iOS逆向 非群主@所有人
2024-05-14 23:03:00
iOS 逆向开发交流群
微信中只有群主才有@所有人的权限,下面用iOS逆向实现一下非群主@所有人的功能。
1、Makefile文件代码如下:
THEOS_DEVICE_IP = 192.123.10.123
TARGET = iphone:latest:8.0
ARCHS = armv7 arm64include theos/makefiles/common.mkTWEAK_NAME = weichatselectall
weichatselectall_FILES = Tweak.xm
weichatselectall_FRAMEWORKS = UIKit CoreFoundation Foundation CoreGraphics QuartzCore Securityinclude $(THEOS_MAKE_PATH)/tweak.mkafter-install::install.exec "killall -9 WeChat"
2、Tweak.xm 代码如下:
#import <UIKit/UIKit.h>
#import "WeChatRedEnvelop.h"
#import <Foundation/Foundation.h>%hook NewMainFrameViewController- (void)viewDidLoad
{%orig;UIButton *transparentButton = [UIButton buttonWithType:UIButtonTypeCustom];transparentButton.frame = CGRectMake(0, 64, 44, 44);transparentButton.layer.cornerRadius = 8;transparentButton.clipsToBounds = YES;transparentButton.backgroundColor = [UIColor blueColor];[transparentButton addTarget:self action:@selector(clickImage) forControlEvents:UIControlEventTouchUpInside];[((UIViewController *)self).view addSubview:transparentButton];
}%new
- (void)clickImage
{UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"请输入文本" message:@"" delegate:self cancelButtonTitle:@"取消" otherButtonTitles:@"确定",nil];[alert setAlertViewStyle:UIAlertViewStylePlainTextInput];[alert show];
}%new
- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex
{if(buttonIndex == 1) {UITextField *field = [alertView textFieldAtIndex:0];NSLog(@"txt ==== %@",field.text);NSString *path = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES).lastObject;NSString *plistPath = [path stringByAppendingPathComponent:@"data.plist"];NSMutableArray *roomArray = [NSMutableArray arrayWithContentsOfFile:plistPath];NSLog(@"roomArray ===== %@",roomArray);CMessageMgr *messager = [[objc_getClass("MMServiceCenter") defaultCenter] getService:[objc_getClass("CMessageMgr") class]];CMessageWrap *wrap = [[%c(CMessageWrap) alloc] initWithMsgType:1];for(NSString *roomID in roomArray) {NSLog(@"顺序测试-----%@",roomID);NSTimeInterval time = [[NSDate date] timeIntervalSince1970];long long int date = (long long int)time;NSString *name =[%c(SettingUtil) getLocalUsrName:0];wrap.m_nsFromUsr = name;wrap.m_nsContent = [NSString stringWithFormat:@"#所有人 %@",field.text];wrap.m_nsToUsr = roomID;wrap.m_uiCreateTime = date;wrap.m_uiStatus = 1;wrap.m_nsMsgSource = nil;[messager AddMsg:roomID MsgWrap:wrap];}}
}%end%hook CMessageMgr- (void)AsyncOnAddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap{NSLog(@"接收到消息%@",wrap);NSString *fromUser = wrap.m_nsFromUsr ;if ([fromUser hasSuffix:@"@chatroom"]) {NSLog(@"chatroom found");NSString *path = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES).lastObject;NSString *plistPath = [path stringByAppendingPathComponent:@"data.plist"];NSMutableArray *arrayM = [NSMutableArray array];NSArray *storArray = [NSArray arrayWithContentsOfFile:plistPath];[arrayM addObjectsFromArray:storArray];if (![arrayM containsObject:fromUser]){[arrayM addObject:fromUser];NSLog(@"存储数据");NSLog(@"arrayM ==== %@",arrayM);[arrayM writeToFile:plistPath atomically:YES];}}%orig;
}- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap
{NSLog(@"time ===%ld",(unsigned long)wrap.m_uiCreateTime);int type = wrap.m_uiMessageType;NSString *knFromUser = wrap.m_nsFromUsr;NSString *knToUsr = wrap.m_nsToUsr;NSString *knContent = wrap.m_nsContent;NSString *knSource = wrap.m_nsMsgSource;NSString *message = [NSString stringWithFormat:@"type=%d--knFromUser=%@--knToUsr=%@--knContent=%@--knSource=%@",type,knFromUser,knToUsr,knContent,knSource];CContactMgr *contactManager = [[objc_getClass("MMServiceCenter") defaultCenter] getService:[objc_getClass("CContactMgr") class]];CContact *selfContact = [contactManager getSelfContact];NSLog(@"message ======= %@",message);if (type == 1) {if ([knFromUser isEqualToString:selfContact.m_nsUsrName]) {if ([knToUsr hasSuffix:@"@chatroom"]) {NSLog(@"selfContact ==== %@",selfContact);if( knSource == nil){NSString *aaa = [selfContact.m_nsUsrName stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];NSLog(@"length=%lu,%@",(unsigned long)aaa.length,aaa);NSArray *result = (NSArray *)[objc_getClass("CContact") getChatRoomMemberWithoutMyself:knToUsr];if ([knContent hasPrefix:@"#所有人"]){ // 前缀要求NSString *subStr = [knContent substringFromIndex:4];NSMutableString *string = [NSMutableString string];[result enumerateObjectsUsingBlock:^(CContact *obj, NSUInteger idx, BOOL * _Nonnull stop) {[string appendFormat:@",%@",obj.m_nsUsrName];}];NSString *sourceString = [string substringFromIndex:1];wrap.m_uiStatus = 3;wrap.m_nsContent = subStr;wrap.m_nsMsgSource = [NSString stringWithFormat:@"<msgsource><atuserlist>%@</atuserlist></msgsource>",sourceString];int type2 = wrap.m_uiMessageType;NSString *knFromUser2 = wrap.m_nsFromUsr;NSString *knToUsr2 = wrap.m_nsToUsr;NSString *knContent2 = wrap.m_nsContent;NSString *knSource2 = wrap.m_nsMsgSource;NSString *message2 = [NSString stringWithFormat:@"type=%d--knFromUser=%@--knToUsr=%@--knContent=%@--knSource=%@",type2,knFromUser2,knToUsr2,knContent2,knSource2];NSLog(@"message2 ======= %@",message2);}}}}}NSLog(@"wrap ===== %@,=====%@",wrap.m_nsContent,wrap);%orig;// NSString *userName = wrap.m_nsUsrName;}%end3、WeChatRedEnvelop.h 代码如下:
#pragma mark - Util@interface WCBizUtil : NSObject+ (id)dictionaryWithDecodedComponets:(id)arg1 separator:(id)arg2;@end@interface SKBuiltinBuffer_t : NSObject@property(retain, nonatomic) NSData *buffer; // @dynamic buffer;@end#pragma mark - Message@interface WCPayInfoItem: NSObject@property(retain, nonatomic) NSString *m_c2cNativeUrl;@end@interface CMessageWrap : NSObject@property (retain, nonatomic) WCPayInfoItem *m_oWCPayInfoItem;
@property (assign, nonatomic) NSUInteger m_uiMesLocalID;
@property (retain, nonatomic) NSString* m_nsFromUsr; ///< 发信人,可能是群或个人
@property (retain, nonatomic) NSString* m_nsToUsr; ///< 收信人
@property (assign, nonatomic) NSUInteger m_uiStatus;
@property (retain, nonatomic) NSString* m_nsContent; ///< 消息内容
@property (retain, nonatomic) NSString* m_nsRealChatUsr; ///< 群消息的发信人,具体是群里的哪个人
@property (assign, nonatomic) NSUInteger m_uiMessageType;
@property (assign, nonatomic) long long m_n64MesSvrID;
@property (assign, nonatomic) NSUInteger m_uiCreateTime;
@property (retain, nonatomic) NSString *m_nsDesc;
@property (retain, nonatomic) NSString *m_nsAppExtInfo;
@property (assign, nonatomic) NSUInteger m_uiAppDataSize;
@property (assign, nonatomic) NSUInteger m_uiAppMsgInnerType;
@property (retain, nonatomic) NSString *m_nsShareOpenUrl;
@property (retain, nonatomic) NSString *m_nsShareOriginUrl;
@property (retain, nonatomic) NSString *m_nsJsAppId;
@property (retain, nonatomic) NSString *m_nsPrePublishId;
@property (retain, nonatomic) NSString *m_nsAppID;
@property (retain, nonatomic) NSString *m_nsAppName;
@property (retain, nonatomic) NSString *m_nsThumbUrl;
