)&unk_195EF0B91, CFSTR("shumei"));
v5 = (void *)objc_retainAutoreleasedReturnValue(v4);
v6 = v42;
v42 = v5;
objc_release(v6);
v7 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v9 = v42;
v42 = v8;
objc_release(v9);
v10 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("ios"));
v11 = (void *)objc_retainAutoreleasedReturnValue(v10);
v12 = v42;
v42 = v11;
objc_release(v12);
v13 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
v14 = (void *)objc_retainAutoreleasedReturnValue(v13);
v15 = v42;
v42 = v14;
objc_release(v15);
v16 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("sec"));
v17 = (void *)objc_retainAutoreleasedReturnValue(v16);
v18 = v42;
v42 = v17;
objc_release(v18);
v19 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
v20 = (void *)objc_retainAutoreleasedReturnValue(v19);
v21 = v42;
v42 = v20;
objc_release(v21);
v22 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("key"));
v23 = (void *)objc_retainAutoreleasedReturnValue(v22);
v24 = v42;
v42 = v23;
objc_release(v24);
v25 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
v26 = (void *)objc_retainAutoreleasedReturnValue(v25);
v27 = v42;
v42 = v26;
objc_release(v27);
v28 = objc_msgSend(v44, (const char *)&unk_195F19145, 48LL);
v29 = objc_retainAutoreleasedReturnValue(v28);
v30 = v29;
v31 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@%@"), v42, v29);
v41 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v31);
objc_release(v30);
v32 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"md5EncodeStr:",
v41);
v33 = (void *)objc_retainAutoreleasedReturnValue(v32);
v40 = v33;
v34 = objc_msgSend(v33, (const char *)&unk_195F19145, 14LL);
v35 = objc_retainAutoreleasedReturnValue(v34);
v36 = (__int64)v40;
v40 = (void *)v35;
objc_release(v36);
v37 = objc_msgSend(v44, (const char *)&unk_195EDFD20, 48LL);
v39 = objc_retainAutoreleasedReturnValue(v37);
if ( (unsigned __int64)+[SmStrUtils equal:right:](&OBJC_CLASS___SmStrUtils, "equal:right:", v40, v39) & )
{
if ( (unsigned __int16)objc_msgSend(v44, (const char *)&unk_195F17186, 47LL) == )
{
v47 = 0LL;
v43 = ;
}
else
{
if ( (unsigned __int16)objc_msgSend(v44, (const char *)&unk_195F17186, 47LL) == )
v47 = 1LL;
else
v47 = -1LL;
v43 = ;
}
}
else
{
v47 = 2LL;
v43 = ;
}
objc_storeStrong(&v39, 0LL);
objc_storeStrong(&v40, 0LL);
objc_storeStrong(&v41, 0LL);
objc_storeStrong(&v42, 0LL);
}
objc_storeStrong(&v44, 0LL);
return v47;
}
将获取到的硬件信息与刚生成的deviceid组合加密传给服务器,如果成功服务器就返回一个deviceID值。
//组合请求体
{
"lstat":[
, ],
"idfa":"56076342-6AA8-4EF3-A3B3-FF0E2C6Exxxx",
"os":"ios",
"rtype":"core",
"t":,
"sdkver":"2.5.0",
"idfv":"DFF15047-2F42-4612-8BE2-8D0B2482xxxx",
"boot":,
"appId":"",
"lfrom":"gen",
"smid":"2019052914070272ea50eee30ea85b0bcc2141c04e5bcd00ebfc34bfe82ae9" //本地随机生成
}
加密传给服务器 获取deviceid key为smsdkWd4Z1WnKWa9R3ud4Jxxx(md5值)
id __cdecl -[SmAntiFraud wrap:](SmAntiFraud *self, SEL a2, id a3)
{
void *v3; // x0
__int64 v4; // x0
__int64 v5; // STD0_8
void *v6; // x0
void *v7; // STC8_8
void *v8; // x0
__int64 v9; // x0
__int64 v10; // STC0_8
void *v11; // x0
id v12; // x0
void *v13; // x0
void *v14; // STB8_8
void *v15; // x0
id v16; // x0
__int64 v17; // x0
__int64 v18; // x8
NSMutableDictionary *v19; // x0
void *v20; // x0
void *v21; // STA8_8
char v22; // STA4_1
void *v23; // x0
__int64 v24; // ST90_8
void *v25; // x0
__int64 v26; // ST78_8
id v27; // x0
__int64 v28; // x0
__int64 v29; // ST58_8
void *v30; // x0
void *v31; // x0
__int64 v32; // x0
const __CFString *v33; // x9
__int64 v34; // ST48_8
void *v35; // x0
id v36; // x0
struct objc_object *v37; // x0
id v38; // x0
__int64 v39; // x0
__int64 v40; // x8
__int64 v41; // ST30_8
__int64 v43; // [xsp+D8h] [xbp-68h]
struct objc_object *v44; // [xsp+E0h] [xbp-60h]
__int64 v45; // [xsp+E8h] [xbp-58h]
void *v46; // [xsp+F0h] [xbp-50h]
struct objc_object *v47; // [xsp+F8h] [xbp-48h]
struct objc_object *v48; // [xsp+100h] [xbp-40h]
__int64 v49; // [xsp+108h] [xbp-38h]
char v50; // [xsp+117h] [xbp-29h]
struct objc_object *v51; // [xsp+118h] [xbp-28h]
SEL v52; // [xsp+120h] [xbp-20h]
SmAntiFraud *v53; // [xsp+128h] [xbp-18h] v53 = self;
v52 = a2;
v51 = 0LL;
objc_storeStrong(&v51, a3);
if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v51) & )
objc_storeStrong(&v51, &stru_1027FA700);
v50 = ;
v49 = 0LL;
if ( (unsigned __int64)objc_msgSend(v53->_option, (const char *)&unk_1A7804C37) & )
{
v3 = objc_msgSend(v53->_option, (const char *)&unk_192B2C190);
v4 = objc_retainAutoreleasedReturnValue(v3);
v5 = v4;
v6 = objc_msgSend(CFSTR("smsdk"), (const char *)&unk_195EF0B91, v4);
v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
v8 = -[SmOption privKey](v53->_option, "privKey");
v9 = objc_retainAutoreleasedReturnValue(v8);
v10 = v9;
v11 = objc_msgSend(v7, (const char *)&unk_195EF0B91, v9);
v48 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v11);
objc_release(v10);
objc_release(v7);
objc_release(v5);
v12 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"md5EncodeStr:",
v48);
v13 = (void *)objc_retainAutoreleasedReturnValue(v12);
v14 = v13;
v15 = objc_msgSend(v13, (const char *)&unk_195F390C0);
v47 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v15);
objc_release(v14);
v16 = ((id (__cdecl *)(SmUtils_meta *, SEL, id, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"aes256EncryptStr:key:",
v51,
v47);
v17 = objc_retainAutoreleasedReturnValue(v16);
v18 = v49;
v49 = v17;
objc_release(v18);
v50 = ;
objc_storeStrong(&v47, 0LL);
objc_storeStrong(&v48, 0LL);
}
else
{
objc_storeStrong(&v49, v51);
}
if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v49) & )
objc_storeStrong(&v49, &stru_1027FA700);
v19 = sub_18DFAAFC4(&OBJC_CLASS___NSMutableDictionary, "alloc");
v46 = objc_msgSend(v19, (const char *)&unk_195EEC7EA, 5LL);
objc_msgSend(v46, "setObject:forKey:", v49, CFSTR("fingerprint"));
if ( v50 & )
{
v20 = -[SmOption privKey](v53->_option, "privKey");
v21 = (void *)objc_retainAutoreleasedReturnValue(v20);
v22 = (unsigned __int64)objc_msgSend(v21, (const char *)&unk_195EDE27E, &stru_1027FA700);
objc_release(v21);
if ( v22 & )
{
v23 = objc_msgSend(&OBJC_CLASS___NSNumber, (const char *)&unk_195EE35B1, 4LL);
