由于时间和水平有限,本文会存在诸多不足,希望得到您的及时反馈与指正,多谢!
工具环境: iPhone 6、 系统版本 10.1.1 IDA Pro 7.0
1.由于IOS系统的不开放性,能获取的信息太少,所在IOS上的防作弊产品可做的功能就相比较于安卓要少很多了。硬件方面主要获取IDFA、IDFV这两个值,软件方面主要获取一些风险APP的名称。
1.该防作弊产品提供SDK形式给开发者调用,当开发者成功集成到APP后,APP启动时就会生成一个唯一的ID值。
2.SDK客户端整体流程如图1所示:
图1
3.服务器返回的ID会存放在系统中,这个ID值用通俗的话说,就是为每台设备注册一个身份证号,它代表了设备。这样一来,如果刷量者通过hook机制来修改IDFA、mac等设备模拟新用户就不起作用了。
1.APP启动时会解密会判断本地是否缓存了deviceID值与风险app名单,如果没有就生成一个随机的deviceid然后解密写死在app中的风险文件名单。
2.从服务器获取deviceid值
如果没有缓存ID就生成一个ID,生成随机的deviceID代码如下:
1 // 第一次生成deviceid (uuid+当前时间)
2 id __cdecl -[SmidManager genFpId](SmidManager *self, SEL a2)
3 {
4 __int64 v2; // x0
5 __int64 v3; // x0
6 __int64 v4; // x0
7 __int64 v5; // x0
8 void *v6; // x0
9 void *v7; // x0
10 void *v8; // x0
11 void *v9; // x0
12 void *second; // x0
13 void *v11; // x0
14 __int64 v12; // x0
15 __int64 currtime; // ST68_8
16 id v14; // x0
17 __int64 uuid_md5; // x0
18 __int64 v16; // ST58_8
19 void *v17; // x0
20 void *v18; // x0
21 void *v19; // x0
22 void *v20; // x0
23 void *v21; // x9
24 void *v22; // x0
25 void *v23; // x0
26 void *v24; // x9
27 void *v25; // x0
28 void *v26; // x0
29 void *v27; // x9
30 void *v28; // x0
31 void *v29; // x0
32 void *v30; // x9
33 void *v31; // x0
34 void *v32; // x0
35 void *v33; // x9
36 void *v34; // x0
37 void *v35; // x0
38 void *v36; // x9
39 void *v37; // x0
40 void *v38; // x0
41 void *v39; // x9
42 void *v40; // x0
43 void *v41; // x0
44 void *v42; // x9
45 void *v43; // x0
46 struct objc_object *v44; // x0
47 struct objc_object *v45; // ST38_8
48 id v46; // x0
49 void *v47; // x0
50 __int64 v48; // x0
51 void *v49; // x0
52 __int64 v50; // ST30_8
53 __int64 v52; // [xsp+98h] [xbp-B8h]
54 void *v53; // [xsp+A0h] [xbp-B0h]
55 void *v54; // [xsp+A8h] [xbp-A8h]
56 void *v55; // [xsp+B0h] [xbp-A0h]
57 __int64 v56; // [xsp+B8h] [xbp-98h]
58 void *v57; // [xsp+C0h] [xbp-90h]
59 void *minute; // [xsp+C8h] [xbp-88h]
60 void *hour; // [xsp+D0h] [xbp-80h]
61 void *day; // [xsp+D8h] [xbp-78h]
62 void *month; // [xsp+E0h] [xbp-70h]
63 void *year; // [xsp+E8h] [xbp-68h]
64 void *v63; // [xsp+F0h] [xbp-60h]
65 __int64 v64; // [xsp+F8h] [xbp-58h]
66 void *v65; // [xsp+100h] [xbp-50h]
67 __int64 v66; // [xsp+108h] [xbp-48h]
68 struct objc_object *uuid; // [xsp+110h] [xbp-40h]
69 __int64 v68; // [xsp+118h] [xbp-38h]
70 __int64 v69; // [xsp+120h] [xbp-30h]
71 SEL v70; // [xsp+128h] [xbp-28h]
72 SmidManager *v71; // [xsp+130h] [xbp-20h]
73 __int64 v72; // [xsp+138h] [xbp-18h]
74
75 v71 = self;
76 v70 = a2;
77 v2 = CFUUIDCreate();
78 v69 = v2;
79 v3 = CFUUIDCreateString(0LL, v2);
80 v68 = v3;
81 v4 = CFStringCreateCopy(0LL, v3);
82 v72 = v4;
83 v5 = objc_autoreleaseReturnValue(v4);
84 uuid = (struct objc_object *)objc_retainAutoreleasedReturnValue(v5);
85 CFRelease(v69);
86 CFRelease(v68);
87 v6 = objc_msgSend(&OBJC_CLASS___NSDate, (const char *)&unk_195EEC6AF);
88 v66 = objc_retainAutoreleasedReturnValue(v6);
89 v7 = objc_msgSend(&OBJC_CLASS___NSCalendar, (const char *)&unk_195F34590);
90 v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
91 v65 = v8;
92 v64 = 252LL;
93 v9 = objc_msgSend(v8, (const char *)&unk_195F345E4, 252LL, v66);
94 v63 = (void *)objc_retainAutoreleasedReturnValue(v9);
95 year = objc_msgSend(v63, (const char *)&unk_195F9F96E);
96 month = objc_msgSend(v63, (const char *)&unk_195F9F973);
97 day = objc_msgSend(v63, (const char *)&unk_195F9F979);
98 hour = objc_msgSend(v63, (const char *)&unk_195F34810);
99 minute = objc_msgSend(v63, (const char *)&unk_195F5F105);
100 second = objc_msgSend(v63, (const char *)&unk_195F5F10C);
101 v57 = second;
102 v11 = objc_msgSend(
103 &OBJC_CLASS___NSString,
104 (const char *)&unk_195EDDC2A,
105 CFSTR("%04d%02d%02d%02d%02d%02d"),
106 year,
107 month,
108 day,
109 hour,
110 minute,
111 second);
112 v12 = objc_retainAutoreleasedReturnValue(v11);
113 v56 = v12;
114 currtime = v12;
115 v14 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
116 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
117 "md5EncodeStr:",
118 uuid);
119 uuid_md5 = objc_retainAutoreleasedReturnValue(v14);
120 v16 = uuid_md5;
121 v17 = objc_msgSend(
122 &OBJC_CLASS___NSString,
123 (const char *)&unk_195EDDC2A,
124 CFSTR("%@%@%@"),
125 currtime,
126 uuid_md5,
127 CFSTR("00"));
128 v55 = (void *)objc_retainAutoreleasedReturnValue(v17);
129 objc_release(v16);
130 v18 = (void *)objc_retain(&stru_1027FA700);
131 v54 = v18;
132 v19 = objc_msgSend(v18, (const char *)&unk_195EF0B91, CFSTR("shumei"));
133 v20 = (void *)objc_retainAutoreleasedReturnValue(v19);
134 v21 = v54;
135 v54 = v20;
136 objc_release(v21);
137 v22 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
138 v23 = (void *)objc_retainAutoreleasedReturnValue(v22);
139 v24 = v54;
140 v54 = v23;
141 objc_release(v24);
142 v25 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("ios"));
143 v26 = (void *)objc_retainAutoreleasedReturnValue(v25);
144 v27 = v54;
145 v54 = v26;
146 objc_release(v27);
147 v28 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
148 v29 = (void *)objc_retainAutoreleasedReturnValue(v28);
149 v30 = v54;
150 v54 = v29;
151 objc_release(v30);
152 v31 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("sec"));
153 v32 = (void *)objc_retainAutoreleasedReturnValue(v31);
154 v33 = v54;
155 v54 = v32;
156 objc_release(v33);
157 v34 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
158 v35 = (void *)objc_retainAutoreleasedReturnValue(v34);
159 v36 = v54;
160 v54 = v35;
161 objc_release(v36);
162 v37 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("key"));
163 v38 = (void *)objc_retainAutoreleasedReturnValue(v37);
164 v39 = v54;
165 v54 = v38;
166 objc_release(v39);
167 v40 = objc_msgSend(v54, (const char *)&unk_195EF0B91, CFSTR("_"));
168 v41 = (void *)objc_retainAutoreleasedReturnValue(v40);
169 v42 = v54;
170 v54 = v41;
171 objc_release(v42);
172 v43 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@%@"), v54, v55);
173 v44 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v43);
174 v45 = v44;
175 v46 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
176 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
177 "md5EncodeStr:",
178 v44);
179 v53 = (void *)objc_retainAutoreleasedReturnValue(v46);
180 objc_release(v45);
181 v47 = objc_msgSend(v53, (const char *)&unk_195F19145, 14LL);
182 v48 = objc_retainAutoreleasedReturnValue(v47);
183 v52 = v48;
184 v49 = objc_msgSend(v55, (const char *)&unk_195EF0B91, v48);
185 v50 = objc_retainAutoreleasedReturnValue(v49);
186 objc_storeStrong(&v52, 0LL);
187 objc_storeStrong(&v53, 0LL);
188 objc_storeStrong(&v54, 0LL);
189 objc_storeStrong(&v55, 0LL);
190 objc_storeStrong(&v56, 0LL);
191 objc_storeStrong(&v63, 0LL);
192 objc_storeStrong(&v65, 0LL);
193 objc_storeStrong(&v66, 0LL);
194 objc_storeStrong(&uuid, 0LL);
195 return (id)objc_autoreleaseReturnValue(v50);
196 }
判断deviceID类型 本地随机生成为0 服务下发的为1
1 signed __int64 __cdecl +[SmidManager typeId:](SmidManager_meta *self, SEL a2, id a3)
2 {
3 void *v3; // x0
4 void *v4; // x0
5 void *v5; // x0
6 void *v6; // x8
7 void *v7; // x0
8 void *v8; // x0
9 void *v9; // x8
10 void *v10; // x0
11 void *v11; // x0
12 void *v12; // x8
13 void *v13; // x0
14 void *v14; // x0
15 void *v15; // x8
16 void *v16; // x0
17 void *v17; // x0
18 void *v18; // x8
19 void *v19; // x0
20 void *v20; // x0
21 void *v21; // x8
22 void *v22; // x0
23 void *v23; // x0
24 void *v24; // x8
25 void *v25; // x0
26 void *v26; // x0
27 void *v27; // x8
28 void *v28; // x0
29 __int64 v29; // x0
30 __int64 v30; // ST18_8
31 void *v31; // x0
32 id v32; // x0
33 void *v33; // x0
34 void *v34; // x0
35 __int64 v35; // x0
36 __int64 v36; // x8
37 void *v37; // x0
38 __int64 v39; // [xsp+68h] [xbp-48h]
39 void *v40; // [xsp+70h] [xbp-40h]
40 struct objc_object *v41; // [xsp+78h] [xbp-38h]
41 void *v42; // [xsp+80h] [xbp-30h]
42 int v43; // [xsp+8Ch] [xbp-24h]
