寫在前面的話 羅列下本次逆向要使用的幾個工具
- MonkeyDev 或者IPAPatch
- HookZz
事情起源
-
最近我的朋友圈充滿了世界盃!幾乎每個偽球迷都在刷直播世界盃!還有熱心的朋友發出了世界盃直播的App(央視影音 iOS)連結!點進去看了一下,但是看直播之前需要先看長達60秒的廣告。作為iOS逆向愛好者,決定為廣大球迷做點兒力所能及的事情----那就是去掉廣告 -
帶60廣告的證據圖
下面簡單說下逆向過程和思路
思路
- 因為只是給央視影音App去廣告!所以思路很簡單(把廣告相關的物件置為空即可)
逆向過程
第一步 動態分析
- 使用HookZZ的objc_msgSend模組 列印函式呼叫
- 只關注Ad開頭的類
- 下面是相關程式碼
void objc_msgSend_pre_call(RegState *rs, ThreadStackPublic *ts, CallStackPublic *cs, const HookEntryInfo *info) {
char *selector = (char *)rs->ZREG(1);
id tmpObject = (id)rs->ZREG(0);
Class tmpClass = object_getClass(tmpObject);
if (!tmpClass)
return;
const char *className = class_getName(tmpClass);
if (!strstr(className, "Ad") && !strstr(className, "Home")) {
return;
}
memset(decollators, '-', 512);
if (ts->size * 3 >= 512)
return;
decollators[ts->size * 3] = '\0';
printf("[OCMethodMonitor|%ld] %s [%s %s]\n", ts->thread_id, decollators, className, selector);
}
複製程式碼- 簡單展示下這個HookZz的objc_msgSend模組列印出來的內容
- CNAdPlayerView
[OCMethodMonitor|7341845312] --- [CNAdPlayerView beatHandleForTime:]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView adTime]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView setSurplusSec:]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlayerUIKit]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView queuePlayer]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView indexForPlayerItem:]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView playerEventType:value:]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate]
[OCMethodMonitor|7341845312] ------ [CNAdPlayerView playDelayTime]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlaying]
[OCMethodMonitor|7341845312] --------- [CNAdPlayerView adTimeout]
複製程式碼-
- AdsameBannerView
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView alloc]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView initWithFrame:]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setClipsToBounds:]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setSlotStr:]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK def_volume]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK m_isMute]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setIsOrderedBannerPaused:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUsingCache:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setCId:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setSlotStr:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUserExposure:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setParentSDK:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setDelegateBanner:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsRetina:]
複製程式碼- 還有其它一些帶Ad的類就不一一列舉了
第二步 編寫hook程式碼
- 按照之前的思路把Ad相關的類的初始化程式碼返回nil
// See http://iphonedevwiki.net/index.php/Logos
#import <UIKit/UIKit.h>
//AdsameBannerView
%hook AdsameBannerView
- (AdsameBannerView*)initWithFrame:(id)arg1{
return nil;
}
%end
%hook CNAdPlayerView
-(CNAdPlayerView*)initWithFrame:(id)arg1{
return nil;
}
%end
%hook CNADPlayerUIKit
-(CNADPlayerUIKit *)initWithFrame:(id)arg1{
return nil;
}
%end
%hook AdMasterMobileTracking
+(id)sharedInstance{
return nil;
}
-(AdMasterMobileTracking*)init
{
%log;
return nil;
}
%end
複製程式碼第三步 打包重籤
- MonkeyDev 或者 IPAPatch 用的第一個,第二個也是可以的
最後再附上去掉廣告的IPA連結()
git原始碼 https://github.com/yuzhouheike/HookZz-Learn
最後的最後
- 感謝您在百忙之中看我的文章
最後送你一個支付寶紅包
- 開啟支付寶首頁搜尋“8074157”,即可領紅包