v24 = objc_retainAutoreleasedReturnValue(v23);
objc_msgSend(v46, "setObject:forKey:", v24, CFSTR("fpEncode"));
objc_release(v24);
}
else
{
v25 = objc_msgSend(&OBJC_CLASS___NSNumber, (const char *)&unk_195EE35B1, 6LL);
v26 = objc_retainAutoreleasedReturnValue(v25);
objc_msgSend(v46, "setObject:forKey:", v26, CFSTR("fpEncode"));
objc_release(v26);
}
}
v27 = ((id (__cdecl *)(SmUtils_meta *, SEL))objc_msgSend)((SmUtils_meta *)&OBJC_CLASS___SmUtils, "currentTimeMillis");
v28 = objc_retainAutoreleasedReturnValue(v27);
v29 = v28;
v30 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@"), v28);
v45 = objc_retainAutoreleasedReturnValue(v30);
objc_release(v29);
objc_msgSend(v46, "setObject:forKey:", v45, CFSTR("sessionId"));
v31 = objc_msgSend(v53->_option, (const char *)&unk_192B2C190);
v32 = objc_retainAutoreleasedReturnValue(v31);
v33 = CFSTR("");
if ( v50 & )
v33 = CFSTR("");
v34 = v32;
v35 = objc_msgSend(
&OBJC_CLASS___NSMutableDictionary,
(const char *)&unk_195EE678B,
v32,
CFSTR("organization"),
v46,
CFSTR("data"),
v33,
CFSTR("encrypt"),
0LL);
v44 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v35);
objc_release(v34);
v36 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
(SmUtils_meta *)&OBJC_CLASS___SmUtils,
"jsonEncode:",
v44);
v37 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v36);
v43 = (__int64)v37;
v38 = ((id (__cdecl *)(SmStrUtils_meta *, SEL, id))objc_msgSend)(
(SmStrUtils_meta *)&OBJC_CLASS___SmStrUtils,
"safe:",
v37);
v39 = objc_retainAutoreleasedReturnValue(v38);
v40 = v43;
v43 = v39;
objc_release(v40);
v41 = objc_retain(v43);
objc_storeStrong(&v43, 0LL);
objc_storeStrong(&v44, 0LL);
objc_storeStrong(&v45, 0LL);
objc_storeStrong(&v46, 0LL);
objc_storeStrong(&v49, 0LL);
objc_storeStrong(&v51, 0LL);
return (id)objc_autoreleaseReturnValue(v41);
}
成功后返回deviceid,最后将值存放在Keychain中FP_IP,下次直接读取使用,如图2所示:
图2
3.发送手机风险信息给服务器
解密写死在app里的的风险名单数据:
{
"code":, "data":"pITcmNnygx1Ur4MYHadrCIFU+IzwDyA36ry3e8fo71LJgY2o68GGAeBDtDRGuriGM3JLsy4+qDAra8DHJJmlsn/BZGgu+iEo5eFknYAjymoTJqG66DlmpL7D6120NMB50lrYEiFiWkk6x/NPz9N+gPLbFgo3bDsNg7UO3zpIGIYUy/D4k6FpjItjEwLI4Gi21eRUTF2GTci5mEiHG67FcyxMeXTOJdv6WCS393aqWl/m5zv7YfbdIYNYIQPOkZuVUFVaENNPcEhvUiS5Iyw8x46ht2tm6I0U7CgCjLYjqxGCeJ5zWk9lMEvw97D3DBU5YGj8BcgNNc3YhTBaUahRxBtwS+n2jsqmZ2DJ/3rQLzbB56iQEjsFcNWFTdGStxM2Df2e6NoGteve6h3+0mAGrsEr3JhAuea7SiONznXLX6mE5J5xHWS/AhjBWfs5SJ8qi+sZMVt3VqQ20JSUUkMZD9C9i6zbmjFOuopIyXVspDr1y9d6kyveXMT+2RlA70DWwTaWUj1uEgYcHE+63I/nZdluMsZj/tmnxGbmjOfoYgyIA8YoOCT2L5pjs4aRrXAQBy346I6IkVL1WegbqC7IOJfdvBDtaB9JFwgkJoMQOVmTb9qSKi6K2lEptySCTGWuK+m1UJg7tmETf/fDTyjO8Euyft1f5f7ybbrh6yM5aeLCNF/pRYT9LuyiBvCTALLk/VVZHtynRCEaf/D0qi1xC0tlIjvTuHTDoODpaTZkXJy6Gc3S7BzogstgtjGGvbHU0ZJUuT/exRnEu8OEr93MFJyo2XgIwhSgj7re0YYSLEBNS6QH4D6GMkwKFqwpG1nIUtWTyVI1kcoGMfvhhOfxgZ0DDpHJMgacgI5lsJzNRaOhCGzv0VwarOe2jZI6bH/wFnSc8wu+Dlnljuv93E6FjQ6vtFABwQ6ILKksHvDWrtL9OKFLcwtyMl06gM4QF4KrAigLPtb5xACIcO4lYZnkS4e0ovoRxVp5FKICNEQF5AQBLxJAoBAEmFbV0I0BRShP5j9lrS/NhoMB1TrK6KgGfsFl7m6wGfYZXvcgfTibSMFe62mL7xulVZV1VroEawIujJ7koWfNA6MBnSUN6XrYgfDQPslk5Sx/6zhBRQsy8FmBpDzkvDPJxpLXtF5mxhJ8FHgeIVqXnUiNJ4rlWb2lCMG45Espx5C38s9tb+AqUgnOISotpPR7tCL+r57SLGRPXxRH9pLHsiRs7lmJXYqP8zZdFjTJrgu3atSqZpjpkfzM7M/NChBG1kJuFWPNYU3wSgz9BiOs36OLuOjCH0npxujVkXaSkN/Kdc18+cf/thRvkxxry2mYrvbmHJ1xY4OfjGl8w2vHzm3paOwFVtdc+Uomq7ME5+tkP5JnUMILL4pCCGxj0KecIFpU87mraS4xjuwH7vjHIcfN7ZjDZ7rEHDzon8OT5fkMvl9di7hetM1JQwHGSajT+ETkNGYaO+JHjDZNN0PIvvl0VVezc6p4Ch+Q8c1P77nefGurltQobFpFmQR2noUg8IusJF8IVnmIGTSaxVCog+mHjyTw4mGrOcpG9paUlvi6r+qGIh13SW84+PRyNjYu5RUlUimrp26+XAPCx2PSiJ++gnet8vukvFpT+yBj/Ans/uBgrVvxONxnxZuL/wOzJ0rEdwzDCWOt+QDt2tpJSpVKc+jTQ0Zsi+V0AxfmgipoEusD/y0g9hd1T4euAf6uLvKxEUREU8Iz1CwG9xY72sIW+5FvAk2tGtaAPMPiFlub6iV2wYANjzQgcnfXlDvb3Tv7dQ9YyXtIWjt9UTyPBcVep/NIkG6LRZRcceZHE1aWddoeoTRX3GcwZo0czuIJPVEK7Nfn0uqGUXp5CsZvMTm6pCWZhC8JSVDl7hOXjmyJABmjVOBrY3UNX+srtSK/B10SeN/jTvONcC4T8LDSRkciENE68HX5X79EALd9tGQAedW54sJubIE7fI1P3w51SpB894p5L7o6TSDPacUWRCTCdMtVwEa0IiYNbeikGirQPKh1pGxf4i0+icmyw6dQFKzRhei+uPTQI21taPrOzBCRttyLlCw7CqMz32T00MuPZrEZsfXbjPgAGN+ue7OGggTMBmoc3WMtkEHWDBsbBRgnrFeyXD53ylXIMyRLNiJ6FOhj3c0rF6JnmBcYRnA70L20K+qwRsJ3VkJA7afjLvHpUgwY7bR3fie/vViGWbHtgol4p1itqpHpUvqsv7Lb9tARPdYATw0zuWliEmOXmj5zQ+r7DKfpEc/Ao+yyu180B5hd3ZsaN5Rqd6EIhnBfNLvE1gtA0IkJ3E6xmtM8dIeT2pgcDw/qQoGrP/wAvZ2tqsI9A/EFMOTBfcG4vYf5lHw8/59vNHL4dWqmYz0eP41gaKa7aWTZwJXXTwe+VfuS5ckaVS8fa3xSKO32HOkS6jYJEqAQBbr6kugjuRpDtpH2c4KstWbQAnilg96pzpT6qUMvyDWC7qHbzK9UxO53+aK4J+kr9gpL0AkpUjBWpYJ7F0Adp8XmFdA6w+S1uCQ22F892N8QhiHhW+w+DSFXNoDqNcXnAtmWzXbP2PvfKVhSwQ8mbmDq4xomqRskP+6e4xK1mOIiJYJoIR7CkBhxQbglr03zRnHF4WvEUMPOuTBcXIBUiWAPVvCAMhZ/1NUJk9B6KPlJYTYWCcgHwF70m9/PIenGvnXTFa6gbwEvrUNEhku221NBsCT1sHH6fKec",
"enc":,
"length":,
"ver":
}
解密函数:
__text:0000000101D60C04
__text:0000000101D60C04 ; id __cdecl -[SmCloudConfiguration parseConf:WithLength:WithEnc:WithVer:](SmCloudConfiguration *self, SEL, id, int, int, int)
__text:0000000101D60C04 __SmCloudConfiguration_parseConf_WithLength_WithEnc_WithVer__
__text:0000000101D60C04
__text:0000000101D60C04
__text:0000000101D60C04 var_90= -0x90
__text:0000000101D60C04 var_88= -0x88
__text:0000000101D60C04 var_80= -0x80
__text:0000000101D60C04 var_78= -0x78
__text:0000000101D60C04 var_6C= -0x6C
__text:0000000101D60C04 var_68= -0x68
__text:0000000101D60C04 var_64= -0x64
__text:0000000101D60C04 var_60= -0x60
__text:0000000101D60C04 var_58= -0x58
__text:0000000101D60C04 var_50= -0x50
__text:0000000101D60C04 var_48= -0x48
__text:0000000101D60C04 var_3C= -0x3C
__text:0000000101D60C04 var_38= -0x38
__text:0000000101D60C04 var_2C= -0x2C
__text:0000000101D60C04 var_28= -0x28
__text:0000000101D60C04 var_24= -0x24
__text:0000000101D60C04 var_20= -0x20
__text:0000000101D60C04 var_18= -0x18
__text:0000000101D60C04 var_10= -0x10
__text:0000000101D60C04 var_8= -
__text:0000000101D60C04 var_s0=
__text:0000000101D60C04
__text:0000000101D60C04 FF D1 SUB SP, SP, #0xA0
__text:0000000101D60C08 FD 7B A9 STP X29, X30, [SP,#0x90+var_s0]
__text:0000000101D60C0C FD ADD X29, SP, #0x90
__text:0000000101D60C10 A8 D1 SUB X8, X29, #-var_20
__text:0000000101D60C14 D2 MOV X9, #