43 void *v44; // [xsp+90h] [xbp-20h]
44 SEL v45; // [xsp+98h] [xbp-18h]
45 SmidManager_meta *v46; // [xsp+A0h] [xbp-10h]
46 __int64 v47; // [xsp+A8h] [xbp-8h]
47
48 v46 = self;
49 v45 = a2;
50 v44 = 0LL;
51 objc_storeStrong(&v44, a3);
52 if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v44) & 1
53 || objc_msgSend(v44, (const char *)&unk_195EE38EE) != &unk_3E )
54 {
55 v47 = -1LL;
56 v43 = 1;
57 }
58 else
59 {
60 v3 = (void *)objc_retain(&stru_1027FA700);
61 v42 = v3;
62 v4 = objc_msgSend(v3, (const char *)&unk_195EF0B91, CFSTR("shumei"));
63 v5 = (void *)objc_retainAutoreleasedReturnValue(v4);
64 v6 = v42;
65 v42 = v5;
66 objc_release(v6);
67 v7 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
68 v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
69 v9 = v42;
70 v42 = v8;
71 objc_release(v9);
72 v10 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("ios"));
73 v11 = (void *)objc_retainAutoreleasedReturnValue(v10);
74 v12 = v42;
75 v42 = v11;
76 objc_release(v12);
77 v13 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
78 v14 = (void *)objc_retainAutoreleasedReturnValue(v13);
79 v15 = v42;
80 v42 = v14;
81 objc_release(v15);
82 v16 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("sec"));
83 v17 = (void *)objc_retainAutoreleasedReturnValue(v16);
84 v18 = v42;
85 v42 = v17;
86 objc_release(v18);
87 v19 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
88 v20 = (void *)objc_retainAutoreleasedReturnValue(v19);
89 v21 = v42;
90 v42 = v20;
91 objc_release(v21);
92 v22 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("key"));
93 v23 = (void *)objc_retainAutoreleasedReturnValue(v22);
94 v24 = v42;
95 v42 = v23;
96 objc_release(v24);
97 v25 = objc_msgSend(v42, (const char *)&unk_195EF0B91, CFSTR("_"));
98 v26 = (void *)objc_retainAutoreleasedReturnValue(v25);
99 v27 = v42;
100 v42 = v26;
101 objc_release(v27);
102 v28 = objc_msgSend(v44, (const char *)&unk_195F19145, 48LL);
103 v29 = objc_retainAutoreleasedReturnValue(v28);
104 v30 = v29;
105 v31 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@%@"), v42, v29);
106 v41 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v31);
107 objc_release(v30);
108 v32 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
109 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
110 "md5EncodeStr:",
111 v41);
112 v33 = (void *)objc_retainAutoreleasedReturnValue(v32);
113 v40 = v33;
114 v34 = objc_msgSend(v33, (const char *)&unk_195F19145, 14LL);
115 v35 = objc_retainAutoreleasedReturnValue(v34);
116 v36 = (__int64)v40;
117 v40 = (void *)v35;
118 objc_release(v36);
119 v37 = objc_msgSend(v44, (const char *)&unk_195EDFD20, 48LL);
120 v39 = objc_retainAutoreleasedReturnValue(v37);
121 if ( (unsigned __int64)+[SmStrUtils equal:right:](&OBJC_CLASS___SmStrUtils, "equal:right:", v40, v39) & 1 )
122 {
123 if ( (unsigned __int16)objc_msgSend(v44, (const char *)&unk_195F17186, 47LL) == 48 )
124 {
125 v47 = 0LL;
126 v43 = 1;
127 }
128 else
129 {
130 if ( (unsigned __int16)objc_msgSend(v44, (const char *)&unk_195F17186, 47LL) == 49 )
131 v47 = 1LL;
132 else
133 v47 = -1LL;
134 v43 = 1;
135 }
136 }
137 else
138 {
139 v47 = 2LL;
140 v43 = 1;
141 }
142 objc_storeStrong(&v39, 0LL);
143 objc_storeStrong(&v40, 0LL);
144 objc_storeStrong(&v41, 0LL);
145 objc_storeStrong(&v42, 0LL);
146 }
147 objc_storeStrong(&v44, 0LL);
148 return v47;
149 }
将获取到的硬件信息与刚生成的deviceid组合加密传给服务器,如果成功服务器就返回一个deviceID值。
1 //组合请求体
2 {
3 "lstat":[
4 1,
5 0
6 ],
7 "idfa":"56076342-6AA8-4EF3-A3B3-FF0E2C6Exxxx",
8 "os":"ios",
9 "rtype":"core",
10 "t":1559112353610,
11 "sdkver":"2.5.0",
12 "idfv":"DFF15047-2F42-4612-8BE2-8D0B2482xxxx",
13 "boot":1559009952219,
14 "appId":"",
15 "lfrom":"gen",
16 "smid":"2019052914070272ea50eee30ea85b0bcc2141c04e5bcd00ebfc34bfe82ae9" //本地随机生成
17 }
加密传给服务器 获取deviceid key为smsdkWd4Z1WnKWa9R3ud4Jxxx(md5值)
1 id __cdecl -[SmAntiFraud wrap:](SmAntiFraud *self, SEL a2, id a3)
2 {
3 void *v3; // x0
4 __int64 v4; // x0
5 __int64 v5; // STD0_8
6 void *v6; // x0
7 void *v7; // STC8_8
8 void *v8; // x0
9 __int64 v9; // x0
10 __int64 v10; // STC0_8
11 void *v11; // x0
12 id v12; // x0
13 void *v13; // x0
14 void *v14; // STB8_8
15 void *v15; // x0
16 id v16; // x0
17 __int64 v17; // x0
18 __int64 v18; // x8
19 NSMutableDictionary *v19; // x0
20 void *v20; // x0
21 void *v21; // STA8_8
22 char v22; // STA4_1
23 void *v23; // x0
24 __int64 v24; // ST90_8
25 void *v25; // x0
26 __int64 v26; // ST78_8
27 id v27; // x0
28 __int64 v28; // x0
29 __int64 v29; // ST58_8
30 void *v30; // x0
31 void *v31; // x0
32 __int64 v32; // x0
33 const __CFString *v33; // x9
34 __int64 v34; // ST48_8
35 void *v35; // x0
36 id v36; // x0
37 struct objc_object *v37; // x0
38 id v38; // x0
39 __int64 v39; // x0
40 __int64 v40; // x8
41 __int64 v41; // ST30_8
42 __int64 v43; // [xsp+D8h] [xbp-68h]
43 struct objc_object *v44; // [xsp+E0h] [xbp-60h]
44 __int64 v45; // [xsp+E8h] [xbp-58h]
45 void *v46; // [xsp+F0h] [xbp-50h]
46 struct objc_object *v47; // [xsp+F8h] [xbp-48h]
47 struct objc_object *v48; // [xsp+100h] [xbp-40h]
48 __int64 v49; // [xsp+108h] [xbp-38h]
49 char v50; // [xsp+117h] [xbp-29h]
50 struct objc_object *v51; // [xsp+118h] [xbp-28h]
51 SEL v52; // [xsp+120h] [xbp-20h]
52 SmAntiFraud *v53; // [xsp+128h] [xbp-18h]
53
54 v53 = self;
55 v52 = a2;
56 v51 = 0LL;
57 objc_storeStrong(&v51, a3);
58 if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v51) & 1 )
59 objc_storeStrong(&v51, &stru_1027FA700);
60 v50 = 0;
61 v49 = 0LL;
62 if ( (unsigned __int64)objc_msgSend(v53->_option, (const char *)&unk_1A7804C37) & 1 )
63 {
64 v3 = objc_msgSend(v53->_option, (const char *)&unk_192B2C190);
65 v4 = objc_retainAutoreleasedReturnValue(v3);
66 v5 = v4;
67 v6 = objc_msgSend(CFSTR("smsdk"), (const char *)&unk_195EF0B91, v4);
68 v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
69 v8 = -[SmOption privKey](v53->_option, "privKey");
70 v9 = objc_retainAutoreleasedReturnValue(v8);
71 v10 = v9;
72 v11 = objc_msgSend(v7, (const char *)&unk_195EF0B91, v9);
73 v48 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v11);
74 objc_release(v10);
75 objc_release(v7);
76 objc_release(v5);
77 v12 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
78 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
79 "md5EncodeStr:",
80 v48);
81 v13 = (void *)objc_retainAutoreleasedReturnValue(v12);
82 v14 = v13;
83 v15 = objc_msgSend(v13, (const char *)&unk_195F390C0);
84 v47 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v15);
85 objc_release(v14);
86 v16 = ((id (__cdecl *)(SmUtils_meta *, SEL, id, id))objc_msgSend)(
87 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
88 "aes256EncryptStr:key:",
89 v51,
90 v47);
91 v17 = objc_retainAutoreleasedReturnValue(v16);
92 v18 = v49;
93 v49 = v17;
94 objc_release(v18);
95 v50 = 1;
96 objc_storeStrong(&v47, 0LL);
97 objc_storeStrong(&v48, 0LL);
98 }
99 else
100 {
101 objc_storeStrong(&v49, v51);
102 }
103 if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v49) & 1 )
104 objc_storeStrong(&v49, &stru_1027FA700);
105 v19 = sub_18DFAAFC4(&OBJC_CLASS___NSMutableDictionary, "alloc");
106 v46 = objc_msgSend(v19, (const char *)&unk_195EEC7EA, 5LL);
107 objc_msgSend(v46, "setObject:forKey:", v49, CFSTR("fingerprint"));
108 if ( v50 & 1 )
109 {
110 v20 = -[SmOption privKey](v53->_option, "privKey");
111 v21 = (void *)objc_retainAutoreleasedReturnValue(v20);
112 v22 = (unsigned __int64)objc_msgSend(v21, (const char *)&unk_195EDE27E, &stru_1027FA700);
113 objc_release(v21);
114 if ( v22 & 1 )
115 {
116 v23 = objc_msgSend(&OBJC_CLASS___NSNumber, (const char *)&unk_195EE35B1, 4LL);
117 v24 = objc_retainAutoreleasedReturnValue(v23);
118 objc_msgSend(v46, "setObject:forKey:", v24, CFSTR("fpEncode"));
119 objc_release(v24);
120 }
121 else
122 {
123 v25 = objc_msgSend(&OBJC_CLASS___NSNumber, (const char *)&unk_195EE35B1, 6LL);
