写在前面的话 罗列下本次逆向要使用的几个工具
- MonkeyDev 或者IPAPatch
- HookZz
事情起源
-
最近我的朋友圈充满了世界杯!几乎每个伪球迷都在刷直播世界杯!还有热心的朋友发出了世界杯直播的App(央视影音 iOS)链接!点进去看了一下,但是看直播之前需要先看长达60秒的广告。作为iOS逆向爱好者,决定为广大球迷做点儿力所能及的事情----那就是去掉广告 -
带60广告的证据图
下面简单说下逆向过程和思路
思路
- 因为只是给央视影音App去广告!所以思路很简单(把广告相关的对象置为空即可)
逆向过程
第一步 动态分析
- 使用HookZZ的objc_msgSend模块 打印函数调用
- 只关注Ad开头的类
- 下面是相关代码
void objc_msgSend_pre_call(RegState *rs, ThreadStackPublic *ts, CallStackPublic *cs, const HookEntryInfo *info) { char *selector = (char *)rs->ZREG(1); id tmpObject = (id)rs->ZREG(0); Class tmpClass = object_getClass(tmpObject); if (!tmpClass) return; const char *className = class_getName(tmpClass); if (!strstr(className, "Ad") && !strstr(className, "Home")) { return; } memset(decollators, '-', 512); if (ts->size * 3 >= 512) return; decollators[ts->size * 3] = '\0'; printf("[OCMethodMonitor|%ld] %s [%s %s]\n", ts->thread_id, decollators, className, selector);}复制代码 - 简单展示下这个HookZz的objc_msgSend模块打印出来的内容
- CNAdPlayerView
[OCMethodMonitor|7341845312] --- [CNAdPlayerView beatHandleForTime:][OCMethodMonitor|7341845312] ------ [CNAdPlayerView adTime][OCMethodMonitor|7341845312] ------ [CNAdPlayerView setSurplusSec:][OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlayerUIKit][OCMethodMonitor|7341845312] ------ [CNAdPlayerView queuePlayer][OCMethodMonitor|7341845312] ------ [CNAdPlayerView indexForPlayerItem:][OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems][OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems][OCMethodMonitor|7341845312] ------ [CNAdPlayerView playerEventType:value:][OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate][OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate][OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate][OCMethodMonitor|7341845312] ------ [CNAdPlayerView playDelayTime][OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlaying][OCMethodMonitor|7341845312] --------- [CNAdPlayerView adTimeout]复制代码
-
- AdsameBannerView
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView alloc][OCMethodMonitor|7341845312] ------------ [AdsameBannerView initWithFrame:][OCMethodMonitor|7341845312] --------------- [AdsameBannerView setClipsToBounds:][OCMethodMonitor|7341845312] --------------- [AdsameBannerView setSlotStr:][OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK][OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK def_volume][OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK][OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK m_isMute][OCMethodMonitor|7341845312] --------------- [AdsameBannerView setIsOrderedBannerPaused:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUsingCache:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setCId:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setSlotStr:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUserExposure:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setParentSDK:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setDelegateBanner:][OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsRetina:]复制代码
- 还有其它一些带Ad的类就不一一列举了
第二步 编写hook代码
- 按照之前的思路把Ad相关的类的初始化代码返回nil
// See http://iphonedevwiki.net/index.php/Logos#import//AdsameBannerView%hook AdsameBannerView- (AdsameBannerView*)initWithFrame:(id)arg1{ return nil;}%end%hook CNAdPlayerView-(CNAdPlayerView*)initWithFrame:(id)arg1{ return nil;}%end%hook CNADPlayerUIKit-(CNADPlayerUIKit *)initWithFrame:(id)arg1{ return nil;}%end%hook AdMasterMobileTracking+(id)sharedInstance{ return nil;}-(AdMasterMobileTracking*)init{ %log; return nil;}%end复制代码
第三步 打包重签
- MonkeyDev 或者 IPAPatch 用的第一个,第二个也是可以的
最后再附上去掉广告的IPA链接()
git源码
最后的最后
- 感谢您在百忙之中看我的文章
最后送你一个支付宝红包
- 打开支付宝首页搜索“8074157”,即可领红包