__text:0000000101D60C18 A0 1F F8 STUR X0, [X29,#var_10]
__text:0000000101D60C1C A1 1E F8 STUR X1, [X29,#var_18]
__text:0000000101D60C20 A9 1E F8 STUR X9, [X29,#var_20]
__text:0000000101D60C24 E0 AA MOV X0, X8
__text:0000000101D60C28 E1 AA MOV X1, X2
__text:0000000101D60C2C E4 2F B9 STR W4, [SP,#0x90+var_64]
__text:0000000101D60C30 E3 2B B9 STR W3, [SP,#0x90+var_68]
__text:0000000101D60C34 E5 B9 STR W5, [SP,#0x90+var_6C]
__text:0000000101D60C38 3B D1 BL _objc_storeStrong
__text:0000000101D60C3C D0 ADRP X8, #selRef_base64DecodeStr_@PAGE
__text:0000000101D60C40 1E ADD X8, X8, #selRef_base64DecodeStr_@PAGEOFF
__text:0000000101D60C44 ADRP X9, #classRef_SmUtils@PAGE
__text:0000000101D60C48 1C ADD X9, X9, #classRef_SmUtils@PAGEOFF
__text:0000000101D60C4C E3 2B B9 LDR W3, [SP,#0x90+var_68]
__text:0000000101D60C50 A3 C3 1D B8 STUR W3, [X29,#var_24]
__text:0000000101D60C54 E4 2F B9 LDR W4, [SP,#0x90+var_64]
__text:0000000101D60C58 A4 1D B8 STUR W4, [X29,#var_28]
__text:0000000101D60C5C E5 B9 LDR W5, [SP,#0x90+var_6C]
__text:0000000101D60C60 A5 1D B8 STUR W5, [X29,#var_2C]
__text:0000000101D60C64 F9 LDR X9, [X9]
__text:0000000101D60C68 A2 5E F8 LDUR X2, [X29,#var_20]
__text:0000000101D60C6C F9 LDR X1, [X8] ; "base64DecodeStr:"
__text:0000000101D60C70 E0 AA MOV X0, X9 ; void *
__text:0000000101D60C74 F9 D0 BL _objc_msgSend ; base64解密
__text:0000000101D60C78 FD 1D AA MOV X29, X29
__text:0000000101D60C7C D1 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60C80 A0 1C F8 STUR X0, [X29,#var_38]
__text:0000000101D60C84 A8 5C F8 LDUR X8, [X29,#var_38]
__text:0000000101D60C88 C8 B5 CBNZ X8, loc_101D60CA0
__text:0000000101D60C8C E8 MOV W8, #
__text:0000000101D60C90 D2 MOV X9, #
__text:0000000101D60C94 A9 1F F8 STUR X9, [X29,#var_8]
__text:0000000101D60C98 A8 1C B8 STUR W8, [X29,#var_3C]
__text:0000000101D60C9C B5 B loc_101D60F70
__text:0000000101D60CA0
__text:0000000101D60CA0
__text:0000000101D60CA0 loc_101D60CA0
__text:0000000101D60CA0 D2 MOV X8, #
__text:0000000101D60CA4 E8 F9 STR X8, [SP,#0x90+var_48]
__text:0000000101D60CA8 E8 F9 STR X8, [SP,#0x90+var_50]
__text:0000000101D60CAC A9 5D B8 LDUR W9, [X29,#var_28]
__text:0000000101D60CB0 3F CMP W9, #
__text:0000000101D60CB4 0B B.NE loc_101D60E24
__text:0000000101D60CB8 D0 ADRP X8, #selRef_desDecodeDataToData_key_length_@PAGE
__text:0000000101D60CBC E1 1E ADD X8, X8, #selRef_desDecodeDataToData_key_length_@PAGEOFF
__text:0000000101D60CC0 E9 B0 ADRP X9, #off_1027DD1F0@PAGE
__text:0000000101D60CC4 C1 ADD X9, X9, #off_1027DD1F0@PAGEOFF
__text:0000000101D60CC8 0A ADRP X10, #classRef_SmUtils@PAGE
__text:0000000101D60CCC 4A 1C ADD X10, X10, #classRef_SmUtils@PAGEOFF
__text:0000000101D60CD0 4A F9 LDR X10, [X10]
__text:0000000101D60CD4 A2 5C F8 LDUR X2, [X29,#var_38]
__text:0000000101D60CD8 F9 LDR X3, [X9] ; "zaq1mko0"
__text:0000000101D60CDC A4 C3 9D B8 LDURSW X4, [X29,#var_24]
__text:0000000101D60CE0 F9 LDR X1, [X8] ; "desDecodeDataToData:key:length:"
__text:0000000101D60CE4 E0 0A AA MOV X0, X10 ; void *
__text:0000000101D60CE8 DC D0 BL _objc_msgSend ; +[SmUtils desDecodeDataToData:key:length:]
__text:0000000101D60CEC FD 1D AA MOV X29, X29
__text:0000000101D60CF0 F5 D0 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60CF4 E0 1F F9 STR X0, [SP,#0x90+var_58]
__text:0000000101D60CF8 E8 1F F9 LDR X8, [SP,#0x90+var_58]
__text:0000000101D60CFC C8 B5 CBNZ X8, loc_101D60D14
__text:0000000101D60D00 E8 MOV W8, #
__text:0000000101D60D04 D2 MOV X9, #
__text:0000000101D60D08 A9 1F F8 STUR X9, [X29,#var_8]
__text:0000000101D60D0C A8 1C B8 STUR W8, [X29,#var_3C]
__text:0000000101D60D10 3E B loc_101D60E08
__text:0000000101D60D14
__text:0000000101D60D14
__text:0000000101D60D14 loc_101D60D14
__text:0000000101D60D14 ADRP X8, #classRef_SmZipUtil@PAGE
__text:0000000101D60D18 C1 1C ADD X8, X8, #classRef_SmZipUtil@PAGEOFF
__text:0000000101D60D1C F9 LDR X8, [X8]
__text:0000000101D60D20 E9 1F F9 LDR X9, [SP,#0x90+var_58]
__text:0000000101D60D24 E0 AA MOV X0, X9
__text:0000000101D60D28 E8 0F F9 STR X8, [SP,#0x90+var_78]
__text:0000000101D60D2C E0 D0 BL _objc_retainAutorelease
__text:0000000101D60D30 B0 ADRP X8, #selRef_bytes@PAGE
__text:0000000101D60D34 A1 3B ADD X8, X8, #selRef_bytes@PAGEOFF
__text:0000000101D60D38 F9 LDR X1, [X8] ; "bytes"
__text:0000000101D60D3C C7 D0 BL _objc_msgSend
__text:0000000101D60D40 F0 ADRP X8, #selRef_length@PAGE
__text:0000000101D60D44 2B ADD X8, X8, #selRef_length@PAGEOFF
__text:0000000101D60D48 E9 1F F9 LDR X9, [SP,#0x90+var_58]
__text:0000000101D60D4C F9 LDR X1, [X8] ; "length"
__text:0000000101D60D50 E0 0B F9 STR X0, [SP,#0x90+var_80]
__text:0000000101D60D54 E0 AA MOV X0, X9 ; void *
__text:0000000101D60D58 C0 D0 BL _objc_msgSend
__text:0000000101D60D5C D0 ADRP X8, #selRef_zlibDecompressed_WithLength_@PAGE
__text:0000000101D60D60 A1 1F ADD X8, X8, #selRef_zlibDecompressed_WithLength_@PAGEOFF
__text:0000000101D60D64 F9 LDR X1, [X8] ; "zlibDecompressed:WithLength:"
__text:0000000101D60D68 E8 0F F9 LDR X8, [SP,#0x90+var_78]
__text:0000000101D60D6C E0 F9 STR X0, [SP,#0x90+var_88]
__text:0000000101D60D70 E0 AA MOV X0, X8 ; void *
__text:0000000101D60D74 E2 0B F9 LDR X2, [SP,#0x90+var_80]
__text:0000000101D60D78 E3 F9 LDR X3, [SP,#0x90+var_88]
__text:0000000101D60D7C B7 D0 BL _objc_msgSend ; 解压
__text:0000000101D60D80 FD 1D AA MOV X29, X29
__text:0000000101D60D84 D0 D0 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60D88 E0 1B F9 STR X0, [SP,#0x90+var_60]
__text:0000000101D60D8C E8 1B F9 LDR X8, [SP,#0x90+var_60]
__text:0000000101D60D90 C8 B5 CBNZ X8, loc_101D60DA8
__text:0000000101D60D94 E8 MOV W8, #
__text:0000000101D60D98 D2 MOV X9, #
__text:0000000101D60D9C A9 1F F8 STUR X9, [X29,#var_8]
__text:0000000101D60DA0 A8 1C B8 STUR W8, [X29,#var_3C]
__text:0000000101D60DA4 B loc_101D60DF4
__text:0000000101D60DA8
__text:0000000101D60DA8
__text:0000000101D60DA8 loc_101D60DA8
__text:0000000101D60DA8 F0 ADRP X8, #selRef_alloc@PAGE
__text:0000000101D60DAC ADD X8, X8, #selRef_alloc@PAGEOFF
__text:0000000101D60DB0 C9 B0 ADRP X9, #classRef_NSString@PAGE
__text:0000000101D60DB4 ADD X9, X9, #classRef_NSString@PAGEOFF