124 v26 = objc_retainAutoreleasedReturnValue(v25);
125 objc_msgSend(v46, "setObject:forKey:", v26, CFSTR("fpEncode"));
126 objc_release(v26);
127 }
128 }
129 v27 = ((id (__cdecl *)(SmUtils_meta *, SEL))objc_msgSend)((SmUtils_meta *)&OBJC_CLASS___SmUtils, "currentTimeMillis");
130 v28 = objc_retainAutoreleasedReturnValue(v27);
131 v29 = v28;
132 v30 = objc_msgSend(&OBJC_CLASS___NSString, (const char *)&unk_195EDDC2A, CFSTR("%@"), v28);
133 v45 = objc_retainAutoreleasedReturnValue(v30);
134 objc_release(v29);
135 objc_msgSend(v46, "setObject:forKey:", v45, CFSTR("sessionId"));
136 v31 = objc_msgSend(v53->_option, (const char *)&unk_192B2C190);
137 v32 = objc_retainAutoreleasedReturnValue(v31);
138 v33 = CFSTR("0");
139 if ( v50 & 1 )
140 v33 = CFSTR("1");
141 v34 = v32;
142 v35 = objc_msgSend(
143 &OBJC_CLASS___NSMutableDictionary,
144 (const char *)&unk_195EE678B,
145 v32,
146 CFSTR("organization"),
147 v46,
148 CFSTR("data"),
149 v33,
150 CFSTR("encrypt"),
151 0LL);
152 v44 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v35);
153 objc_release(v34);
154 v36 = ((id (__cdecl *)(SmUtils_meta *, SEL, id))objc_msgSend)(
155 (SmUtils_meta *)&OBJC_CLASS___SmUtils,
156 "jsonEncode:",
157 v44);
158 v37 = (struct objc_object *)objc_retainAutoreleasedReturnValue(v36);
159 v43 = (__int64)v37;
160 v38 = ((id (__cdecl *)(SmStrUtils_meta *, SEL, id))objc_msgSend)(
161 (SmStrUtils_meta *)&OBJC_CLASS___SmStrUtils,
162 "safe:",
163 v37);
164 v39 = objc_retainAutoreleasedReturnValue(v38);
165 v40 = v43;
166 v43 = v39;
167 objc_release(v40);
168 v41 = objc_retain(v43);
169 objc_storeStrong(&v43, 0LL);
170 objc_storeStrong(&v44, 0LL);
171 objc_storeStrong(&v45, 0LL);
172 objc_storeStrong(&v46, 0LL);
173 objc_storeStrong(&v49, 0LL);
174 objc_storeStrong(&v51, 0LL);
175 return (id)objc_autoreleaseReturnValue(v41);
176 }
成功后返回deviceid,最后将值存放在Keychain中FP_IP,下次直接读取使用,如图2所示:
图2
3.发送手机风险信息给服务器
解密写死在app里的的风险名单数据:
{
"code":0, "data":"pITcmNnygx1Ur4MYHadrCIFU+IzwDyA36ry3e8fo71LJgY2o68GGAeBDtDRGuriGM3JLsy4+qDAra8DHJJmlsn/BZGgu+iEo5eFknYAjymoTJqG66DlmpL7D6120NMB50lrYEiFiWkk6x/NPz9N+gPLbFgo3bDsNg7UO3zpIGIYUy/D4k6FpjItjEwLI4Gi21eRUTF2GTci5mEiHG67FcyxMeXTOJdv6WCS393aqWl/m5zv7YfbdIYNYIQPOkZuVUFVaENNPcEhvUiS5Iyw8x46ht2tm6I0U7CgCjLYjqxGCeJ5zWk9lMEvw97D3DBU5YGj8BcgNNc3YhTBaUahRxBtwS+n2jsqmZ2DJ/3rQLzbB56iQEjsFcNWFTdGStxM2Df2e6NoGteve6h3+0mAGrsEr3JhAuea7SiONznXLX6mE5J5xHWS/AhjBWfs5SJ8qi+sZMVt3VqQ20JSUUkMZD9C9i6zbmjFOuopIyXVspDr1y9d6kyveXMT+2RlA70DWwTaWUj1uEgYcHE+63I/nZdluMsZj/tmnxGbmjOfoYgyIA8YoOCT2L5pjs4aRrXAQBy346I6IkVL1WegbqC7IOJfdvBDtaB9JFwgkJoMQOVmTb9qSKi6K2lEptySCTGWuK+m1UJg7tmETf/fDTyjO8Euyft1f5f7ybbrh6yM5aeLCNF/pRYT9LuyiBvCTALLk/VVZHtynRCEaf/D0qi1xC0tlIjvTuHTDoODpaTZkXJy6Gc3S7BzogstgtjGGvbHU0ZJUuT/exRnEu8OEr93MFJyo2XgIwhSgj7re0YYSLEBNS6QH4D6GMkwKFqwpG1nIUtWTyVI1kcoGMfvhhOfxgZ0DDpHJMgacgI5lsJzNRaOhCGzv0VwarOe2jZI6bH/wFnSc8wu+Dlnljuv93E6FjQ6vtFABwQ6ILKksHvDWrtL9OKFLcwtyMl06gM4QF4KrAigLPtb5xACIcO4lYZnkS4e0ovoRxVp5FKICNEQF5AQBLxJAoBAEmFbV0I0BRShP5j9lrS/NhoMB1TrK6KgGfsFl7m6wGfYZXvcgfTibSMFe62mL7xulVZV1VroEawIujJ7koWfNA6MBnSUN6XrYgfDQPslk5Sx/6zhBRQsy8FmBpDzkvDPJxpLXtF5mxhJ8FHgeIVqXnUiNJ4rlWb2lCMG45Espx5C38s9tb+AqUgnOISotpPR7tCL+r57SLGRPXxRH9pLHsiRs7lmJXYqP8zZdFjTJrgu3atSqZpjpkfzM7M/NChBG1kJuFWPNYU3wSgz9BiOs36OLuOjCH0npxujVkXaSkN/Kdc18+cf/thRvkxxry2mYrvbmHJ1xY4OfjGl8w2vHzm3paOwFVtdc+Uomq7ME5+tkP5JnUMILL4pCCGxj0KecIFpU87mraS4xjuwH7vjHIcfN7ZjDZ7rEHDzon8OT5fkMvl9di7hetM1JQwHGSajT+ETkNGYaO+JHjDZNN0PIvvl0VVezc6p4Ch+Q8c1P77nefGurltQobFpFmQR2noUg8IusJF8IVnmIGTSaxVCog+mHjyTw4mGrOcpG9paUlvi6r+qGIh13SW84+PRyNjYu5RUlUimrp26+XAPCx2PSiJ++gnet8vukvFpT+yBj/Ans/uBgrVvxONxnxZuL/wOzJ0rEdwzDCWOt+QDt2tpJSpVKc+jTQ0Zsi+V0AxfmgipoEusD/y0g9hd1T4euAf6uLvKxEUREU8Iz1CwG9xY72sIW+5FvAk2tGtaAPMPiFlub6iV2wYANjzQgcnfXlDvb3Tv7dQ9YyXtIWjt9UTyPBcVep/NIkG6LRZRcceZHE1aWddoeoTRX3GcwZo0czuIJPVEK7Nfn0uqGUXp5CsZvMTm6pCWZhC8JSVDl7hOXjmyJABmjVOBrY3UNX+srtSK/B10SeN/jTvONcC4T8LDSRkciENE68HX5X79EALd9tGQAedW54sJubIE7fI1P3w51SpB894p5L7o6TSDPacUWRCTCdMtVwEa0IiYNbeikGirQPKh1pGxf4i0+icmyw6dQFKzRhei+uPTQI21taPrOzBCRttyLlCw7CqMz32T00MuPZrEZsfXbjPgAGN+ue7OGggTMBmoc3WMtkEHWDBsbBRgnrFeyXD53ylXIMyRLNiJ6FOhj3c0rF6JnmBcYRnA70L20K+qwRsJ3VkJA7afjLvHpUgwY7bR3fie/vViGWbHtgol4p1itqpHpUvqsv7Lb9tARPdYATw0zuWliEmOXmj5zQ+r7DKfpEc/Ao+yyu180B5hd3ZsaN5Rqd6EIhnBfNLvE1gtA0IkJ3E6xmtM8dIeT2pgcDw/qQoGrP/wAvZ2tqsI9A/EFMOTBfcG4vYf5lHw8/59vNHL4dWqmYz0eP41gaKa7aWTZwJXXTwe+VfuS5ckaVS8fa3xSKO32HOkS6jYJEqAQBbr6kugjuRpDtpH2c4KstWbQAnilg96pzpT6qUMvyDWC7qHbzK9UxO53+aK4J+kr9gpL0AkpUjBWpYJ7F0Adp8XmFdA6w+S1uCQ22F892N8QhiHhW+w+DSFXNoDqNcXnAtmWzXbP2PvfKVhSwQ8mbmDq4xomqRskP+6e4xK1mOIiJYJoIR7CkBhxQbglr03zRnHF4WvEUMPOuTBcXIBUiWAPVvCAMhZ/1NUJk9B6KPlJYTYWCcgHwF70m9/PIenGvnXTFa6gbwEvrUNEhku221NBsCT1sHH6fKec",
"enc":1,
"length":2038,
"ver":1
}
解密函数:
1 __text:0000000101D60C04
2 __text:0000000101D60C04 ; id __cdecl -[SmCloudConfiguration parseConf:WithLength:WithEnc:WithVer:](SmCloudConfiguration *self, SEL, id, int, int, int)
3 __text:0000000101D60C04 __SmCloudConfiguration_parseConf_WithLength_WithEnc_WithVer__
4 __text:0000000101D60C04
5 __text:0000000101D60C04
6 __text:0000000101D60C04 var_90= -0x90
7 __text:0000000101D60C04 var_88= -0x88
8 __text:0000000101D60C04 var_80= -0x80
9 __text:0000000101D60C04 var_78= -0x78
10 __text:0000000101D60C04 var_6C= -0x6C
11 __text:0000000101D60C04 var_68= -0x68
12 __text:0000000101D60C04 var_64= -0x64
13 __text:0000000101D60C04 var_60= -0x60
14 __text:0000000101D60C04 var_58= -0x58
15 __text:0000000101D60C04 var_50= -0x50
16 __text:0000000101D60C04 var_48= -0x48
17 __text:0000000101D60C04 var_3C= -0x3C
18 __text:0000000101D60C04 var_38= -0x38
19 __text:0000000101D60C04 var_2C= -0x2C
20 __text:0000000101D60C04 var_28= -0x28
21 __text:0000000101D60C04 var_24= -0x24
22 __text:0000000101D60C04 var_20= -0x20
23 __text:0000000101D60C04 var_18= -0x18
24 __text:0000000101D60C04 var_10= -0x10
25 __text:0000000101D60C04 var_8= -8
26 __text:0000000101D60C04 var_s0= 0
27 __text:0000000101D60C04
28 __text:0000000101D60C04 FF 83 02 D1 SUB SP, SP, #0xA0
29 __text:0000000101D60C08 FD 7B 09 A9 STP X29, X30, [SP,#0x90+var_s0]
30 __text:0000000101D60C0C FD 43 02 91 ADD X29, SP, #0x90
31 __text:0000000101D60C10 A8 83 00 D1 SUB X8, X29, #-var_20
32 __text:0000000101D60C14 09 00 80 D2 MOV X9, #0
33 __text:0000000101D60C18 A0 03 1F F8 STUR X0, [X29,#var_10]
34 __text:0000000101D60C1C A1 83 1E F8 STUR X1, [X29,#var_18]
35 __text:0000000101D60C20 A9 03 1E F8 STUR X9, [X29,#var_20]
36 __text:0000000101D60C24 E0 03 08 AA MOV X0, X8
37 __text:0000000101D60C28 E1 03 02 AA MOV X1, X2
38 __text:0000000101D60C2C E4 2F 00 B9 STR W4, [SP,#0x90+var_64]
39 __text:0000000101D60C30 E3 2B 00 B9 STR W3, [SP,#0x90+var_68]
40 __text:0000000101D60C34 E5 27 00 B9 STR W5, [SP,#0x90+var_6C]
41 __text:0000000101D60C38 3B D1 11 94 BL _objc_storeStrong
42 __text:0000000101D60C3C 68 85 00 D0 ADRP X8, #selRef_base64DecodeStr_@PAGE
43 __text:0000000101D60C40 08 41 1E 91 ADD X8, X8, #selRef_base64DecodeStr_@PAGEOFF
44 __text:0000000101D60C44 09 86 00 90 ADRP X9, #classRef_SmUtils@PAGE
45 __text:0000000101D60C48 29 21 1C 91 ADD X9, X9, #classRef_SmUtils@PAGEOFF
46 __text:0000000101D60C4C E3 2B 40 B9 LDR W3, [SP,#0x90+var_68]
47 __text:0000000101D60C50 A3 C3 1D B8 STUR W3, [X29,#var_24]
48 __text:0000000101D60C54 E4 2F 40 B9 LDR W4, [SP,#0x90+var_64]
49 __text:0000000101D60C58 A4 83 1D B8 STUR W4, [X29,#var_28]
50 __text:0000000101D60C5C E5 27 40 B9 LDR W5, [SP,#0x90+var_6C]
51 __text:0000000101D60C60 A5 43 1D B8 STUR W5, [X29,#var_2C]
52 __text:0000000101D60C64 29 01 40 F9 LDR X9, [X9]
53 __text:0000000101D60C68 A2 03 5E F8 LDUR X2, [X29,#var_20]
54 __text:0000000101D60C6C 01 01 40 F9 LDR X1, [X8] ; "base64DecodeStr:"
55 __text:0000000101D60C70 E0 03 09 AA MOV X0, X9 ; void *
56 __text:0000000101D60C74 F9 D0 11 94 BL _objc_msgSend ; base64解密
57 __text:0000000101D60C78 FD 03 1D AA MOV X29, X29
58 __text:0000000101D60C7C 12 D1 11 94 BL _objc_retainAutoreleasedReturnValue