@property (retain, nonatomic) NSString *m_nsAppMediaUrl;
@property (retain, nonatomic) NSData *m_dtThumbnail;
@property (retain, nonatomic) NSString *m_nsTitle;
@property (retain, nonatomic) NSString *m_nsMsgSource;- (id)initWithMsgType:(long long)arg1;
+ (_Bool)isSenderFromMsgWrap:(id)arg1;//- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
//- (void)AsyncOnAddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;@end@interface CMessageMgr : NSObject- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;- (void)AddLocalMsg:(id)arg1 MsgWrap:(id)arg2 fixTime:(_Bool)arg3 NewMsgArriveNotify:(_Bool)arg4;@end@interface MMServiceCenter : NSObject+ (instancetype)defaultCenter;
- (id)getService:(Class)service;@end@interface MMLanguageMgr: NSObject- (id)getStringForCurLanguage:(id)arg1 defaultTo:(id)arg2;@end#pragma mark - RedEnvelop@interface WCRedEnvelopesControlData : NSObject@property(retain, nonatomic) CMessageWrap *m_oSelectedMessageWrap;@end@interface WCRedEnvelopesLogicMgr: NSObject- (void)OpenRedEnvelopesRequest:(id)params;
- (void)ReceiverQueryRedEnvelopesRequest:(id)arg1;
- (void)GetHongbaoBusinessRequest:(id)arg1 CMDID:(unsigned int)arg2 OutputType:(unsigned int)arg3;/** Added Methods */
- (unsigned int)calculateDelaySeconds;@end@interface HongBaoRes : NSObject@property(retain, nonatomic) SKBuiltinBuffer_t *retText; // @dynamic retText;
@property(nonatomic) int cgiCmdid; // @dynamic cgiCmdid;@end@interface HongBaoReq : NSObject@property(retain, nonatomic) SKBuiltinBuffer_t *reqText; // @dynamic reqText;@end#pragma mark - Contact@interface CContact: NSObject <NSCoding>@property(retain, nonatomic) NSString *m_nsUsrName;
@property(retain, nonatomic) NSString *m_nsHeadImgUrl;
@property(retain, nonatomic) NSString *m_nsNickName;- (id)getContactDisplayName;+ (id)getChatRoomMemberWithoutMyself:(id)arg1;@end@interface CContactMgr : NSObject- (id)getSelfContact;
- (id)getContactByName:(id)arg1;
- (id)getContactForSearchByName:(id)arg1;
- (_Bool)getContactsFromServer:(id)arg1;
- (_Bool)isInContactList:(id)arg1;
- (_Bool)addLocalContact:(id)arg1 listType:(unsigned int)arg2;@end#pragma mark - QRCode@interface ScanQRCodeLogicController: NSObject@property(nonatomic) unsigned int fromScene;
- (id)initWithViewController:(id)arg1 CodeType:(int)arg2;
- (void)tryScanOnePicture:(id)arg1;
- (void)doScanQRCode:(id)arg1;
- (void)showScanResult;@end@interface NewQRCodeScanner: NSObject- (id)initWithDelegate:(id)arg1 CodeType:(int)arg2;
- (void)notifyResult:(id)arg1 type:(id)arg2 version:(int)arg3;@end#pragma mark - MMTableView@interface MMTableViewInfo- (id)getTableView;
- (void)clearAllSection;
- (void)addSection:(id)arg1;
- (void)insertSection:(id)arg1 At:(unsigned int)arg2;@end@interface MMTableViewSectionInfo+ (id)sectionInfoDefaut;
+ (id)sectionInfoHeader:(id)arg1;
+ (id)sectionInfoHeader:(id)arg1 Footer:(id)arg2;
- (void)addCell:(id)arg1;@end@interface MMTableViewCellInfo+ (id)normalCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 accessoryType:(long long)arg4;
+ (id)switchCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 on:(_Bool)arg4;
+ (id)normalCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 rightValue:(id)arg4 accessoryType:(long long)arg5;
+ (id)normalCellForTitle:(id)arg1 rightValue:(id)arg2;
+ (id)urlCellForTitle:(id)arg1 url:(id)arg2;@end@interface MMTableView: UITableView@end#pragma mark - UI