__text:0000000101D60DB8 F9 LDR X9, [X9]
__text:0000000101D60DBC F9 LDR X1, [X8] ; "alloc"
__text:0000000101D60DC0 E0 AA MOV X0, X9 ; void *
__text:0000000101D60DC4 A5 D0 BL _objc_msgSend
__text:0000000101D60DC8 E3 7E B2 MOV X3, #
__text:0000000101D60DCC B0 ADRP X8, #selRef_initWithData_encoding_@PAGE
__text:0000000101D60DD0 2E ADD X8, X8, #selRef_initWithData_encoding_@PAGEOFF
__text:0000000101D60DD4 E2 1B F9 LDR X2, [SP,#0x90+var_60]
__text:0000000101D60DD8 F9 LDR X1, [X8] ; "initWithData:encoding:"
__text:0000000101D60DDC 9F D0 BL _objc_msgSend
__text:0000000101D60DE0 E8 F9 LDR X8, [SP,#0x90+var_48]
__text:0000000101D60DE4 E0 F9 STR X0, [SP,#0x90+var_48]
__text:0000000101D60DE8 E0 AA MOV X0, X8
__text:0000000101D60DEC A7 D0 BL _objc_release
__text:0000000101D60DF0 BF 1C B8 STUR WZR, [X29,#var_3C]
__text:0000000101D60DF4
__text:0000000101D60DF4 loc_101D60DF4
__text:0000000101D60DF4 D2 MOV X8, #
__text:0000000101D60DF8 E9 C3 ADD X9, SP, #0x90+var_60
__text:0000000101D60DFC E0 AA MOV X0, X9
__text:0000000101D60E00 E1 AA MOV X1, X8
__text:0000000101D60E04 C8 D0 BL _objc_storeStrong
__text:0000000101D60E08
__text:0000000101D60E08 loc_101D60E08
__text:0000000101D60E08 E0 E3 ADD X0, SP, #0x90+var_58
__text:0000000101D60E0C D2 MOV X1, #
__text:0000000101D60E10 C5 D0 BL _objc_storeStrong
__text:0000000101D60E14 A8 5C B8 LDUR W8, [X29,#var_3C]
__text:0000000101D60E18 CBNZ W8, loc_101D60F48
__text:0000000101D60E1C B loc_101D60E20
__text:0000000101D60E20
__text:0000000101D60E20
__text:0000000101D60E20 loc_101D60E20
__text:0000000101D60E20 B loc_101D60E70
__text:0000000101D60E24
__text:0000000101D60E24
__text:0000000101D60E24 loc_101D60E24
__text:0000000101D60E24 D0 ADRP X8, #selRef_desDecodeDataToStr_key_length_@PAGE
__text:0000000101D60E28 C1 1F ADD X8, X8, #selRef_desDecodeDataToStr_key_length_@PAGEOFF
__text:0000000101D60E2C E9 B0 ADRP X9, #off_1027DD1F0@PAGE
__text:0000000101D60E30 C1 ADD X9, X9, #off_1027DD1F0@PAGEOFF
__text:0000000101D60E34 0A ADRP X10, #classRef_SmUtils@PAGE
__text:0000000101D60E38 4A 1C ADD X10, X10, #classRef_SmUtils@PAGEOFF
__text:0000000101D60E3C 4A F9 LDR X10, [X10]
__text:0000000101D60E40 A2 5C F8 LDUR X2, [X29,#var_38]
__text:0000000101D60E44 F9 LDR X3, [X9] ; "zaq1mko0"
__text:0000000101D60E48 A4 C3 9D B8 LDURSW X4, [X29,#var_24]
__text:0000000101D60E4C F9 LDR X1, [X8] ; "desDecodeDataToStr:key:length:"
__text:0000000101D60E50 E0 0A AA MOV X0, X10 ; void *
__text:0000000101D60E54 D0 BL _objc_msgSend ; des解密
__text:0000000101D60E58 FD 1D AA MOV X29, X29
__text:0000000101D60E5C 9A D0 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60E60 E8 F9 LDR X8, [SP,#0x90+var_48]
__text:0000000101D60E64 E0 F9 STR X0, [SP,#0x90+var_48]
__text:0000000101D60E68 E0 AA MOV X0, X8
__text:0000000101D60E6C D0 BL _objc_release
__text:0000000101D60E70
__text:0000000101D60E70 loc_101D60E70
__text:0000000101D60E70 E8 F9 LDR X8, [SP,#0x90+var_48]
__text:0000000101D60E74 C8 B5 CBNZ X8, loc_101D60E8C
__text:0000000101D60E78 E8 MOV W8, #
__text:0000000101D60E7C D2 MOV X9, #
__text:0000000101D60E80 A9 1F F8 STUR X9, [X29,#var_8]
__text:0000000101D60E84 A8 1C B8 STUR W8, [X29,#var_3C]
__text:0000000101D60E88 B loc_101D60F48
__text:0000000101D60E8C
__text:0000000101D60E8C
__text:0000000101D60E8C loc_101D60E8C
__text:0000000101D60E8C A8 5D B8 LDUR W8, [X29,#var_2C]
__text:0000000101D60E90 1F CMP W8, #
__text:0000000101D60E94 B.NE loc_101D60ED8
__text:0000000101D60E98 D0 ADRP X8, #selRef_parse1_@PAGE
__text:0000000101D60E9C E1 1F ADD X8, X8, #selRef_parse1_@PAGEOFF
__text:0000000101D60EA0 ADRP X9, #classRef_SmCollectConfiguration@PAGE
__text:0000000101D60EA4 A1 1D ADD X9, X9, #classRef_SmCollectConfiguration@PAGEOFF
__text:0000000101D60EA8 F9 LDR X9, [X9]
__text:0000000101D60EAC E2 F9 LDR X2, [SP,#0x90+var_48]
__text:0000000101D60EB0 F9 LDR X1, [X8] ; "parse1:"
__text:0000000101D60EB4 E0 AA MOV X0, X9 ; void *
__text:0000000101D60EB8 D0 BL _objc_msgSend ; +[SmCollectConfiguration parse1:]
__text:0000000101D60EBC FD 1D AA MOV X29, X29
__text:0000000101D60EC0 D0 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60EC4 E8 F9 LDR X8, [SP,#0x90+var_50]
__text:0000000101D60EC8 E0 F9 STR X0, [SP,#0x90+var_50]
__text:0000000101D60ECC E0 AA MOV X0, X8
__text:0000000101D60ED0 6E D0 BL _objc_release
__text:0000000101D60ED4 B loc_101D60F14
__text:0000000101D60ED8
__text:0000000101D60ED8
__text:0000000101D60ED8 loc_101D60ED8
__text:0000000101D60ED8 D0 ADRP X8, #selRef_parse0_@PAGE
__text:0000000101D60EDC ADD X8, X8, #selRef_parse0_@PAGEOFF
__text:0000000101D60EE0 ADRP X9, #classRef_SmCollectConfiguration@PAGE
__text:0000000101D60EE4 A1 1D ADD X9, X9, #classRef_SmCollectConfiguration@PAGEOFF
__text:0000000101D60EE8 F9 LDR X9, [X9]
__text:0000000101D60EEC E2 F9 LDR X2, [SP,#0x90+var_48]
__text:0000000101D60EF0 F9 LDR X1, [X8] ; "parse0:"
__text:0000000101D60EF4 E0 AA MOV X0, X9 ; void *
__text:0000000101D60EF8 D0 BL _objc_msgSend ; +[SmCollectConfiguration parse0:]
__text:0000000101D60EFC FD 1D AA MOV X29, X29
__text:0000000101D60F00 D0 BL _objc_retainAutoreleasedReturnValue
__text:0000000101D60F04 E8 F9 LDR X8, [SP,#0x90+var_50]
__text:0000000101D60F08 E0 F9 STR X0, [SP,#0x90+var_50]
__text:0000000101D60F0C E0 AA MOV X0, X8
__text:0000000101D60F10 5E D0 BL _objc_release
__text:0000000101D60F14
__text:0000000101D60F14 loc_101D60F14
__text:0000000101D60F14 E8 F9 LDR X8, [SP,#0x90+var_50]
__text:0000000101D60F18 C8 B5 CBNZ X8, loc_101D60F30
__text:0000000101D60F1C E8 MOV W8, #
__text:0000000101D60F20 D2 MOV X9, #
__text:0000000101D60F24 A9 1F F8 STUR X9, [X29,#var_8]
__text:0000000101D60F28 A8 1C B8 STUR W8, [X29,#var_3C]
__text:0000000101D60F2C B loc_101D60F48
__text:0000000101D60F30
__text:0000000101D60F30
__text:0000000101D60F30 loc_101D60F30
__text:0000000101D60F30 E8 F9 LDR X8, [SP,#0x90+var_50]
__text:0000000101D60F34 E0 AA MOV X0, X8
__text:0000000101D60F38 5A D0 BL _objc_retain
__text:0000000101D60F3C E9 MOV W9, #
__text:0000000101D60F40 A0 1F F8 STUR X0, [X29,#var_8]
__text:0000000101D60F44 A9 1C B8 STUR W9, [X29,#var_3C]
__text:0000000101D60F48
__text:0000000101D60F48 