59 __text:0000000101D60C80 A0 83 1C F8 STUR X0, [X29,#var_38]
60 __text:0000000101D60C84 A8 83 5C F8 LDUR X8, [X29,#var_38]
61 __text:0000000101D60C88 C8 00 00 B5 CBNZ X8, loc_101D60CA0
62 __text:0000000101D60C8C E8 03 00 32 MOV W8, #1
63 __text:0000000101D60C90 09 00 80 D2 MOV X9, #0
64 __text:0000000101D60C94 A9 83 1F F8 STUR X9, [X29,#var_8]
65 __text:0000000101D60C98 A8 43 1C B8 STUR W8, [X29,#var_3C]
66 __text:0000000101D60C9C B5 00 00 14 B loc_101D60F70
67 __text:0000000101D60CA0
68 __text:0000000101D60CA0
69 __text:0000000101D60CA0 loc_101D60CA0
70 __text:0000000101D60CA0 08 00 80 D2 MOV X8, #0
71 __text:0000000101D60CA4 E8 27 00 F9 STR X8, [SP,#0x90+var_48]
72 __text:0000000101D60CA8 E8 23 00 F9 STR X8, [SP,#0x90+var_50]
73 __text:0000000101D60CAC A9 83 5D B8 LDUR W9, [X29,#var_28]
74 __text:0000000101D60CB0 3F 05 00 71 CMP W9, #1
75 __text:0000000101D60CB4 81 0B 00 54 B.NE loc_101D60E24
76 __text:0000000101D60CB8 68 85 00 D0 ADRP X8, #selRef_desDecodeDataToData_key_length_@PAGE
77 __text:0000000101D60CBC 08 E1 1E 91 ADD X8, X8, #selRef_desDecodeDataToData_key_length_@PAGEOFF
78 __text:0000000101D60CC0 E9 53 00 B0 ADRP X9, #off_1027DD1F0@PAGE
79 __text:0000000101D60CC4 29 C1 07 91 ADD X9, X9, #off_1027DD1F0@PAGEOFF
80 __text:0000000101D60CC8 0A 86 00 90 ADRP X10, #classRef_SmUtils@PAGE
81 __text:0000000101D60CCC 4A 21 1C 91 ADD X10, X10, #classRef_SmUtils@PAGEOFF
82 __text:0000000101D60CD0 4A 01 40 F9 LDR X10, [X10]
83 __text:0000000101D60CD4 A2 83 5C F8 LDUR X2, [X29,#var_38]
84 __text:0000000101D60CD8 23 01 40 F9 LDR X3, [X9] ; "zaq1mko0"
85 __text:0000000101D60CDC A4 C3 9D B8 LDURSW X4, [X29,#var_24]
86 __text:0000000101D60CE0 01 01 40 F9 LDR X1, [X8] ; "desDecodeDataToData:key:length:"
87 __text:0000000101D60CE4 E0 03 0A AA MOV X0, X10 ; void *
88 __text:0000000101D60CE8 DC D0 11 94 BL _objc_msgSend ; +[SmUtils desDecodeDataToData:key:length:]
89 __text:0000000101D60CEC FD 03 1D AA MOV X29, X29
90 __text:0000000101D60CF0 F5 D0 11 94 BL _objc_retainAutoreleasedReturnValue
91 __text:0000000101D60CF4 E0 1F 00 F9 STR X0, [SP,#0x90+var_58]
92 __text:0000000101D60CF8 E8 1F 40 F9 LDR X8, [SP,#0x90+var_58]
93 __text:0000000101D60CFC C8 00 00 B5 CBNZ X8, loc_101D60D14
94 __text:0000000101D60D00 E8 03 00 32 MOV W8, #1
95 __text:0000000101D60D04 09 00 80 D2 MOV X9, #0
96 __text:0000000101D60D08 A9 83 1F F8 STUR X9, [X29,#var_8]
97 __text:0000000101D60D0C A8 43 1C B8 STUR W8, [X29,#var_3C]
98 __text:0000000101D60D10 3E 00 00 14 B loc_101D60E08
99 __text:0000000101D60D14
100 __text:0000000101D60D14
101 __text:0000000101D60D14 loc_101D60D14
102 __text:0000000101D60D14 08 86 00 90 ADRP X8, #classRef_SmZipUtil@PAGE
103 __text:0000000101D60D18 08 C1 1C 91 ADD X8, X8, #classRef_SmZipUtil@PAGEOFF
104 __text:0000000101D60D1C 08 01 40 F9 LDR X8, [X8]
105 __text:0000000101D60D20 E9 1F 40 F9 LDR X9, [SP,#0x90+var_58]
106 __text:0000000101D60D24 E0 03 09 AA MOV X0, X9
107 __text:0000000101D60D28 E8 0F 00 F9 STR X8, [SP,#0x90+var_78]
108 __text:0000000101D60D2C E0 D0 11 94 BL _objc_retainAutorelease
109 __text:0000000101D60D30 48 83 00 B0 ADRP X8, #selRef_bytes@PAGE
110 __text:0000000101D60D34 08 A1 3B 91 ADD X8, X8, #selRef_bytes@PAGEOFF
111 __text:0000000101D60D38 01 01 40 F9 LDR X1, [X8] ; "bytes"
112 __text:0000000101D60D3C C7 D0 11 94 BL _objc_msgSend
113 __text:0000000101D60D40 28 83 00 F0 ADRP X8, #selRef_length@PAGE
114 __text:0000000101D60D44 08 61 2B 91 ADD X8, X8, #selRef_length@PAGEOFF
115 __text:0000000101D60D48 E9 1F 40 F9 LDR X9, [SP,#0x90+var_58]
116 __text:0000000101D60D4C 01 01 40 F9 LDR X1, [X8] ; "length"
117 __text:0000000101D60D50 E0 0B 00 F9 STR X0, [SP,#0x90+var_80]
118 __text:0000000101D60D54 E0 03 09 AA MOV X0, X9 ; void *
119 __text:0000000101D60D58 C0 D0 11 94 BL _objc_msgSend
120 __text:0000000101D60D5C 68 85 00 D0 ADRP X8, #selRef_zlibDecompressed_WithLength_@PAGE
121 __text:0000000101D60D60 08 A1 1F 91 ADD X8, X8, #selRef_zlibDecompressed_WithLength_@PAGEOFF
122 __text:0000000101D60D64 01 01 40 F9 LDR X1, [X8] ; "zlibDecompressed:WithLength:"
123 __text:0000000101D60D68 E8 0F 40 F9 LDR X8, [SP,#0x90+var_78]
124 __text:0000000101D60D6C E0 07 00 F9 STR X0, [SP,#0x90+var_88]
125 __text:0000000101D60D70 E0 03 08 AA MOV X0, X8 ; void *
126 __text:0000000101D60D74 E2 0B 40 F9 LDR X2, [SP,#0x90+var_80]
127 __text:0000000101D60D78 E3 07 40 F9 LDR X3, [SP,#0x90+var_88]
128 __text:0000000101D60D7C B7 D0 11 94 BL _objc_msgSend ; 解压
129 __text:0000000101D60D80 FD 03 1D AA MOV X29, X29
130 __text:0000000101D60D84 D0 D0 11 94 BL _objc_retainAutoreleasedReturnValue
131 __text:0000000101D60D88 E0 1B 00 F9 STR X0, [SP,#0x90+var_60]
132 __text:0000000101D60D8C E8 1B 40 F9 LDR X8, [SP,#0x90+var_60]
133 __text:0000000101D60D90 C8 00 00 B5 CBNZ X8, loc_101D60DA8
134 __text:0000000101D60D94 E8 03 00 32 MOV W8, #1
135 __text:0000000101D60D98 09 00 80 D2 MOV X9, #0
136 __text:0000000101D60D9C A9 83 1F F8 STUR X9, [X29,#var_8]
137 __text:0000000101D60DA0 A8 43 1C B8 STUR W8, [X29,#var_3C]
138 __text:0000000101D60DA4 14 00 00 14 B loc_101D60DF4
139 __text:0000000101D60DA8
140 __text:0000000101D60DA8
141 __text:0000000101D60DA8 loc_101D60DA8
142 __text:0000000101D60DA8 28 83 00 F0 ADRP X8, #selRef_alloc@PAGE
143 __text:0000000101D60DAC 08 21 19 91 ADD X8, X8, #selRef_alloc@PAGEOFF
144 __text:0000000101D60DB0 C9 85 00 B0 ADRP X9, #classRef_NSString@PAGE
145 __text:0000000101D60DB4 29 01 28 91 ADD X9, X9, #classRef_NSString@PAGEOFF
146 __text:0000000101D60DB8 29 01 40 F9 LDR X9, [X9]
147 __text:0000000101D60DBC 01 01 40 F9 LDR X1, [X8] ; "alloc"
148 __text:0000000101D60DC0 E0 03 09 AA MOV X0, X9 ; void *
149 __text:0000000101D60DC4 A5 D0 11 94 BL _objc_msgSend
150 __text:0000000101D60DC8 E3 03 7E B2 MOV X3, #4
151 __text:0000000101D60DCC 48 83 00 B0 ADRP X8, #selRef_initWithData_encoding_@PAGE
152 __text:0000000101D60DD0 08 41 2E 91 ADD X8, X8, #selRef_initWithData_encoding_@PAGEOFF
153 __text:0000000101D60DD4 E2 1B 40 F9 LDR X2, [SP,#0x90+var_60]
154 __text:0000000101D60DD8 01 01 40 F9 LDR X1, [X8] ; "initWithData:encoding:"
155 __text:0000000101D60DDC 9F D0 11 94 BL _objc_msgSend
156 __text:0000000101D60DE0 E8 27 40 F9 LDR X8, [SP,#0x90+var_48]
157 __text:0000000101D60DE4 E0 27 00 F9 STR X0, [SP,#0x90+var_48]
158 __text:0000000101D60DE8 E0 03 08 AA MOV X0, X8
159 __text:0000000101D60DEC A7 D0 11 94 BL _objc_release
160 __text:0000000101D60DF0 BF 43 1C B8 STUR WZR, [X29,#var_3C]
161 __text:0000000101D60DF4
162 __text:0000000101D60DF4 loc_101D60DF4
163 __text:0000000101D60DF4 08 00 80 D2 MOV X8, #0
164 __text:0000000101D60DF8 E9 C3 00 91 ADD X9, SP, #0x90+var_60
165 __text:0000000101D60DFC E0 03 09 AA MOV X0, X9
166 __text:0000000101D60E00 E1 03 08 AA MOV X1, X8
167 __text:0000000101D60E04 C8 D0 11 94 BL _objc_storeStrong
168 __text:0000000101D60E08
169 __text:0000000101D60E08 loc_101D60E08
170 __text:0000000101D60E08 E0 E3 00 91 ADD X0, SP, #0x90+var_58
171 __text:0000000101D60E0C 01 00 80 D2 MOV X1, #0
172 __text:0000000101D60E10 C5 D0 11 94 BL _objc_storeStrong
173 __text:0000000101D60E14 A8 43 5C B8 LDUR W8, [X29,#var_3C]
174 __text:0000000101D60E18 88 09 00 35 CBNZ W8, loc_101D60F48
175 __text:0000000101D60E1C 01 00 00 14 B loc_101D60E20
176 __text:0000000101D60E20
177 __text:0000000101D60E20
178 __text:0000000101D60E20 loc_101D60E20
179 __text:0000000101D60E20 14 00 00 14 B loc_101D60E70
180 __text:0000000101D60E24
181 __text:0000000101D60E24
182 __text:0000000101D60E24 loc_101D60E24
183 __text:0000000101D60E24 68 85 00 D0 ADRP X8, #selRef_desDecodeDataToStr_key_length_@PAGE
184 __text:0000000101D60E28 08 C1 1F 91 ADD X8, X8, #selRef_desDecodeDataToStr_key_length_@PAGEOFF
185 __text:0000000101D60E2C E9 53 00 B0 ADRP X9, #off_1027DD1F0@PAGE
186 __text:0000000101D60E30 29 C1 07 91 ADD X9, X9, #off_1027DD1F0@PAGEOFF