@interface MMUICommonUtil : NSObject+ (id)getBarButtonWithTitle:(id)arg1 target:(id)arg2 action:(SEL)arg3 style:(int)arg4;@end@interface MMLoadingView : UIView@property(retain, nonatomic) UILabel *m_label; // @synthesize m_label;
@property (assign, nonatomic) BOOL m_bIgnoringInteractionEventsWhenLoading; // @synthesize m_bIgnoringInteractionEventsWhenLoading;- (void)setFitFrame:(long long)arg1;
- (void)startLoading;
- (void)stopLoading;
- (void)stopLoadingAndShowError:(id)arg1;
- (void)stopLoadingAndShowOK:(id)arg1;@end@interface MMWebViewController: NSObject- (id)initWithURL:(id)arg1 presentModal:(_Bool)arg2 extraInfo:(id)arg3;@end@protocol ContactSelectViewDelegate <NSObject>- (void)onSelectContact:(CContact *)arg1;@end@interface ContactSelectView : UIView@property(nonatomic) unsigned int m_uiGroupScene; // @synthesize m_uiGroupScene;
@property(nonatomic) _Bool m_bMultiSelect; // @synthesize m_bMultiSelect;
@property(retain, nonatomic) NSMutableDictionary *m_dicMultiSelect; // @synthesize m_dicMultiSelect;- (id)initWithFrame:(struct CGRect)arg1 delegate:(id)arg2;
- (void)initData:(unsigned int)arg1;
- (void)initView;
- (void)addSelect:(id)arg1;@end@interface ContactsDataLogic : NSObject@property(nonatomic) unsigned int m_uiScene; // @synthesize m_uiScene;@end@interface MMUINavigationController : UINavigationController@end#pragma mark - UtilCategory@interface NSMutableDictionary (SafeInsert)- (void)safeSetObject:(id)arg1 forKey:(id)arg2;@end@interface NSDictionary (NSDictionary_SafeJSON)- (id)arrayForKey:(id)arg1;
- (id)dictionaryForKey:(id)arg1;
- (double)doubleForKey:(id)arg1;
- (float)floatForKey:(id)arg1;
- (long long)int64ForKey:(id)arg1;
- (long long)integerForKey:(id)arg1;
- (id)stringForKey:(id)arg1;@end@interface NSString (NSString_SBJSON)- (id)JSONArray;
- (id)JSONDictionary;
- (id)JSONValue;@end#pragma mark - UICategory@interface UINavigationController (LogicController)- (void)PushViewController:(id)arg1 animated:(_Bool)arg2;@end@interface MMUIViewController : UIViewController- (void)startLoadingBlocked;
- (void)startLoadingNonBlock;
- (void)startLoadingWithText:(NSString *)text;
- (void)stopLoading;
- (void)stopLoadingWithFailText:(NSString *)text;
- (void)stopLoadingWithOKText:(NSString *)text;@end@interface NewSettingViewController: MMUIViewController- (void)reloadTableData;@end@interface ContactInfoViewController : MMUIViewController@property(retain, nonatomic) CContact *m_contact; // @synthesize m_contact;@end@protocol MultiSelectContactsViewControllerDelegate <NSObject>
- (void)onMultiSelectContactReturn:(NSArray *)arg1;@optional
- (int)getFTSCommonScene;
- (void)onMultiSelectContactCancelForSns;
- (void)onMultiSelectContactReturnForSns:(NSArray *)arg1;
@end@interface MultiSelectContactsViewController : UIViewController@property(nonatomic) _Bool m_bKeepCurViewAfterSelect; // @synthesize m_bKeepCurViewAfterSelect=_m_bKeepCurViewAfterSelect;
@property(nonatomic) unsigned int m_uiGroupScene; // @synthesize m_uiGroupScene;@property(nonatomic, weak) id <MultiSelectContactsViewControllerDelegate> m_delegate; // @synthesize m_delegate;@end@interface SettingUtil : NSObject+ (NSString *)getLocalUsrName:(NSInteger)arg1;@end//@interface NewMainFrameViewController : UIViewController
//
//- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
//
//@endDemo下载
iOS逆向 非群主@所有人相关推荐
- iOS 逆向-非越狱手机Hook App
引子 由于对iOS逆向分析很感兴趣,所以也花了很长一段时间学习了iOS逆向相关知识,并积累了一些相关经验, 这几天又到看雪论坛逛了一下,看看最近有没有什么大牛分享心得成果的!还真让我看到一篇有意思的文 ...