loc_101D60F48
__text:0000000101D60F48
__text:0000000101D60F48 D2 MOV X8, #
__text:0000000101D60F4C E9 ADD X9, SP, #0x90+var_50
__text:0000000101D60F50 E0 AA MOV X0, X9
__text:0000000101D60F54 E1 AA MOV X1, X8
__text:0000000101D60F58 D0 BL _objc_storeStrong
__text:0000000101D60F5C D2 MOV X8, #
__text:0000000101D60F60 E9 ADD X9, SP, #0x90+var_48
__text:0000000101D60F64 E0 AA MOV X0, X9
__text:0000000101D60F68 E1 AA MOV X1, X8
__text:0000000101D60F6C 6E D0 BL _objc_storeStrong
__text:0000000101D60F70
__text:0000000101D60F70 loc_101D60F70
__text:0000000101D60F70 A0 E3 D1 SUB X0, X29, #-var_38
__text:0000000101D60F74 D2 MOV X1, #
__text:0000000101D60F78 E1 F9 STR X1, [SP,#0x90+var_90]
__text:0000000101D60F7C 6A D0 BL _objc_storeStrong
__text:0000000101D60F80 A0 D1 SUB X0, X29, #-var_20
__text:0000000101D60F84 E1 F9 LDR X1, [SP,#0x90+var_90]
__text:0000000101D60F88 D0 BL _objc_storeStrong
__text:0000000101D60F8C A0 5F F8 LDUR X0, [X29,#var_8]
__text:0000000101D60F90 FD 7B A9 LDP X29, X30, [SP,#0x90+var_s0]
__text:0000000101D60F94 FF ADD SP, SP, #0xA0
__text:0000000101D60F98 E2 CF B _objc_autoreleaseReturnValue
解密后风险名单数据:
{
"risk_apps":[
{
"awz":{
"pn":"/Applications/AWZ.app",
"uri":"IGG://"
}
},
{
"nzt":{
"pn":"/Applications/NZT.app",
"uri":""
}
},
{
"igvx":{
"pn":"/Applications/igvx.app",
"uri":""
}
},
{
"touchelf":{
"pn":"/Applications/TouchElf.app",
"uri":""
}
},
{
"touchsprite":{
"pn":"/Applications/TouchSprite.app",
"uri":""
}
},
{
"wujivpn":{
"pn":"/Applications/WujiVPN.app",
"uri":""
}
},
{
"rst":{
"pn":"/Applications/RST.app",
"uri":""
}
},
{
"forge9":{
"pn":"/Applications/Forge9.app",
"uri":""
}
},
{
"forge":{
"pn":"/Applications/Forge.app",
"uri":""
}
},
{
"gfaker":{
"pn":"/Applications/GFaker.app",
"uri":""
}
},
{
"hdfaker":{
"pn":"/Applications/hdfakerset.app",
"uri":""
}
},
{
"r8":{
"pn":"/Applications/R8.app",
"uri":""
}
},
{
"pranava":{
"pn":"/Applications/Pranava.app",
"uri":""
}
},
{
"ig":{
"pn":"/Applications/iG.app",
"uri":""
}
},
{
"hiddenapi":{
"pn":"/Applications/HiddenApi.app",
"uri":""
}
},
{
"xgsab":{
"pn":"/Applications/Xgen.app",
"uri":""
}
},
{
"birdfaker9":{
"pn":"/Applications/BirdFaker9.app",
"uri":""
}
},
{
"vpnmaster":{
"pn":"/Applications/VPNMasterPro.app",
"uri":""
}
},
{
"guizmovpn":{
"pn":"/Applications/GuizmOVPN.app",
"uri":""
}
},
{
"axj":{
"pn":"/Applications/AXJ.app",
"uri":""
}
}
],
"risk_dirs":[
{
"vts":{
"dir":"/var/touchelf/scripts/",
"type":"absolute"
}
},
{
"vmmtl":{
"dir":"/var/mobile/Media/TouchSprite/lua/",
"type":"absolute"
}
},
{
"vmlxlltp":{
"dir":"/var/mobile/Library/XXAssistant/Lua/Luas/Temp/public",
"type":"absolute"
}
},
{
"laxlltp":{
"dir":"/Library/ApplicationSupport/XXAssistant/Lua/Luas/Temp/public",
"type":"absolute"
}
},
{
"vmlxx":{
"dir":"/var/mobile/Library/XXIDEHelper/xsp/",
"type":"absolute"
}
},
{
"laxx":{
"dir":"/Library/ApplicationSupport/XXIDEHelper/xsp/",
"type":"absolute"
}
},
{
"vmlxll":{
"dir":"/var/mobile/Library/XXAssistant/Lua/LocalLuas/",
"type":"absolute"
}
},
{
"laxll":{
"dir":"/Library/ApplicationSupport/XXAssistant/Lua/LocalLuas/",
"type":"absolute"
}
},
{
"vri":{
"dir":"/var/root/igfix",
"type":"absolute"
}
},
{
"vrigf":{
"dir":"/var/root/igflag",
"type":"absolute"
}
},
{
"vrr8f":{
"dir":"/var/root/R8_fix",
"type":"absolute"
}
},
{
"vrif":{
"dir":"/var/root/igvx_fix",
"type":"absolute"
}
},
{
"vrifg":{
"dir":"/var/root/igvx_flag",
"type":"absolute"
}
},
{
"vrf9":{
"dir":"/var/root/Forge9_fix",
"type":"absolute"
}
},
{
"ubi":{
"dir":"/usr/bin/iGevo",
"type":"absolute"
}
},
{
"ubxd":{
"dir":"/usr/bin/XGenDaemon.dylib",
"type":"absolute"
}
},
{
"vmgfaker":{
"dir":"/var/mobile/GFaker",
"type":"absolute"
}
},
{
"vmnztdata":{
"dir":"/var/mobile/nztdata",
"type":"absolute"
}
},
{
"vmawzdata":{
"dir":"/var/mobile/awzdata",
"type":"absolute"
}
},
{
"vmigrimace":{
"dir":"/var/mobile/iGrimace",
"type":"absolute"
}
},
{
"vmhdfaker":{
"dir":"/var/mobile/hdFaker",
"type":"absolute"
}
},
{
"vmnztresult":{
"dir":"/var/mobile/NZTResult.plist",
"type":"absolute"
}
}
],
"s_c":"bLnUc67riNTBZs/F9Z58sowAzvjIWq3lEqCWV+kZE9ORfHoNLsD1z/CKJZYFvRvID/eSiW1XPNZ+R2WcD3WsTf2LTJ5IllJvCaX6gUnAebHd2bAPZz6gFECVcM9EYT5fwMsAy3RG7PUMJwo7nyoIOyXKTrg4lHgKFe/RtiNqnAEbHSnjlx4Fpn9fzXD9NTnW4zvoRfkZgVvo7eIgAw7Sp2Su9XSj2HJPezJxVwjPGRWDAMRqSlykWO+Mb6VgfRgZBsCQUeqTU2DhVhg7ausocizPiVd2U1I/Yb3g4GxdlKo+SXqD5wSNg2VNqVGXjB3IBdRYlH65NWRgTcxTOEunXv2LTJ5IllJvCaX6gUnAebHd2bAPZz6gFECVcM9EYT5fHlwIsYb13H9UKt5SoOc8sTt7GtdUmZdUnawqUeFoQsrtF0POX5AWjYWNgOnuzGcVMMPh/5mMW9AO1UvM0XBCDF31F3ziPHR9nW+CUlOssYy4Ang/J6YqMFcI0IxIGzd1G0VhdfSiud0S5Pmj2+3R95ImS25CHi0LV8Zslgk79YUGwJBR6pNTYOFWGDtq6yhy4clnOHjcURYwoxp23sGpQeDHKqgSy0CiHdv204icglpBUsM95aHS6V85kTXYb1zkRku6tYjoT1Bo5s7K3JFcy4oaMqtTHXTRDp0Y8Es2BJLt1YX3BnhJLnTQj8vv5CevRneJJX4FzG3RJidPWfn1/Txw2Q7Zb8gzzM5CrLhZIngTzBC+9wvFTfGcxJd8Z14qbsvX4Yvatdcj9bCiGHrw0zBTDEaFK9blFJkAlq2/Dd7cWtrVhhuMJF1Ynr9XmEXzyD36OhTfYYKWOFDR0rxDfxPMEL73C8VN8ZzEl3xnXipuy9fhi9q11yP1sKIYevDTAKO1N0krFE/231fwl/uHAtcC/TtDI1SNLf8lneZxG8pdasHXdTkhVwJZ0LoFxeBEf0K6rYpQPmnmX20sG2eKmtdModba+e6rc1qfJ0HaHmKTeHjxGlHtzUhztLSGwBpjEQxrlHZIF14pp6UCsTc7ZTqylHCKkZLIJeibrIjYKnOfUtJj6cbgWCG6V9P/2Qe1U6SkHYCy6B1PU3v9XKxexIsV1IT1w+4k3Q7hpkJNTCC9zcar9P2zJCjle5vomk+EuPOvtIcXw70zqhWoV8x61FA2/p+Z+854rgTPYpYnjsu8xYFA5GF6uknGOWA7IX4tjLRArkVbjXm2oTf34WCG6EAg1JKjbZzcMbSNLCp6IuK9YdGRlBAXcYXEYWOusfcfzmd4gFBS7ypRuQwVA4zKJATn3yMraOdkCoouBrB97ac4XZL33ZMwyHUp2yHTWM7WbiB0HqRjCWlme5ARA9YOPjnf5DT6RZIgUkJiyoewP22eDd9tFrRFijkxbNUmCMBATldTPSDi6XwTc+W7J4Xbhe5w+SttjMQdcxVC9NBSjC1cB16A3sMIoCWka9parUzz3A+UfKMyd20a0Zt+2RNtWmE//KRnmkpzYE/qB/ygeccB+ZcUltVmyBdZ56aWfaSBupq4leFfimfYbY5MuobTBLUCMYV80VPQgVgeowUln38otvlPIydmEafHSy7BeMPC+0wrYEr/EWLs3aDAdAeOy3qQQHytdtwl9kVMA8JE4GsFD07Dm4POHLUV6lQuciq2WTU90/QyuLDTyRgFJmJb7LSQwmM0UoMwkSj11S6LDGno9qwJC4ZBuUvrrdFOxMYLEmu4GLFqGrut04AeqVZXQIohWXpke0aqsLYxCYFSedfAm9rDmKsrXrQnDEuGPACs",
"sensitive.bssid":true,
"sensitive.gps":false,
"sensitive.name":true,
"sensitive.ssid":true
}
解析风险文件 并获取相关的值:
id __cdecl +[SmCollectConfiguration parse1:](SmCollectConfiguration_meta *self, SEL a2, id a3)
{
void *v3; // x0
struct objc_object *v4; // x0
void *v5; // x0