187 __text:0000000101D60E34 0A 86 00 90 ADRP X10, #classRef_SmUtils@PAGE
188 __text:0000000101D60E38 4A 21 1C 91 ADD X10, X10, #classRef_SmUtils@PAGEOFF
189 __text:0000000101D60E3C 4A 01 40 F9 LDR X10, [X10]
190 __text:0000000101D60E40 A2 83 5C F8 LDUR X2, [X29,#var_38]
191 __text:0000000101D60E44 23 01 40 F9 LDR X3, [X9] ; "zaq1mko0"
192 __text:0000000101D60E48 A4 C3 9D B8 LDURSW X4, [X29,#var_24]
193 __text:0000000101D60E4C 01 01 40 F9 LDR X1, [X8] ; "desDecodeDataToStr:key:length:"
194 __text:0000000101D60E50 E0 03 0A AA MOV X0, X10 ; void *
195 __text:0000000101D60E54 81 D0 11 94 BL _objc_msgSend ; des解密
196 __text:0000000101D60E58 FD 03 1D AA MOV X29, X29
197 __text:0000000101D60E5C 9A D0 11 94 BL _objc_retainAutoreleasedReturnValue
198 __text:0000000101D60E60 E8 27 40 F9 LDR X8, [SP,#0x90+var_48]
199 __text:0000000101D60E64 E0 27 00 F9 STR X0, [SP,#0x90+var_48]
200 __text:0000000101D60E68 E0 03 08 AA MOV X0, X8
201 __text:0000000101D60E6C 87 D0 11 94 BL _objc_release
202 __text:0000000101D60E70
203 __text:0000000101D60E70 loc_101D60E70
204 __text:0000000101D60E70 E8 27 40 F9 LDR X8, [SP,#0x90+var_48]
205 __text:0000000101D60E74 C8 00 00 B5 CBNZ X8, loc_101D60E8C
206 __text:0000000101D60E78 E8 03 00 32 MOV W8, #1
207 __text:0000000101D60E7C 09 00 80 D2 MOV X9, #0
208 __text:0000000101D60E80 A9 83 1F F8 STUR X9, [X29,#var_8]
209 __text:0000000101D60E84 A8 43 1C B8 STUR W8, [X29,#var_3C]
210 __text:0000000101D60E88 30 00 00 14 B loc_101D60F48
211 __text:0000000101D60E8C
212 __text:0000000101D60E8C
213 __text:0000000101D60E8C loc_101D60E8C
214 __text:0000000101D60E8C A8 43 5D B8 LDUR W8, [X29,#var_2C]
215 __text:0000000101D60E90 1F 05 00 71 CMP W8, #1
216 __text:0000000101D60E94 21 02 00 54 B.NE loc_101D60ED8
217 __text:0000000101D60E98 68 85 00 D0 ADRP X8, #selRef_parse1_@PAGE
218 __text:0000000101D60E9C 08 E1 1F 91 ADD X8, X8, #selRef_parse1_@PAGEOFF
219 __text:0000000101D60EA0 09 86 00 90 ADRP X9, #classRef_SmCollectConfiguration@PAGE
220 __text:0000000101D60EA4 29 A1 1D 91 ADD X9, X9, #classRef_SmCollectConfiguration@PAGEOFF
221 __text:0000000101D60EA8 29 01 40 F9 LDR X9, [X9]
222 __text:0000000101D60EAC E2 27 40 F9 LDR X2, [SP,#0x90+var_48]
223 __text:0000000101D60EB0 01 01 40 F9 LDR X1, [X8] ; "parse1:"
224 __text:0000000101D60EB4 E0 03 09 AA MOV X0, X9 ; void *
225 __text:0000000101D60EB8 68 D0 11 94 BL _objc_msgSend ; +[SmCollectConfiguration parse1:]
226 __text:0000000101D60EBC FD 03 1D AA MOV X29, X29
227 __text:0000000101D60EC0 81 D0 11 94 BL _objc_retainAutoreleasedReturnValue
228 __text:0000000101D60EC4 E8 23 40 F9 LDR X8, [SP,#0x90+var_50]
229 __text:0000000101D60EC8 E0 23 00 F9 STR X0, [SP,#0x90+var_50]
230 __text:0000000101D60ECC E0 03 08 AA MOV X0, X8
231 __text:0000000101D60ED0 6E D0 11 94 BL _objc_release
232 __text:0000000101D60ED4 10 00 00 14 B loc_101D60F14
233 __text:0000000101D60ED8
234 __text:0000000101D60ED8
235 __text:0000000101D60ED8 loc_101D60ED8
236 __text:0000000101D60ED8 68 85 00 D0 ADRP X8, #selRef_parse0_@PAGE
237 __text:0000000101D60EDC 08 01 20 91 ADD X8, X8, #selRef_parse0_@PAGEOFF
238 __text:0000000101D60EE0 09 86 00 90 ADRP X9, #classRef_SmCollectConfiguration@PAGE
239 __text:0000000101D60EE4 29 A1 1D 91 ADD X9, X9, #classRef_SmCollectConfiguration@PAGEOFF
240 __text:0000000101D60EE8 29 01 40 F9 LDR X9, [X9]
241 __text:0000000101D60EEC E2 27 40 F9 LDR X2, [SP,#0x90+var_48]
242 __text:0000000101D60EF0 01 01 40 F9 LDR X1, [X8] ; "parse0:"
243 __text:0000000101D60EF4 E0 03 09 AA MOV X0, X9 ; void *
244 __text:0000000101D60EF8 58 D0 11 94 BL _objc_msgSend ; +[SmCollectConfiguration parse0:]
245 __text:0000000101D60EFC FD 03 1D AA MOV X29, X29
246 __text:0000000101D60F00 71 D0 11 94 BL _objc_retainAutoreleasedReturnValue
247 __text:0000000101D60F04 E8 23 40 F9 LDR X8, [SP,#0x90+var_50]
248 __text:0000000101D60F08 E0 23 00 F9 STR X0, [SP,#0x90+var_50]
249 __text:0000000101D60F0C E0 03 08 AA MOV X0, X8
250 __text:0000000101D60F10 5E D0 11 94 BL _objc_release
251 __text:0000000101D60F14
252 __text:0000000101D60F14 loc_101D60F14
253 __text:0000000101D60F14 E8 23 40 F9 LDR X8, [SP,#0x90+var_50]
254 __text:0000000101D60F18 C8 00 00 B5 CBNZ X8, loc_101D60F30
255 __text:0000000101D60F1C E8 03 00 32 MOV W8, #1
256 __text:0000000101D60F20 09 00 80 D2 MOV X9, #0
257 __text:0000000101D60F24 A9 83 1F F8 STUR X9, [X29,#var_8]
258 __text:0000000101D60F28 A8 43 1C B8 STUR W8, [X29,#var_3C]
259 __text:0000000101D60F2C 07 00 00 14 B loc_101D60F48
260 __text:0000000101D60F30
261 __text:0000000101D60F30
262 __text:0000000101D60F30 loc_101D60F30
263 __text:0000000101D60F30 E8 23 40 F9 LDR X8, [SP,#0x90+var_50]
264 __text:0000000101D60F34 E0 03 08 AA MOV X0, X8
265 __text:0000000101D60F38 5A D0 11 94 BL _objc_retain
266 __text:0000000101D60F3C E9 03 00 32 MOV W9, #1
267 __text:0000000101D60F40 A0 83 1F F8 STUR X0, [X29,#var_8]
268 __text:0000000101D60F44 A9 43 1C B8 STUR W9, [X29,#var_3C]
269 __text:0000000101D60F48
270 __text:0000000101D60F48 loc_101D60F48
271 __text:0000000101D60F48
272 __text:0000000101D60F48 08 00 80 D2 MOV X8, #0
273 __text:0000000101D60F4C E9 03 01 91 ADD X9, SP, #0x90+var_50
274 __text:0000000101D60F50 E0 03 09 AA MOV X0, X9
275 __text:0000000101D60F54 E1 03 08 AA MOV X1, X8
276 __text:0000000101D60F58 73 D0 11 94 BL _objc_storeStrong
277 __text:0000000101D60F5C 08 00 80 D2 MOV X8, #0
278 __text:0000000101D60F60 E9 23 01 91 ADD X9, SP, #0x90+var_48
279 __text:0000000101D60F64 E0 03 09 AA MOV X0, X9
280 __text:0000000101D60F68 E1 03 08 AA MOV X1, X8
281 __text:0000000101D60F6C 6E D0 11 94 BL _objc_storeStrong
282 __text:0000000101D60F70
283 __text:0000000101D60F70 loc_101D60F70
284 __text:0000000101D60F70 A0 E3 00 D1 SUB X0, X29, #-var_38
285 __text:0000000101D60F74 01 00 80 D2 MOV X1, #0
286 __text:0000000101D60F78 E1 03 00 F9 STR X1, [SP,#0x90+var_90]
287 __text:0000000101D60F7C 6A D0 11 94 BL _objc_storeStrong
288 __text:0000000101D60F80 A0 83 00 D1 SUB X0, X29, #-var_20
289 __text:0000000101D60F84 E1 03 40 F9 LDR X1, [SP,#0x90+var_90]
290 __text:0000000101D60F88 67 D0 11 94 BL _objc_storeStrong
291 __text:0000000101D60F8C A0 83 5F F8 LDUR X0, [X29,#var_8]
292 __text:0000000101D60F90 FD 7B 49 A9 LDP X29, X30, [SP,#0x90+var_s0]
293 __text:0000000101D60F94 FF 83 02 91 ADD SP, SP, #0xA0
294 __text:0000000101D60F98 E2 CF 11 14 B _objc_autoreleaseReturnValue
解密后风险名单数据:
{
"risk_apps":[
{
"awz":{
"pn":"/Applications/AWZ.app",
"uri":"IGG://"
}
},
{
"nzt":{
"pn":"/Applications/NZT.app",
"uri":""
}
},
{
"igvx":{
"pn":"/Applications/igvx.app",
"uri":""
}
},
{
"touchelf":{
"pn":"/Applications/TouchElf.app",
"uri":""
}
},
{
"touchsprite":{
"pn":"/Applications/TouchSprite.app",
"uri":""
}
},
{
"wujiV**":{
"pn":"/Applications/WujiV**.app",
"uri":""
}
},
{
"rst":{
"pn":"/Applications/RST.app",
"uri":""
}
},
{
"forge9":{
"pn":"/Applications/Forge9.app",
"uri":""
}
},
{
"forge":{
"pn":"/Applications/Forge.app",
"uri":""
}
},
{
"gfaker":{
"pn":"/Applications/GFaker.app",
"uri":""
}
},
{
"hdfaker":{
"pn":"/Applications/hdfakerset.app",
"uri":""
}
},
{
"r8":{
"pn":"/Applications/R8.app",
"uri":""
}
},
{
"pranava":{
"pn":"/Applications/Pranava.app",
"uri":""
}
},
{
"ig":{
"pn":"/Applications/iG.app",
"uri":""
}
},
{
"hiddenapi":{
"pn":"/Applications/HiddenApi.app",
"uri":""
}
},
{
"xgsab":{
"pn":"/Applications/Xgen.app",
"uri":""
}
},
{
"birdfaker9":{
"pn":"/Applications/BirdFaker9.app",
"uri":""
}
},
{
"V**master":{
"pn":"/Applications/V**MasterPro.app",
"uri":""
}
},
{
"guizmoV**":{
"pn":"/Applications/GuizmOV**.app",
"uri":""
}
},
{
"axj":{
"pn":"/Applications/AXJ.app",
"uri":""
}
}
],
"risk_dirs":[
{
"vts":{
"dir":"/var/touchelf/scripts/",
"type":"absolute"
}
},
{
"vmmtl":{
"dir":"/var/mobile/Media/TouchSprite/lua/",
"type":"absolute"
}
},
{
"vmlxlltp":{
"dir":"/var/mobile/Library/XXAssistant/Lua/Luas/Temp/public",
"type":"absolute"
}
},
{
"laxlltp":{
