逆向支付宝学习
2019-01-12 本文已影响121人
小菜一碟321
今天没事研究了一下支付宝,二话不说先建立一个tweak工程,砸壳的支付宝ipa包可以从pp助手上下载,class-dump一下就可以拿到支付宝mach-o文件的header,我想试试能不能自动生成收款二维码,
分析
Flex分析到收款二维码的控制器是PEMainCodeNoticeViewController
我记得一个月之前支付宝的收款二维码的控制器还是PEMainCodeViewController,一转眼就变了,嘿嘿嘿。仔细分析了一下,现在必要的参数是PECollectSettingViewController生成的,也就是说,生成收款码的函数的所需要的参数来源于PECollectSettingViewController中的PECollectCodeController生成,仔细分析了一下PECollectCodeController 发现他其实是一个NSObject对象,😆看来支付宝命名不规范,小小吐槽一下
#if TARGET_OS_SIMULATOR
#error Do not support the simulator, please use the real iPhone Device.
#endif
#import <UIKit/UIKit.h>
#import <FLEX/FLEX.h>
#import <Foundation/Foundation.h>
@interface PECollectCodeController : NSObject
@property(retain, nonatomic) NSString *offlineQRCode; // @synthesize offlineQRCode=_offlineQRCode;
@property(retain, nonatomic) NSString *onlineQRCode; // @synthesize onlineQRCode=_onlineQRCode;
@property(retain, nonatomic) NSString *collectCodeId; // @synthesize collectCodeId=_collectCodeId;
@property(retain, nonatomic) NSString *collectMemo; // @synthesize collectMemo=_collectMemo;
@property(retain, nonatomic) NSString *collectAmount; // @synthesize collectAmount=_collectAmount;
@property(retain, nonatomic) UIImageView *qrcodeImgView; // @synthesize qrcodeImgView=_qrcodeImgView;
@end
@interface PECollectSettingViewController
@property(retain, nonatomic) UITextField *activeTextField;
@property(nonatomic) _Bool needAddMemo; // @synthesize needAddMemo=_needAddMemo;
@property(retain, nonatomic) NSString *sessionId;
- (void)confirmSetAmount;
@end
@interface PEMainCodeNoticeViewController
@end
%hook AllAppDelegate
- (void)applicationDidFinishLaunching:(id)arg1{
%orig;
UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"支付宝逆向" message:@"越狱系统级别注入支付宝😁😁😁😁🤣🤣😂😂😂😂😂😂😡😡🤠🤠" delegate:self cancelButtonTitle:@"确定" otherButtonTitles:@"取消", nil];
[alert show];
[[FLEXManager sharedManager] showExplorer];
}
%end
%hook PEMainCodeNoticeViewController
- (void)collectCodeControllerDidFinishSetAmount:(id)arg1 isFromSetting:(_Bool)arg2{
UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"支付宝逆向" message:[NSString stringWithFormat:@"%@-%@-%d-----在线%@-----离线%@",arg1,((PECollectCodeController *)arg1).collectAmount,arg2,((PECollectCodeController *)arg1).onlineQRCode,((PECollectCodeController *)arg1).offlineQRCode] delegate:self cancelButtonTitle:@"确定" otherButtonTitles:@"取消", nil];
[alert show];
UIView *view = [[UIView alloc]initWithFrame:CGRectMake(70, 70, 100, 100)];
view.backgroundColor = [UIColor redColor];
UIImageView *imagev = [[UIImageView alloc]initWithFrame:CGRectMake(5, 5, 90, 90)];
imagev.image = ((PECollectCodeController *)arg1).qrcodeImgView.image;
[view addSubview:imagev];
[[UIApplication sharedApplication].keyWindow addSubview:view];
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(20 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
[view removeFromSuperview];
});
%orig;
}
- (void)viewDidLoad{
%orig;
}
- (void)collectCodeControllerDidStartSetAmount:(id)arg1{
%orig;
}
%end
%hook PECollectSettingViewController
- (void)viewDidAppear:(_Bool)arg1{
%orig;
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.5 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
self.activeTextField.text = @"2";
});
dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
[self confirmSetAmount];
});
}
%end
x