void *v6; // x0
void *v7; // x0
__int64 v8; // ST120_8
void *v9; // x0
void *v10; // x0
void *v11; // ST100_8
void *v12; // x0
__int64 v13; // STF8_8
void *v14; // STF0_8
void *v15; // x0
__int64 v16; // STE8_8
void *v17; // x0
void *v18; // x0
void *v19; // STC8_8
void *v20; // x0
__int64 v21; // STC0_8
void *v22; // x0
void *v23; // x0
void *v24; // STA0_8
char v25; // w0
void *v26; // x0
void *v27; // x0
void *v28; // ST78_8
void *v29; // x0
void *v30; // x0
void *v31; // x0
void *v32; // ST50_8
void *v33; // x0
void *v34; // x0
void *v35; // x0
void *v36; // ST28_8
void *v37; // x0
__int64 v38; // ST20_8
void *v39; // ST18_8
struct objc_object *v40; // x0
__int64 v41; // ST10_8
void *v43; // [xsp+140h] [xbp-80h]
void *v44; // [xsp+148h] [xbp-78h]
void *v45; // [xsp+150h] [xbp-70h]
void *v46; // [xsp+158h] [xbp-68h]
void *s_c; // [xsp+160h] [xbp-60h]
void *risk_dirs; // [xsp+168h] [xbp-58h]
void *risk_apps; // [xsp+170h] [xbp-50h]
int v50; // [xsp+17Ch] [xbp-44h]
void *jsonDecode; // [xsp+180h] [xbp-40h]
void *v52; // [xsp+188h] [xbp-38h]
__int64 v53; // [xsp+190h] [xbp-30h]
SEL v54; // [xsp+198h] [xbp-28h]
SmCollectConfiguration_meta *v55; // [xsp+1A0h] [xbp-20h]
__int64 v56; // [xsp+1A8h] [xbp-18h] v55 = self;
v54 = a2;
v53 = 0LL;
objc_storeStrong(&v53, a3);
v3 = objc_msgSend(&OBJC_CLASS___SmCollectConfiguration, &aAlloc);
v52 = objc_msgSend(v3, "init");
v4 = +[SmUtils jsonDecode:](&OBJC_CLASS___SmUtils, "jsonDecode:", v53);
jsonDecode = (void *)objc_retainAutoreleasedReturnValue(v4);
if ( jsonDecode )
{
v5 = objc_msgSend(jsonDecode, "objectForKey:", CFSTR("risk_apps"));
risk_apps = (void *)objc_retainAutoreleasedReturnValue(v5);
if ( risk_apps )
{
v6 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
if ( (unsigned __int64)objc_msgSend(risk_apps, "isKindOfClass:", v6) & )
{
v7 = objc_msgSend(v55, "parseRiskApps1:", risk_apps);
v8 = objc_retainAutoreleasedReturnValue(v7);
objc_msgSend(v52, "setRiskApps:", v8);
objc_release(v8);
}
}
objc_storeStrong(&risk_apps, 0LL);
v9 = objc_msgSend(jsonDecode, "objectForKey:", CFSTR("risk_dirs"));
risk_dirs = (void *)objc_retainAutoreleasedReturnValue(v9);
if ( risk_dirs )
{
v10 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
if ( (unsigned __int64)objc_msgSend(risk_dirs, "isKindOfClass:", v10) & )
{
v11 = v52;
v12 = objc_msgSend(v55, "parseRiskDirs1:", risk_dirs);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_msgSend(v11, "setRiskDirs:", v13);
objc_release(v13);
}
}
objc_storeStrong(&risk_dirs, 0LL);
v14 = v52;
v15 = objc_msgSend(v55, "parseSensitive1:", jsonDecode);
v16 = objc_retainAutoreleasedReturnValue(v15);
objc_msgSend(v14, "setSensitives:", v16);
objc_release(v16);
v17 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("s_c"));
s_c = (void *)objc_retainAutoreleasedReturnValue(v17);
if ( s_c )
{
v18 = objc_msgSend(&OBJC_CLASS___NSString, &aClass_4);
if ( (unsigned __int64)objc_msgSend(s_c, "isKindOfClass:", v18) & )
{
v19 = v52;
v20 = objc_msgSend(v55, "parseSyscallCodes1:", s_c);
v21 = objc_retainAutoreleasedReturnValue(v20);
objc_msgSend(v19, "setSyscallCodes:", v21);
objc_release(v21);
}
}
objc_storeStrong(&s_c, 0LL);
v22 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("upload_checker_switch"));
v46 = (void *)objc_retainAutoreleasedReturnValue(v22);
if ( v46 )
{
v23 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
if ( (unsigned __int64)objc_msgSend(v46, "isKindOfClass:", v23) & )
{
v24 = v52;
v25 = (unsigned __int64)objc_msgSend(v46, &aBoolvalue);
objc_msgSend(v24, "setUploadCheckerSwitch:", v25 & );
}
}
objc_storeStrong(&v46, 0LL);
v26 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor_times"));
v45 = (void *)objc_retainAutoreleasedReturnValue(v26);
if ( v45 )
{
v27 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
if ( (unsigned __int64)objc_msgSend(v45, "isKindOfClass:", v27) & )
{
v28 = v52;
v29 = objc_msgSend(v45, (const char *)&unk_195EE18E6);
objc_msgSend(v28, "setSensorTimes:", v29);
}
}
objc_storeStrong(&v45, 0LL);
v30 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor_interval"));
v44 = (void *)objc_retainAutoreleasedReturnValue(v30);
if ( v44 )
{
v31 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
if ( (unsigned __int64)objc_msgSend(v44, "isKindOfClass:", v31) & )
{
v32 = v52;
v33 = objc_msgSend(v44, (const char *)&unk_195EE18E6);
objc_msgSend(v32, "setSensorInterval:", v33);
}
}
objc_storeStrong(&v44, 0LL);
v34 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor"));
v43 = (void *)objc_retainAutoreleasedReturnValue(v34);
if ( v43 )
{
v35 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
if ( (unsigned __int64)objc_msgSend(v43, "isKindOfClass:", v35) & )
{
v36 = v52;
v37 = objc_msgSend(v55, "parseSensorConfig:", v43);
v38 = objc_retainAutoreleasedReturnValue(v37);
objc_msgSend(v36, "setSensorConfigs:", v38);
objc_release(v38);
}
}
objc_storeStrong(&v43, 0LL);
objc_msgSend(v52, &aSetcontent, v53);
v39 = v52;
v40 = +[SmUtils md5EncodeStr:](&OBJC_CLASS___SmUtils, "md5EncodeStr:", v53);
v41 = objc_retainAutoreleasedReturnValue(v40);
objc_msgSend(v39, (const char *)&unk_1A0F6E4CD, v41);
objc_release(v41);
v56 = objc_retain(v52);
v50 = ;
}
else
{
v56 = 0LL;
v50 = ;
}
objc_storeStrong(&jsonDecode, 0LL);
objc_storeStrong(&v52, 0LL);
objc_storeStrong(&v53, 0LL);
return (id)objc_autoreleaseReturnValue(v56);
}
解密上面的s_c数据:
//baes64+aes解密
id __cdecl +[SmCollectConfiguration parseSyscallCodes1:](SmCollectConfiguration_meta *self, SEL a2, id a3)
{
NSMutableDictionary *v3; // x0
struct objc_object *v4; // x0
struct objc_object *v5; // x0
void *v6; // x0
void *v7; // STD0_8
void *v8; // x0
void *v9; // x0
void *v10; // x0
void *v11; // ST78_8
void *v12; // x0
void *v13; // x0
void *v14; // x0
void *v15; // ST68_8
void *v16; // x0
void *v17; // x0
void *v18; // ST58_8
void *v19; // x0
void *v20; // x0
void *v21; // ST48_8
void *v22; // x0
SmSyscallCode *v23; // x0
id result; // x0
__int64 v25; // [xsp+80h] [xbp-2D0h]
void *v26; // [xsp+90h] [xbp-2C0h]
__int64 v27; // [xsp+98h] [xbp-2B8h]
__int64 v28; // [xsp+A8h] [xbp-2A8h]
void *v29; // [xsp+B0h] [xbp-2A0h]