"dir":"/Library/ApplicationSupport/XXAssistant/Lua/Luas/Temp/public",
"type":"absolute"
}
},
{
"vmlxx":{
"dir":"/var/mobile/Library/XXIDEHelper/xsp/",
"type":"absolute"
}
},
{
"laxx":{
"dir":"/Library/ApplicationSupport/XXIDEHelper/xsp/",
"type":"absolute"
}
},
{
"vmlxll":{
"dir":"/var/mobile/Library/XXAssistant/Lua/LocalLuas/",
"type":"absolute"
}
},
{
"laxll":{
"dir":"/Library/ApplicationSupport/XXAssistant/Lua/LocalLuas/",
"type":"absolute"
}
},
{
"vri":{
"dir":"/var/root/igfix",
"type":"absolute"
}
},
{
"vrigf":{
"dir":"/var/root/igflag",
"type":"absolute"
}
},
{
"vrr8f":{
"dir":"/var/root/R8_fix",
"type":"absolute"
}
},
{
"vrif":{
"dir":"/var/root/igvx_fix",
"type":"absolute"
}
},
{
"vrifg":{
"dir":"/var/root/igvx_flag",
"type":"absolute"
}
},
{
"vrf9":{
"dir":"/var/root/Forge9_fix",
"type":"absolute"
}
},
{
"ubi":{
"dir":"/usr/bin/iGevo",
"type":"absolute"
}
},
{
"ubxd":{
"dir":"/usr/bin/XGenDaemon.dylib",
"type":"absolute"
}
},
{
"vmgfaker":{
"dir":"/var/mobile/GFaker",
"type":"absolute"
}
},
{
"vmnztdata":{
"dir":"/var/mobile/nztdata",
"type":"absolute"
}
},
{
"vmawzdata":{
"dir":"/var/mobile/awzdata",
"type":"absolute"
}
},
{
"vmigrimace":{
"dir":"/var/mobile/iGrimace",
"type":"absolute"
}
},
{
"vmhdfaker":{
"dir":"/var/mobile/hdFaker",
"type":"absolute"
}
},
{
"vmnztresult":{
"dir":"/var/mobile/NZTResult.plist",
"type":"absolute"
}
}
],
"s_c":"bLnUc67riNTBZs/F9Z58sowAzvjIWq3lEqCWV+kZE9ORfHoNLsD1z/CKJZYFvRvID/eSiW1XPNZ+R2WcD3WsTf2LTJ5IllJvCaX6gUnAebHd2bAPZz6gFECVcM9EYT5fwMsAy3RG7PUMJwo7nyoIOyXKTrg4lHgKFe/RtiNqnAEbHSnjlx4Fpn9fzXD9NTnW4zvoRfkZgVvo7eIgAw7Sp2Su9XSj2HJPezJxVwjPGRWDAMRqSlykWO+Mb6VgfRgZBsCQUeqTU2DhVhg7ausocizPiVd2U1I/Yb3g4GxdlKo+SXqD5wSNg2VNqVGXjB3IBdRYlH65NWRgTcxTOEunXv2LTJ5IllJvCaX6gUnAebHd2bAPZz6gFECVcM9EYT5fHlwIsYb13H9UKt5SoOc8sTt7GtdUmZdUnawqUeFoQsrtF0POX5AWjYWNgOnuzGcVMMPh/5mMW9AO1UvM0XBCDF31F3ziPHR9nW+CUlOssYy4Ang/J6YqMFcI0IxIGzd1G0VhdfSiud0S5Pmj2+3R95ImS25CHi0LV8Zslgk79YUGwJBR6pNTYOFWGDtq6yhy4clnOHjcURYwoxp23sGpQeDHKqgSy0CiHdv204icglpBUsM95aHS6V85kTXYb1zkRku6tYjoT1Bo5s7K3JFcy4oaMqtTHXTRDp0Y8Es2BJLt1YX3BnhJLnTQj8vv5CevRneJJX4FzG3RJidPWfn1/Txw2Q7Zb8gzzM5CrLhZIngTzBC+9wvFTfGcxJd8Z14qbsvX4Yvatdcj9bCiGHrw0zBTDEaFK9blFJkAlq2/Dd7cWtrVhhuMJF1Ynr9XmEXzyD36OhTfYYKWOFDR0rxDfxPMEL73C8VN8ZzEl3xnXipuy9fhi9q11yP1sKIYevDTAKO1N0krFE/231fwl/uHAtcC/TtDI1SNLf8lneZxG8pdasHXdTkhVwJZ0LoFxeBEf0K6rYpQPmnmX20sG2eKmtdModba+e6rc1qfJ0HaHmKTeHjxGlHtzUhztLSGwBpjEQxrlHZIF14pp6UCsTc7ZTqylHCKkZLIJeibrIjYKnOfUtJj6cbgWCG6V9P/2Qe1U6SkHYCy6B1PU3v9XKxexIsV1IT1w+4k3Q7hpkJNTCC9zcar9P2zJCjle5vomk+EuPOvtIcXw70zqhWoV8x61FA2/p+Z+854rgTPYpYnjsu8xYFA5GF6uknGOWA7IX4tjLRArkVbjXm2oTf34WCG6EAg1JKjbZzcMbSNLCp6IuK9YdGRlBAXcYXEYWOusfcfzmd4gFBS7ypRuQwVA4zKJATn3yMraOdkCoouBrB97ac4XZL33ZMwyHUp2yHTWM7WbiB0HqRjCWlme5ARA9YOPjnf5DT6RZIgUkJiyoewP22eDd9tFrRFijkxbNUmCMBATldTPSDi6XwTc+W7J4Xbhe5w+SttjMQdcxVC9NBSjC1cB16A3sMIoCWka9parUzz3A+UfKMyd20a0Zt+2RNtWmE//KRnmkpzYE/qB/ygeccB+ZcUltVmyBdZ56aWfaSBupq4leFfimfYbY5MuobTBLUCMYV80VPQgVgeowUln38otvlPIydmEafHSy7BeMPC+0wrYEr/EWLs3aDAdAeOy3qQQHytdtwl9kVMA8JE4GsFD07Dm4POHLUV6lQuciq2WTU90/QyuLDTyRgFJmJb7LSQwmM0UoMwkSj11S6LDGno9qwJC4ZBuUvrrdFOxMYLEmu4GLFqGrut04AeqVZXQIohWXpke0aqsLYxCYFSedfAm9rDmKsrXrQnDEuGPACs",
"sensitive.bssid":true,
"sensitive.gps":false,
"sensitive.name":true,
"sensitive.ssid":true
}
解析风险文件 并获取相关的值:
1 id __cdecl +[SmCollectConfiguration parse1:](SmCollectConfiguration_meta *self, SEL a2, id a3)
2 {
3 void *v3; // x0
4 struct objc_object *v4; // x0
5 void *v5; // x0
6 void *v6; // x0
7 void *v7; // x0
8 __int64 v8; // ST120_8
9 void *v9; // x0
10 void *v10; // x0
11 void *v11; // ST100_8
12 void *v12; // x0
13 __int64 v13; // STF8_8
14 void *v14; // STF0_8
15 void *v15; // x0
16 __int64 v16; // STE8_8
17 void *v17; // x0
18 void *v18; // x0
19 void *v19; // STC8_8
20 void *v20; // x0
21 __int64 v21; // STC0_8
22 void *v22; // x0
23 void *v23; // x0
24 void *v24; // STA0_8
25 char v25; // w0
26 void *v26; // x0
27 void *v27; // x0
28 void *v28; // ST78_8
29 void *v29; // x0
30 void *v30; // x0
31 void *v31; // x0
32 void *v32; // ST50_8
33 void *v33; // x0
34 void *v34; // x0
35 void *v35; // x0
36 void *v36; // ST28_8
37 void *v37; // x0
38 __int64 v38; // ST20_8
39 void *v39; // ST18_8
40 struct objc_object *v40; // x0
41 __int64 v41; // ST10_8
42 void *v43; // [xsp+140h] [xbp-80h]
43 void *v44; // [xsp+148h] [xbp-78h]
44 void *v45; // [xsp+150h] [xbp-70h]
45 void *v46; // [xsp+158h] [xbp-68h]
46 void *s_c; // [xsp+160h] [xbp-60h]
47 void *risk_dirs; // [xsp+168h] [xbp-58h]
48 void *risk_apps; // [xsp+170h] [xbp-50h]
49 int v50; // [xsp+17Ch] [xbp-44h]
50 void *jsonDecode; // [xsp+180h] [xbp-40h]
51 void *v52; // [xsp+188h] [xbp-38h]
52 __int64 v53; // [xsp+190h] [xbp-30h]
53 SEL v54; // [xsp+198h] [xbp-28h]
54 SmCollectConfiguration_meta *v55; // [xsp+1A0h] [xbp-20h]
55 __int64 v56; // [xsp+1A8h] [xbp-18h]
56
57 v55 = self;
58 v54 = a2;
59 v53 = 0LL;
60 objc_storeStrong(&v53, a3);
61 v3 = objc_msgSend(&OBJC_CLASS___SmCollectConfiguration, &aAlloc);
62 v52 = objc_msgSend(v3, "init");
63 v4 = +[SmUtils jsonDecode:](&OBJC_CLASS___SmUtils, "jsonDecode:", v53);
64 jsonDecode = (void *)objc_retainAutoreleasedReturnValue(v4);
65 if ( jsonDecode )
66 {
67 v5 = objc_msgSend(jsonDecode, "objectForKey:", CFSTR("risk_apps"));
68 risk_apps = (void *)objc_retainAutoreleasedReturnValue(v5);
69 if ( risk_apps )
70 {
71 v6 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
72 if ( (unsigned __int64)objc_msgSend(risk_apps, "isKindOfClass:", v6) & 1 )
73 {
74 v7 = objc_msgSend(v55, "parseRiskApps1:", risk_apps);
75 v8 = objc_retainAutoreleasedReturnValue(v7);
76 objc_msgSend(v52, "setRiskApps:", v8);
77 objc_release(v8);
78 }
79 }
80 objc_storeStrong(&risk_apps, 0LL);
81 v9 = objc_msgSend(jsonDecode, "objectForKey:", CFSTR("risk_dirs"));
82 risk_dirs = (void *)objc_retainAutoreleasedReturnValue(v9);
83 if ( risk_dirs )
84 {
85 v10 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
86 if ( (unsigned __int64)objc_msgSend(risk_dirs, "isKindOfClass:", v10) & 1 )
87 {
88 v11 = v52;
89 v12 = objc_msgSend(v55, "parseRiskDirs1:", risk_dirs);
90 v13 = objc_retainAutoreleasedReturnValue(v12);
91 objc_msgSend(v11, "setRiskDirs:", v13);
92 objc_release(v13);
93 }
94 }
95 objc_storeStrong(&risk_dirs, 0LL);
96 v14 = v52;
97 v15 = objc_msgSend(v55, "parseSensitive1:", jsonDecode);
98 v16 = objc_retainAutoreleasedReturnValue(v15);
99 objc_msgSend(v14, "setSensitives:", v16);
100 objc_release(v16);
101 v17 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("s_c"));
102 s_c = (void *)objc_retainAutoreleasedReturnValue(v17);
103 if ( s_c )
104 {
105 v18 = objc_msgSend(&OBJC_CLASS___NSString, &aClass_4);
106 if ( (unsigned __int64)objc_msgSend(s_c, "isKindOfClass:", v18) & 1 )
107 {
108 v19 = v52;
109 v20 = objc_msgSend(v55, "parseSyscallCodes1:", s_c);
110 v21 = objc_retainAutoreleasedReturnValue(v20);
111 objc_msgSend(v19, "setSyscallCodes:", v21);
112 objc_release(v21);
113 }
114 }
115 objc_storeStrong(&s_c, 0LL);
116 v22 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("upload_checker_switch"));
117 v46 = (void *)objc_retainAutoreleasedReturnValue(v22);
118 if ( v46 )
119 {
120 v23 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
121 if ( (unsigned __int64)objc_msgSend(v46, "isKindOfClass:", v23) & 1 )
122 {
123 v24 = v52;
124 v25 = (unsigned __int64)objc_msgSend(v46, &aBoolvalue);
125 objc_msgSend(v24, "setUploadCheckerSwitch:", v25 & 1);
126 }
127 }
128 objc_storeStrong(&v46, 0LL);
129 v26 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor_times"));
130 v45 = (void *)objc_retainAutoreleasedReturnValue(v26);
131 if ( v45 )
132 {
133 v27 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
134 if ( (unsigned __int64)objc_msgSend(v45, "isKindOfClass:", v27) & 1 )
135 {
136 v28 = v52;
137 v29 = objc_msgSend(v45, (const char *)&unk_195EE18E6);
138 objc_msgSend(v28, "setSensorTimes:", v29);
139 }
140 }
141 objc_storeStrong(&v45, 0LL);
142 v30 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor_interval"));
143 v44 = (void *)objc_retainAutoreleasedReturnValue(v30);
144 if ( v44 )
145 {
146 v31 = objc_msgSend(&OBJC_CLASS___NSNumber, &aClass_4);
147 if ( (unsigned __int64)objc_msgSend(v44, "isKindOfClass:", v31) & 1 )
148 {
149 v32 = v52;
150 v33 = objc_msgSend(v44, (const char *)&unk_195EE18E6);
151 objc_msgSend(v32, "setSensorInterval:", v33);
152 }
153 }
154 objc_storeStrong(&v44, 0LL);
155 v34 = objc_msgSend(jsonDecode, &aObjectforkeyed, CFSTR("sensor"));
156 v43 = (void *)objc_retainAutoreleasedReturnValue(v34);
157 if ( v43 )
158 {
159 v35 = objc_msgSend(&OBJC_CLASS___NSArray, &aClass_4);
160 if ( (unsigned __int64)objc_msgSend(v43, "isKindOfClass:", v35) & 1 )
161 {
162 v36 = v52;
163 v37 = objc_msgSend(v55, "parseSensorConfig:", v43);
164 v38 = objc_retainAutoreleasedReturnValue(v37);
165 objc_msgSend(v36, "setSensorConfigs:", v38);
166 objc_release(v38);
167 }
168 }
169 objc_storeStrong(&v43, 0LL);
170 objc_msgSend(v52, &aSetcontent, v53);
171 v39 = v52;
172 v40 = +[SmUtils md5EncodeStr:](&OBJC_CLASS___SmUtils, "md5EncodeStr:", v53);
173 v41 = objc_retainAutoreleasedReturnValue(v40);
174 objc_msgSend(v39, (const char *)&unk_1A0F6E4CD, v41);
175 objc_release(v41);
176 v56 = objc_retain(v52);
177 v50 = 1;
178 }
179 else
180 {
181 v56 = 0LL;
182 v50 = 1;
183 }
184 objc_storeStrong(&jsonDecode, 0LL);
185 objc_storeStrong(&v52, 0LL);
186 objc_storeStrong(&v53, 0LL);
187 return (id)objc_autoreleaseReturnValue(v56);
188 }
解密上面的s_c数据:
1 //baes64+aes解密
2 id __cdecl +[SmCollectConfiguration parseSyscallCodes1:](SmCollectConfiguration_meta *self, SEL a2, id a3)
3 {
4 NSMutableDictionary *v3; // x0
5 struct objc_object *v4; // x0
6 struct objc_object *v5; // x0
7 void *v6; // x0
8 void *v7; // STD0_8
9 void *v8; // x0
10 void *v9; // x0
11 void *v10; // x0
12 void *v11; // ST78_8
13 void *v12; // x0
14 void *v13; // x0
15 void *v14; // x0
16 void *v15; // ST68_8
17 void *v16; // x0
18 void *v17; // x0
19 void *v18; // ST58_8
20 void *v19; // x0
21 void *v20; // x0
22 void *v21; // ST48_8
23 void *v22; // x0
24 SmSyscallCode *v23; // x0
25 id result; // x0
26 __int64 v25; // [xsp+80h] [xbp-2D0h]
27 void *v26; // [xsp+90h] [xbp-2C0h]
28 __int64 v27; // [xsp+98h] [xbp-2B8h]
29 __int64 v28; // [xsp+A8h] [xbp-2A8h]
30 void *v29; // [xsp+B0h] [xbp-2A0h]
31 void *v30; // [xsp+B8h] [xbp-298h]
32 __int64 v31; // [xsp+D8h] [xbp-278h]
33 void *v32; // [xsp+E8h] [xbp-268h]
34 __int64 v33; // [xsp+F0h] [xbp-260h]
35 __int64 v34; // [xsp+100h] [xbp-250h]
36 void *v35; // [xsp+108h] [xbp-248h]
37 void *v36; // [xsp+110h] [xbp-240h]
38 void *v37; // [xsp+130h] [xbp-220h]
39 void *v38; // [xsp+138h] [xbp-218h]
40 void *v39; // [xsp+140h] [xbp-210h]
41 void *v40; // [xsp+148h] [xbp-208h]
42 void *v41; // [xsp+150h] [xbp-200h]
43 void *v42; // [xsp+158h] [xbp-1F8h]
44 char v43; // [xsp+160h] [xbp-1F0h]
45 __int64 v44; // [xsp+168h] [xbp-1E8h]
46 __int64 *v45; // [xsp+170h] [xbp-1E0h]
47 __int64 v46; // [xsp+1A0h] [xbp-1B0h]
48 void *v47; // [xsp+1A8h] [xbp-1A8h]
49 char v48; // [xsp+1B0h] [xbp-1A0h]
50 __int64 v49; // [xsp+1B8h] [xbp-198h]
51 __int64 *v50; // [xsp+1C0h] [xbp-190h]
52 void *v51; // [xsp+1F0h] [xbp-160h]
53 void *v52; // [xsp+1F8h] [xbp-158h]
54 __int64 v53; // [xsp+200h] [xbp-150h]
55 int v54; // [xsp+20Ch] [xbp-144h]
56 void *v55; // [xsp+210h] [xbp-140h]
57 __int64 v56; // [xsp+218h] [xbp-138h]
58 SEL v57; // [xsp+220h] [xbp-130h]
59 SmCollectConfiguration_meta *v58; // [xsp+228h] [xbp-128h]
60 __int64 v59; // [xsp+230h] [xbp-120h]
61 char v60; // [xsp+238h] [xbp-118h]
62 char v61; // [xsp+2B8h] [xbp-98h]
63 __int64 v62; // [xsp+338h] [xbp-18h]
64
65 v62 = 2133820963558129745LL;
66 v58 = self;
67 v57 = a2;
68 v56 = 0LL;
69 objc_storeStrong(&v56, a3);
70 v3 = sub_18DFAAFC4(&OBJC_CLASS___NSMutableDictionary, "alloc");
71 v55 = objc_msgSend(v3, "init");
72 if ( !v56 )
73 {
74 v59 = objc_retain(v55);
75 v54 = 1;
76 LABEL_46:
77 objc_storeStrong(&v55, 0LL);
78 objc_storeStrong(&v56, 0LL);
79 return (id)objc_autoreleaseReturnValue(v59);
80 }
81 v4 = +[SmUtils aes256DecryptStr:key:](&OBJC_CLASS___SmUtils, "aes256DecryptStr:key:", v56, CFSTR("smsckey"));
82 v53 = objc_retainAutoreleasedReturnValue(v4);
83 if ( (unsigned __int64)+[SmStrUtils empty:](&OBJC_CLASS___SmStrUtils, "empty:", v53) & 1 )
84 {
85 v59 = objc_retain(v55);
86 v54 = 1;
87 LABEL_45:
88 objc_storeStrong(&v53, 0LL);
89 goto LABEL_46;
90 }
91 v5 = +[SmUtils jsonDecode:](&OBJC_CLASS___SmUtils, "jsonDecode:", v53);
92 v52 = (void *)objc_retainAutoreleasedReturnValue(v5);
93 if ( !v52 )
94 {
95 v59 = objc_retain(v55);
96 v54 = 1;
97 LABEL_44:
98 objc_storeStrong(&v52, 0LL);
99 goto LABEL_45;
100 }
101 v6 = nullsub_1421(&OBJC_CLASS___NSArray, "class");
102 if ( !((unsigned __int64)objc_msgSend(v52, "isKindOfClass:", v6) & 1) )
103 {
104 v59 = objc_retain(v55);
105 v54 = 1;
106 goto LABEL_44;
107 }
108 memset(&v48, 0, 0x40uLL);
109 v36 = (void *)objc_retain(v52);
110 v35 = objc_msgSend(v36, "countByEnumeratingWithState:objects:count:", &v48, &v61, 16LL);
111 if ( !v35 )
112 {
113 LABEL_43:
114 objc_release(v36);
115 v59 = objc_retain(v55);
116 v54 = 1;
117 goto LABEL_44;
118 }
119 v34 = *v50;
120 v33 = 0LL;
121 v32 = v35;
122 while ( 1 )
123 {
124 v31 = v33;
125 if ( *v50 != v34 )
126 objc_enumerationMutation(v36);
127 v51 = *(void **)(v49 + 8 * v33);
128 if ( !v51 )
129 goto LABEL_41;
130 v7 = v51;
131 v8 = nullsub_1421(&OBJC_CLASS___NSDictionary, "class");
132 if ( !((unsigned __int64)objc_msgSend(v7, "isKindOfClass:", v8) & 1) )
133 goto LABEL_41;
134 v47 = (void *)objc_retain(v51);
135 memset(&v43, 0, 0x40uLL);
136 v9 = objc_msgSend(v47, "allKeys");
137 v30 = (void *)objc_retainAutoreleasedReturnValue(v9);
138 v29 = objc_msgSend(v30, "countByEnumeratingWithState:objects:count:", &v43, &v60, 16LL);
139 if ( v29 )
140 break;
141 LABEL_40:
142 objc_release(v30);
143 objc_storeStrong(&v47, 0LL);
144 LABEL_41:
145 ++v33;
146 if ( v31 + 1 >= (unsigned __int64)v32 )
147 {
148 v32 = objc_msgSend(v36, "countByEnumeratingWithState:objects:count:", &v48, &v61, 16LL);
149 v33 = 0LL;
150 if ( !v32 )
151 goto LABEL_43;
152 }
153 }
154 v28 = *v45;
155 v27 = 0LL;
156 v26 = v29;
157 while ( 1 )
158 {
159 v25 = v27;
160 if ( *v45 != v28 )
161 objc_enumerationMutation(v30);
162 v46 = *(_QWORD *)(v44 + 8 * v27);
163 v10 = objc_msgSend(v47, "objectForKeyedSubscript:", v46);
164 v42 = (void *)objc_retainAutoreleasedReturnValue(v10);
165 if ( v42
166 && (v11 = v42,
167 v12 = nullsub_1421(&OBJC_CLASS___NSDictionary, "class"),
168 (unsigned __int64)objc_msgSend(v11, "isKindOfClass:", v12) & 1) )
169 {
170 v13 = (void *)objc_retain(v42);
171 v41 = v13;
172 v14 = objc_msgSend(v13, "objectForKeyedSubscript:", CFSTR("clazz"));
173 v40 = (void *)objc_retainAutoreleasedReturnValue(v14);
174 if ( v40
175 && (v15 = v40,
176 v16 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
177 (unsigned __int64)objc_msgSend(v15, "isKindOfClass:", v16) & 1) )
178 {
179 v17 = objc_msgSend(v41, "objectForKeyedSubscript:", CFSTR("method"));
180 v39 = (void *)objc_retainAutoreleasedReturnValue(v17);
181 if ( v39
182 && (v18 = v39,
183 v19 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
184 (unsigned __int64)objc_msgSend(v18, "isKindOfClass:", v19) & 1) )
185 {
186 v20 = objc_msgSend(v41, "objectForKeyedSubscript:", CFSTR("type"));
187 v38 = (void *)objc_retainAutoreleasedReturnValue(v20);
188 if ( v38
189 && (v21 = v38,
190 v22 = nullsub_1421(&OBJC_CLASS___NSString, "class"),
191 (unsigned __int64)objc_msgSend(v21, "isKindOfClass:", v22) & 1) )
192 {
193 v23 = sub_18DFAAFC4(&OBJC_CLASS___SmSyscallCode, "alloc");
194 v37 = -[SmSyscallCode init](v23, "init");
195 objc_msgSend(v37, "setKey:", v46);
196 objc_msgSend(v37, "setClazz:", v40);
197 objc_msgSend(v37, (const char *)&unk_1A77FDCF6, v39);
198 objc_msgSend(v37, (const char *)&unk_195EE7F2A, v38);
199 objc_msgSend(v55, (const char *)&unk_195EDFD34, v37, v46);
200 objc_storeStrong(&v37, 0LL);
201 v54 = 0;
202 }
203 else
204 {
205 v54 = 5;
206 }
207 objc_storeStrong(&v38, 0LL);
208 }
209 else
210 {
211 v54 = 5;
212 }
213 objc_storeStrong(&v39, 0LL);
214 }
215 else
216 {
217 v54 = 5;
218 }
219 objc_storeStrong(&v40, 0LL);
220 objc_storeStrong(&v41, 0LL);
221 }
222 else
223 {
224 v54 = 5;
225 }
226 result = (id)objc_storeStrong(&v42, 0LL);
227 if ( v54 )
228 {
229 if ( v54 != 5 )
230 return result;
231 }
232 ++v27;
233 if ( v25 + 1 >= (unsigned __int64)v26 )
234 {
235 v26 = objc_msgSend(v30, "countByEnumeratingWithState:objects:count:", &v43, &v60, 16LL);
236 v27 = 0LL;
237 if ( !v26 )
238 goto LABEL_40;
239 }
240 }
241 }
解密后内容:
smsckey
[
{
"name":{
"clazz":"UIDevice",
"method":"name",
"type":"oc"
},
"model":{
"clazz":"UIDevice",
"method":"model",
"type":"oc"
},
"platform":{
"clazz":"UIDevice",
"method":"platform",
"type":"oc"
},
"hwmodel":{
"clazz":"UIDevice",
"method":"hwmodel",
"type":"oc"
},
"systemVersion":{
"clazz":"UIDevice",
"method":"systemVersion",
"type":"oc"
},
"localizedModel":{
"clazz":"UIDevice",
"method":"localizedModel",
"type":"oc"
},
"identifierForVendor":{
"clazz":"UIDevice",
"method":"identifierForVendor",
"type":"oc"
},
"carrierName":{
"clazz":"CTCarrier",
"method":"carrierName",
"type":"oc"
},
"isoCountryCode":{
"clazz":"CTCarrier",
"method":"isoCountryCode",
"type":"oc"
},
"mobileCountryCode":{
"clazz":"CTCarrier",
"method":"mobileCountryCode",
"type":"oc"
},
"mobileNetworkCode":{
"clazz":"CTCarrier",
"method":"mobileNetworkCode",
"type":"oc"
},
"isReachableViaWiFi":{
"clazz":"Reachability",
"method":"isReachableViaWiFi",
"type":"oc"
},
"isReachableViaWWANP":{
"clazz":"Reachability",
"method":"isReachableViaWWANP",
"type":"oc"
},
"reachabilityForInternetConnection":{
"clazz":"Reachability",
"method":"reachabilityForInternetConnection",
"type":"oc"
},
"currentRadioAccessTechnology":{
"clazz":"CTTelephonyNetworkInfo",
"method":"currentRadioAccessTechnology",
"type":"oc"
},
"value":{
"clazz":"OpenUDID",
"method":"value",
"type":"oc"
},
"valueWithError":{
"clazz":"OpenUDID",
"method":"valueWithError",
"type":"oc"
}
}
]
最终获取到的手机风险环境信息组合如下:
{
"width": 375,
"sysaddrs": "8|0x18e50a390|0x18e509504|0x18e50a554|0x18e50a504|0x18e50954c|0x18e524680|0x18e44c210|0x18e5e3780",
"sysname": "Darwin",
"appname": "comkuaikancomic",
"apputm": "Kuaikan",
"languages": ["zh-Hans-CN"],
"carrier": "-NVT",
"osver": "1011",
"cost": "8450,42,139539",
"lstat": [1, 0],
"is_V**": "false",
"rmCode": "8|0x18e4883bc|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd10243ff",
"lfrom": "gen",
"orientation": "-0012383,0000852,-0999923",
"s_c": {
"mobileNetworkCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f71718|0x901086a8|0xb9886508|0xf8686800|0xd65f03c0|0x901086a8|0xb9886503|0x1400fd0c|0x901086a8|0xb9886908|0xf8686800",
"saddr": "0x191f71718"
},
"reachabilityForInternetConnection": {
"fname": "\/usr\/lib\/libobjcAdylib",
"fbase": "0x18df88000",
"sname": "_objc_msgForward",
"opcode": "8|0x18dfa33c0|0xd0133331|0xf940ca31|0xd61f0220|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0x17fffed0|0xd503201f",
"saddr": "0x18dfa33c0"
},
"isoCountryCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f71734|0x901086a8|0xb9886908|0xf8686800|0xd65f03c0|0x901086a8|0xb9886903|0x1400fd05|0x901086a8|0xb9886d08|0x38686800",
"saddr": "0x191f71734"
},
"isReachableViaWWANP": {
"fname": "\/usr\/lib\/libobjcAdylib",
"fbase": "0x18df88000",
"sname": "_objc_msgForward",
"opcode": "8|0x18dfa33c0|0xd0133331|0xf940ca31|0xd61f0220|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0xd503201f|0x17fffed0|0xd503201f",
"saddr": "0x18dfa33c0"
},
"hwmodel": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"fbase": "0x100064000",
"sname": "_ZN4base8internal9BindStateIMN3net24QuicQcloudSessionFactoryEFV**S3_3JobEiEJNS0_17UnretainedWrapperIS3_EES5_EE7DestroyEPKNS0_13BindStateBaseE",
"opcode": "8|0x1020abdb8|0x900066e8|0xf9422101|0xb0001fa2|0x91056c42|0x1402c4a4|0xd100c3ff|0xa9027bfd|0x910083fd|0xd00031e8|0xf9473d08",
"saddr": "0x1016e9cac"
},
"localizedModel": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f140|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ed588|0xf9423d01|0xb00cc0c2|0x910c0042|0x961ccf71|0xaa1d03fd|0x961cecca",
"saddr": "0x19586f140"
},
"isReachableViaWiFi": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"opcode": "8|0x100f7e2d4|0xd10083ff|0xa9017bfd|0x910043fd|0xb81fc3bf|0xf000efe8|0xf9425901|0x94477b5b|0xd10013a1|0x9447724d|0x340000c0",
"fbase": "0x100064000"
},
"carrierName": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f716e0|0x901086a8|0xb9885d08|0xf8686800|0xd65f03c0|0x901086a8|0xb9885d03|0x1400fd1a|0x901086a8|0xb9886108|0xf8686800",
"saddr": "0x191f716e0"
},
"platform": {
"fname": "\/var\/containers\/Bundle\/Application\/CB8831A1-1606-4DCC-AD3B-3C34AD1D1308\/Kuaikanapp\/Kuaikan",
"fbase": "0x100064000",
"sname": "_ZN4base8internal9BindStateIMN3net24QuicQcloudSessionFactoryEFV**S3_3JobEiEJNS0_17UnretainedWrapperIS3_EES5_EE7DestroyEPKNS0_13BindStateBaseE",
"opcode": "8|0x1020abd48|0x900066e8|0xf9422101|0xb0001fa2|0x91059042|0x1402c4c0|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd0006648|0xf9453101",
"saddr": "0x1016e9cac"
},
"identifierForVendor": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f288|0xa9be4ff4|0xa9017bfd|0x910043fd|0xd00ed688|0xf9467500|0xb00ed4c8|0xf9420d01|0x961ccf1f|0xaa1d03fd|0x961cec78",
"saddr": "0x19586f288"
},
"mobileCountryCode": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f716fc|0x901086a8|0xb9886108|0xf8686800|0xd65f03c0|0x901086a8|0xb9886103|0x1400fd13|0x901086a8|0xb9886508|0xf8686800",
"saddr": "0x191f716fc"
},
"systemVersion": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x1955247f0|0xa9be4ff4|0xa9017bfd|0x910043fd|0xf00eefc8|0xf9423d01|0x900cdb22|0x910e8042|0x9629f9c5|0xaa1d03fd|0x962a171e",
"saddr": "0x1955247f0"
},
"currentRadioAccessTechnology": {
"fname": "\/System\/Library\/Frameworks\/CoreTelephonyframework\/CoreTelephony",
"fbase": "0x191f3f000",
"sname": "<redacted>",
"opcode": "8|0x191f730a8|0xd0108688|0xf942b901|0x1700bf9c|0xd0108688|0xf942c101|0x1700bf99|0xa9be4ff4|0xa9017bfd|0x910043fd|0xaa0003f3",
"saddr": "0x191f730a8"
},
"value": {
"error": "1"
},
"valueWithError": {
"error": "1"
},
"model": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19560b734|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ee8a8|0xf9423d01|0xb00cd3e2|0x910c0042|0x96265df4|0xaa1d03fd|0x96267b4d",
"saddr": "0x19560b734"
},
"name": {
"fname": "\/System\/Library\/Frameworks\/UIKitframework\/UIKit",
"fbase": "0x1953a1000",
"sname": "<redacted>",
"opcode": "8|0x19586f0e4|0xa9be4ff4|0xa9017bfd|0x910043fd|0x900ed588|0xf9423d01|0xb00cc0c2|0x910b8042|0x961ccf88|0xaa1d03fd|0x961cece1",
"saddr": "0x19586f0e4"
}
},
"networkType": "WIFI",
"riskapp": {},
"first": "false",
"appId": "",
"totalSpace": 12075954176,
"stCode": "8|0x18e50a390|0xd2802a50|0xd4001001|0x540000c3|0xa9bf7bfd",
"freeSpace": 9338871808,
"rtype": "all",
"name": "iPhone",
"scaledDensity": 2,
"root": "true",
"model": "iPhone7,2",
"smid": "20190528104716e43647ec3ea6fdd0b1100ebd52ea1e4c018be30066d3xxxx",
"battery": 1,
"height": 667,
"sdkver": "250",
"idfa": "56076342-6AA8-4EF3-A3B3-FF0E2C6EEAEF",
"acCode": "8|0x18e50a734|0xd2800430|0xd4001001|0x540000c3|0xa9bf7bfd",
"idfv": "DFF15047-2F42-4612-8BE2-8D0B248248D8",
"bssid": "c4:b8:b4:23:cd:c0",
"os": "ios",
"t": 1559043750046,
"appver": "28084",
"boot": 1559009953157,
"ssid": "Reyun",
"dns": ["114114114114"],
"riskdir": {},
"track": "true",
"smseq": "1",
"memory": 1037041664,
"brightness": 03940821886062622
}
加密上传服务器(加密函数和上面加密函数一样),到这里整个流程应当完了。
1.SDK主要从硬件软件两方面来获取设备数据,分两步完成,唯一ID的生成与风险环境的上报。