- 人数超100的微信群非群主无法修改群名称了
来自契约的消息:微信群进行了一个小更新,当群人数超过100人(不包括100人),其他群成员再也无法修改群名称.哈哈,有昵称强迫症的朋友你还能任性地随意修改群名吗? 以后只要超过100人的群,再也不会出 ...
- 阿里配管专家解读:如何最优成本搭建非标准的iOS构建集群
作者简介:董必胜(叔大),阿里巴巴配置管理专家,负责集团.蚂蚁的移动端构建,负责研发协同平台RDC无线. 背景:在移动物联网大潮中iOS构建的重要性日益突出,如何能提供稳定的iOS构建服务?中大型的企 ...
- IOS逆向笔记之HOOK实现(非越狱)
HOOK是越狱的最终目标,目的是给应用添加功能如插件或者是更改应用的某个功能来满足我们的需求,如微信中添加抢红包插件.本文将以最近比较火的"快看"漫画为例子去除付费漫画中的收费弹窗 ...
- 【iOS逆向与安全】iOS插件开发光速入门
前言 经过之前的学习,相信你已经能熟练的使用Frida-trace.IDA Pro等逆向工具.不过,仅仅到这肯定是不够的.接下来,学会把你逆向的结果打包成插件并运行,那iOS逆向,你也就真正的入门了. ...
- 【iOS逆向与安全】iOS插件开发入门
前言 经过之前的学习,相信你已经能熟练的使用Frida-trace.IDA Pro等逆向工具.不过,仅仅到这肯定是不够的.接下来,学会把你逆向的结果打包成插件并运行,那iOS逆向,你也就真正的入门了. ...
- iOS逆向之自动化重签名
iOS逆向之自动化重签名 准备工作 非越狱的iPhone手机 用PP助手下载: 微信6.6.5(越狱应用) 步骤 新建工程"自动化签名",在工程目录下新建APP文件夹放置需要重签名 ...
- iOS 逆向 - 收藏集 - 掘金
分分钟让你在 微信运动 霸占榜首 - iOS - 掘金 为了纪念我失去的已越狱iPad, 不得不写点什么. 所以...以下内容 不需要越狱. 微信运动 6万步是什么概念,我不知道,因为我没走过,不过有 ...
- iOS逆向-微信自动添加好友
前言 上次完成了 macOS 版微信小助手,现在终于有(xian)时(de)间(huang)来说说 iOS 逆向了.本篇主要实现在微信上自动添加好友(即自动验证新的朋友申请),从而熟悉 iOS 逆向分 ...
最新文章
- 赠 看穿一切的var_dump
- python使用正则表达式寻找具有特定后缀的文件
- Windows下Git的安装
- 构建ASP.NET MVC4+EF5+EasyUI+Unity2.x注入的后台管理系统(39)-在线人数统计探讨
- 通用型硬件只是个传说
- 全球及中国现金自动化(管理)行业运作模式与前景趋势展望报告2022版
- ViewPager两种方式实现无限轮播
- 上传图片和音频到Server,再转存到DB
- 在代码中实用协程(二)
- neo4j 机器学习_知识图谱实战系列四:neo4j的介绍和使用
- oracle安装 插件的执行方法失败_解决 VS Code 中 golang.org 被墙导致的 Go 插件安装失败问题...
- Linux使用命令 笔记
- html固定广告位置,创建固定位置弹出浮动广告的实例代码
- Maven最全使用指南,都在这里了
- python foo函数_Python函数基础
- 手贱大意删除重要的文件怎么办!!!一招教你怎样恢复误删的文件
- python遇到错误跳过_python如何设置报错跳过?
- python教程111-Python多条件计数与求和
- matlab光学几何光学模拟,matlab在几何光学仿真 实验中的应用.doc
- android 最新 九宫格,Android开发中怎么显示一个九宫格图片