void *v30; // [xsp+B8h] [xbp-298h]
__int64 v31; // [xsp+D8h] [xbp-278h]
void *v32; // [xsp+E8h] [xbp-268h]
__int64 v33; // [xsp+F0h] [xbp-260h]
__int64 v34; // [xsp+100h] [xbp-250h]
void *v35; // [xsp+108h] [xbp-248h]
void *v36; // [xsp+110h] [xbp-240h]
void *v37; // [xsp+130h] [xbp-220h]
void *v38; // [xsp+138h] [xbp-218h]
void *v39; // [xsp+140h] [xbp-210h]
void *v40; // [xsp+148h] [xbp-208h]
void *v41; // [xsp+150h] [xbp-200h]
void *v42; // [xsp+158h] [xbp-1F8h]
char v43; // [xsp+160h] [xbp-1F0h]
__int64 v44; // [xsp+168h] [xbp-1E8h]
__int64 *v45; // [xsp+170h] [xbp-1E0h]
__int64 v46; // [xsp+1A0h] [xbp-1B0h]
void *v47; // [xsp+1A8h] [xbp-1A8h]
char v48; // [xsp+1B0h] [xbp-1A0h]
__int64 v49; // [xsp+1B8h] [xbp-198h]
__int64 *v50; // [xsp+1C0h] [xbp-190h]
void *v51; // [xsp+1F0h] [xbp-160h]
void *v52; // [xsp+1F8h] [xbp-158h]
__int64 v53; // [xsp+200h] [xbp-150h]
int v54; // [xsp+20Ch] [xbp-144h]
void *v55; // [xsp+210h] [xbp-140h]
__int64 v56; // [xsp+218h] [xbp-138h]
SEL v57; // [xsp+220h] [xbp-130h]
SmCollectConfiguration_meta *v58; // [xsp+228h] [xbp-128h]
__int64 v59; // [xsp+230h] [xbp-120h]
char v60; // [xsp+238h] [xbp-118h]
char v61; // [xsp+2B8h] [xbp-98h]
__int64 v62; // [xsp+338h] [xbp-18h] v62 = 2133820963558129745LL;
v58 = self;
v57 = a2;
v56 = 0LL;
objc_storeStrong(&v56, a3);
v3 = sub_18DFAAFC4(&OBJC_CLASS___NSMutableDictionary, "alloc");
v55 = objc_msgSend(v3, "init");
if ( !v56 )
{
v59 = objc_retain(v55);
v54 = ;
LABEL_46:
objc_storeStrong(&v55, 0LL);
objc_storeStrong(&v56, 0LL);
return (id)objc_autoreleaseReturnValue(v59);
}
v4 = +[SmUtils aes256DecryptStr:key:](&OBJC_CLASS___SmUtils, "aes256DecryptStr:key:", v56, CFSTR("smsckey"));
v53 = objc_retainAutoreleasedReturnValue(v4);
if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v53) & )
{
v59 = objc_retain(v55);
v54 = ;
LABEL_45:
objc_storeStrong(&v53, 0LL);
goto LABEL_46;
}
v5 = +[SmUtils jsonDecode:](&OBJC_CLASS___SmUtils, "jsonDecode:", v53);
v52 = (void *)objc_retainAutoreleasedReturnValue(v5);
if ( !v52 )
{
v59 = objc_retain(v55);
v54 = ;
LABEL_44:
objc_storeStrong(&v52, 0LL);
goto LABEL_45;
}
v6 = nullsub_1421(&OBJC_CLASS___NSArray, "class");
if ( !((unsigned __int64)objc_msgSend(v52, "isKindOfClass:", v6) & ) )
{
v59 = objc_retain(v55);
v54 = ;
goto LABEL_44;
}
memset(&v48, , 0x40uLL);
v36 = (void *)objc_retain(v52);
v35 = objc_msgSend(v36, "countByEnumeratingWithState:objects:count:", &v48, &v61, 16LL);
if ( !v35 )
{
LABEL_43:
objc_release(v36);
v59 = objc_retain(v55);
v54 = ;
goto LABEL_44;
}
v34 = *v50;
v33 = 0LL;
v32 = v35;
while ( )
{
v31 = v33;
if ( *v50 != v34 )
objc_enumerationMutation(v36);
v51 = *(void **)(v49 + * v33);
if ( !v51 )
goto LABEL_41;
v7 = v51;
v8 = nullsub_1421(&OBJC_CLASS___NSDictionary, "class");
if ( !((unsigned __int64)objc_msgSend(v7, "isKindOfClass:", v8) & ) )
goto LABEL_41;
v47 = (void *)objc_retain(v51);
memset(&v43, , 0x40uLL);
v9 = objc_msgSend(v47, "allKeys");
v30 = (void *)objc_retainAutoreleasedReturnValue(v9);
v29 = objc_msgSend(v30, "countByEnumeratingWithState:objects:count:", &v43, &v60, 16LL);
if ( v29 )
break;
LABEL_40:
objc_release(v30);
objc_storeStrong(&v47, 0LL);
LABEL_41:
++v33;
if ( v31 + >= (unsigned __int64)v32 )
{
v32 = objc_msgSend(v36, "countByEnumeratingWithState:objects:count:", &v48, &v61, 16LL);
v33 = 0LL;
if ( !v32 )
goto LABEL_43;
}
}
v28 = *v45;
v27 = 0LL;
v26 = v29;
while ( )
{
v25 = v27;
if ( *v45 != v28 )
objc_enumerationMutation(v30);
v46 = *(_QWORD *)(v44 + * v27);
v10 = objc_msgSend(v47, "objectForKeyedSubscript:", v46);
v42 = (void *)objc_retainAutoreleasedReturnValue(v10);
if ( v42
&& (v11 = v42,
v12 = nullsub_1421(&OBJC_CLASS___NSDictionary, "class"),
(unsigned __int64)objc_msgSend(v11, "isKindOfClass:", v12) & ) )
{
v13 = (void *)objc_retain(v42);
v41 = v13;
v14 = objc_msgSend(v13, "objectForKeyedSubscript:", CFSTR("clazz"));
v40 = (void *)objc_retainAutoreleasedReturnValue(v14);
if ( v40
&& (v15 = v40,
v16 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
(unsigned __int64)objc_msgSend(v15, "isKindOfClass:", v16) & ) )
{
v17 = objc_msgSend(v41, "objectForKeyedSubscript:", CFSTR("method"));
v39 = (void *)objc_retainAutoreleasedReturnValue(v17);
if ( v39
&& (v18 = v39,
v19 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
(unsigned __int64)objc_msgSend(v18, "isKindOfClass:", v19) & ) )
{
v20 = objc_msgSend(v41, "objectForKeyedSubscript:", CFSTR("type"));
v38 = (void *)objc_retainAutoreleasedReturnValue(v20);
if ( v38
&& (v21 = v38,
v22 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
(unsigned __int64)objc_msgSend(v21, "isKindOfClass:", v22) & ) )
{
v23 = sub_18DFAAFC4(&OBJC_CLASS___SmSyscallCode, "alloc");
v37 = -[SmSyscallCode init](v23, "init");
objc_msgSend(v37, "setKey:", v46);
objc_msgSend(v37, "setClazz:", v40);
objc_msgSend(v37, (const char *)&unk_1A77FDCF6, v39);
objc_msgSend(v37, (const char *)&unk_195EE7F2A, v38);
objc_msgSend(v55, (const char *)&unk_195EDFD34, v37, v46);
objc_storeStrong(&v37, 0LL);
v54 = ;
}
else
{
v54 = ;
}
objc_storeStrong(&v38, 0LL);
}
else
{
v54 = ;
}
objc_storeStrong(&v39, 0LL);
}
else
{
v54 = ;
}
objc_storeStrong(&v40, 0LL);
objc_storeStrong(&v41, 0LL);
}
else
{
v54 = ;
}
result = (id)objc_storeStrong(&v42, 0LL);
if ( v54 )
{
if ( v54 != )
return result;
}
++v27;
if ( v25 + >= (unsigned __int64)v26 )
{
v26 = objc_msgSend(v30, "countByEnumeratingWithState:objects:count:", &v43, &v60, 16LL);
v27 = 0LL;
if ( !v26 )
goto LABEL_40;
}
}
}
解密后内容:
smsckey
[
{
"name":{
"clazz":"UIDevice",
"method":"name",
"type":"oc"
},
"model":{
"clazz":"UIDevice",
"method":"model",
"type":"oc"
},
"platform":{
"clazz":"UIDevice",
"method":"platform",
"type":"oc"
},
"hwmodel":{
"clazz":"UIDevice",
"method":"hwmodel",
"type":"oc"
},
"systemVersion":{
"clazz":"UIDevice",
"method":"systemVersion",
"type":"oc"
},
"localizedModel":{
"clazz":"UIDevice",
"method":"localizedModel",
"type":"oc"
},
"identifierForVendor":{
"clazz":"UIDevice",
"method":"identifierForVendor",
"type":"oc"
},
"carrierName":{
"clazz":"CTCarrier",
"method":"carrierName",
"type":"oc"
},
"isoCountryCode":{
"clazz":"CTCarrier",
"method":"isoCountryCode",
"type":"oc"
},
"mobileCountryCode":{
"clazz":"CTCarrier",
"method":"mobileCountryCode",
"type":"oc"
},
"mobileNetworkCode":{
"clazz":"CTCarrier",
"method":"mobileNetworkCode",
"type":"oc"
},
"isReachableViaWiFi":{
"clazz":"Reachability",
"method":"isReachableViaWiFi",
"type":"oc"
},
"isReachableViaWWANP":{
"clazz":"Reachability",
"method":"isReachableViaWWANP",
"type":"oc"
},
"reachabilityForInternetConnection":{
"clazz":"Reachability",
"method":"reachabilityForInternetConnection",
"type":"oc"
},
"currentRadioAccessTechnology":{
"clazz":"CTTelephonyNetworkInfo",
"method":"currentRadioAccessTechnology",
"type":"oc"
},
"value":{
"clazz":"OpenUDID",
"method":"value",
"type":"oc"
},
"valueWithError":{
"clazz":"OpenUDID",
"method":"valueWithError",
"type":"oc"
}
}
]
最终获取到的手机风险环境信息组合如下:
{
"width": ,
"sysaddrs": "8|0x18e50a390|0x18e509504|0x18e50a554|0x18e50a504|0x18e50954c|0x18e524680|0x18e44c210|0x18e5e3780",
"sysname": "Darwin",
"appname": "comkuaikancomic",
"apputm": "Kuaikan",
"languages": ["zh-Hans-CN"],
"carrier": "-NVT",
"osver": "",
"cost": "8450,42,139539",
"lstat": [, ],
"is_vpn": "false",
"rmCode": "8|0x18e4883bc|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd10243ff",
"lfrom": "gen",
"orientation": "-0012383,0000852,-0999923",
"s_c": {
"mobileNetworkCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f71718|0x901086a8|0xb9886508|0xf8686800|0xd65f03c0|0x901086a8|0xb9886503|0x1400fd0c|0x901086a8|0xb9886908|0xf8686800",
"saddr": "0x191f71718"
},
"reachabilityForInternetConnection": {
"fname": "\/usr\/lib\/libobjcAdylib",
"fbase": "0x18df88000",
"sname": "_objc_msgForward",
"opcode": "8|0x18dfa33c0|0xd0133331|0xf940ca31|0xd61f0220|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0x17fffed0|0xd503201f",
"saddr": "0x18dfa33c0"
},
"isoCountryCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f71734|0x901086a8|0xb9886908|0xf8686800|0xd65f03c0|0x901086a8|0xb9886903|0x1400fd05|0x901086a8|0xb9886d08|0x38686800",
"saddr": "0x191f71734"
},
"isReachableViaWWANP": {
"fname": "\/usr\/lib\/libobjcAdylib",
"fbase": "0x18df88000",
"sname": "_objc_msgForward",
"opcode": "8|0x18dfa33c0|0xd0133331|0xf940ca31|0xd61f0220|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0x17fffed0|0xd503201f",
"saddr": "0x18dfa33c0"
},
"hwmodel": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"fbase": "0x100064000",
"sname": "_ZN4base8internal9BindStateIMN3net24QuicQcloudSessionFactoryEFvPNS3_3JobEiEJNS0_17UnretainedWrapperIS3_EES5_EE7DestroyEPKNS0_13BindStateBaseE",
"opcode": "8|0x1020abdb8|0x900066e8|0xf9422101|0xb0001fa2|0x91056c42|0x1402c4a4|0xd100c3ff|0xa9027bfd|0x910083fd|0xd00031e8|0xf9473d08",
"saddr": "0x1016e9cac"
},
"localizedModel": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f140|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ed588|0xf9423d01|0xb00cc0c2|0x910c0042|0x961ccf71|0xaa1d03fd|0x961cecca",
"saddr": "0x19586f140"
},
"isReachableViaWiFi": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"opcode": "8|0x100f7e2d4|0xd10083ff|0xa9017bfd|0x910043fd|0xb81fc3bf|0xf000efe8|0xf9425901|0x94477b5b|0xd10013a1|0x9447724d|0x340000c0",
"fbase": "0x100064000"
},
"carrierName": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f716e0|0x901086a8|0xb9885d08|0xf8686800|0xd65f03c0|0x901086a8|0xb9885d03|0x1400fd1a|0x901086a8|0xb9886108|0xf8686800",
"saddr": "0x191f716e0"
},
"platform": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"fbase": "0x100064000",
"sname": "_ZN4base8internal9BindStateIMN3net24QuicQcloudSessionFactoryEFvPNS3_3JobEiEJNS0_17UnretainedWrapperIS3_EES5_EE7DestroyEPKNS0_13BindStateBaseE",
"opcode": "8|0x1020abd48|0x900066e8|0xf9422101|0xb0001fa2|0x91059042|0x1402c4c0|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd0006648|0xf9453101",
"saddr": "0x1016e9cac"
},
"identifierForVendor": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f288|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd00ed688|0xf9467500|0xb00ed4c8|0xf9420d01|0x961ccf1f|0xaa1d03fd|0x961cec78",
"saddr": "0x19586f288"
},
"mobileCountryCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f716fc|0x901086a8|0xb9886108|0xf8686800|0xd65f03c0|0x901086a8|0xb9886103|0x1400fd13|0x901086a8|0xb9886508|0xf8686800",
"saddr": "0x191f716fc"
},
"systemVersion": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x1955247f0|0xa9be4ff4|0xa9017bfd|0x910043fd|0xf00eefc8|0xf9423d01|0x900cdb22|0x910e8042|0x9629f9c5|0xaa1d03fd|0x962a171e",
"saddr": "0x1955247f0"
},
"currentRadioAccessTechnology": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f730a8|0xd0108688|0xf942b901|0x1700bf9c|0xd0108688|0xf942c101|0x1700bf99|0xa9be4ff4|0xa9017bfd|0x910043fd|0xaa0003f3",
"saddr": "0x191f730a8"
},
"value": {
"error": ""
},
"valueWithError": {
"error": ""
},
"model": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19560b734|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ee8a8|0xf9423d01|0xb00cd3e2|0x910c0042|0x96265df4|0xaa1d03fd|0x96267b4d",
"saddr": "0x19560b734"
},
"name": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f0e4|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ed588|0xf9423d01|0xb00cc0c2|0x910b8042|0x961ccf88|0xaa1d03fd|0x961cece1",
"saddr": "0x19586f0e4"
}
},
"networkType": "WIFI",
"riskapp": {},
"first": "false",
"appId": "",
"totalSpace": ,
"stCode": "8|0x18e50a390|0xd2802a50|0xd4001001|0x540000c3|0xa9bf7bfd",
"freeSpace": ,
"rtype": "all",
"name": "iPhone",
"scaledDensity": ,
"root": "true",
"model": "iPhone7,2",
"smid": "20190528104716e43647ec3ea6fdd0b1100ebd52ea1e4c018be30066d3xxxx",
"battery": ,
"height": ,
"sdkver": "",
"idfa": "56076342-6AA8-4EF3-A3B3-FF0E2C6EEAEF",
"acCode": "8|0x18e50a734|0xd2800430|0xd4001001|0x540000c3|0xa9bf7bfd",
"idfv": "DFF15047-2F42-4612-8BE2-8D0B248248D8",
"bssid": "c4:b8:b4:23:cd:c0",
"os": "ios",
"t": ,
"appver": "",
"boot": ,
"ssid": "Reyun",
"dns": [""],
"riskdir": {},
"track": "true",
"smseq": "",
"memory": ,
"brightness":
}
加密上传服务器(加密函数和上面加密函数一样),到这里整个流程应当完了。
0x03:总结
1.SDK主要从硬件软件两方面来获取设备数据,分两步完成,唯一ID的生成与风险环境的上报。
2. 最后感谢看完本文,如果觉得这篇文章有用可能帮助到你的朋友也欢迎转载,欢迎扫码关注公众号: