使用nbsp;class-dump-znbsp;分析支付宝nbsp;App
为了了解支付宝 app 的源码结构,我们可以使用 class-dump-z 工具来分析支付宝二进制。
下载配置 class_dump_z
前往 https://code.google.com/p/networkpx/wiki/class_dump_z ,下载 tar 包,然后解压配置到本地环境
$ tar -zxvf class-dump-z_0.2a.tar.gz
$ sudo cp mac_x86/class-dump-z /usr/bin/
class_dump 支付宝 App
$ class-dump-z Portal > Portal-dump.txt @protocol XXEncryptedProtocol_10764b0
-(?)XXEncryptedMethod_d109df;
-(?)XXEncryptedMethod_d109d3;
-(?)XXEncryptedMethod_d109c7;
-(?)XXEncryptedMethod_d109bf;
-(?)XXEncryptedMethod_d109b8;
-(?)XXEncryptedMethod_d109a4;
-(?)XXEncryptedMethod_d10990;
-(?)XXEncryptedMethod_d1097f;
-(?)XXEncryptedMethod_d10970;
-(?)XXEncryptedMethod_d10968;
-(?)XXEncryptedMethod_d10941;
-(?)XXEncryptedMethod_d10925;
-(?)XXEncryptedMethod_d10914;
-(?)XXEncryptedMethod_d1090f;
-(?)XXEncryptedMethod_d1090a;
-(?)XXEncryptedMethod_d10904;
-(?)XXEncryptedMethod_d108f9;
-(?)XXEncryptedMethod_d108f4;
-(?)XXEncryptedMethod_d108eb;
@optional
-(?)XXEncryptedMethod_d109eb;
@end
查看得到的信息是加过密的,这个加密操作是苹果在部署到 app store时做的,所以我们还需要做一步解密操作。
使用 Clutch 解密支付宝 App
下载 Clutch
iOS7 越狱后的 Cydia 源里已经下载不到 Clutch 了,但是我们可以从网上下载好推进 iPhone
查看可解密的应用列表
root# ./Clutch Clutch-1.3.2
usage: ./Clutch [flags] [application name] [...]
Applications available: 9P_RetinaWallpapers breadtrip Chiizu CodecademyiPhone FisheyeFree food GirlsCamera IMDb InstaDaily InstaTextFree iOne ItsMe3 linecamera Moldiv MPCamera MYXJ NewsBoard Photo Blur Photo Editor PhotoWonder POCO 相机 Portal QQPicShow smashbandits Spark tripcamera Tuding_vITC_01 wantu WaterMarkCamera WeiBo Weibo
解密支付宝 App
root# ./Clutch Portal Clutch-1.3.2
Cracking Portal...
Creating working directory...
Performing initial analysis...
Performing cracking preflight...
dumping binary: analyzing load commands
dumping binary: obtaining ptrace handle
dumping binary: forking to begin tracing
dumping binary: successfully forked
dumping binary: obtaining mach port
dumping binary: preparing code resign
dumping binary: preparing to dump
dumping binary: ASLR enabled, identifying dump location dynamically
dumping binary: performing dump
dumping binary: patched cryptid
dumping binary: writing new checksum
Censoring iTunesMetadata.plist...
Packaging IPA file... compression level: 0 /var/root/Documents/Cracked/支付宝钱包-v8.0.0-(Clutch-1.3.2).ipa elapsed time: 7473ms Applications Cracked:
Portal Applications that Failed: Total Success: 1 Total Failed: 0
导出已解密的支付宝 App
从上一步骤得知,已解密的 ipa 位置为:/var/root/Documents/Cracked/支付宝钱包-v8.0.0-(Clutch-1.3.2).ipa
将其拷贝到本地去分析
class_dump
已解密的支付宝 App
@protocol ALPNumPwdInputViewDelegate <<span class="hljs-title" style="box-sizing: border-box; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; color: rgb(68, 85, 136); font-weight: 700;">NSObject>
-(void)onPasswordDidChange:(id)onPassword;
@end @protocol ALPContactBaseTableViewCellDelegate <<span class="hljs-title" style="box-sizing: border-box; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; color: rgb(68, 85, 136); font-weight: 700;">NSObject>
-(void)shareClicked:(id)clicked sender:(id)sender;
@end @interface MMPPayWayViewController : XXUnknownSuperclass <<span class="hljs-title" style="box-sizing: border-box; font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; color: rgb(68, 85, 136); font-weight: 700;">SubChannelSelectDelegate, UITableViewDataSource, UITableViewDelegate, CellDelegate, UIAlertViewDelegate> {
@private Item* channelSelected; BOOL _bCheck; BOOL _bOpenMiniPay; BOOL _bNeedPwd; BOOL _bSimplePwd; BOOL _bAutopayon; BOOL _bHasSub; BOOL _bFirstChannel; BOOL _bChangeSub; BOOL _bClickBack; UITableView* _channelListTableView; NSMutableArray* _channelListArray; NSMutableArray* _subChanneSelectedlList; NSMutableArray* _unCheckArray; UIButton* _saveButton; UILabel* _tipLabel; MMPPasswordSwichView* _payWaySwitch; MMPPopupAlertView* _alertView; UIView* _setView; int _originalSelectedRow; int _currentSelectedRow; NSString* _statusCode; ChannelListModel* _defaultChannelList;
}
@property(assign, nonatomic) BOOL bClickBack;
@property(retain, nonatomic) ChannelListModel* defaultChannelList;
@property(retain, nonatomic) NSString* statusCode;
@property(assign, nonatomic) int currentSelectedRow;
@property(assign, nonatomic) int originalSelectedRow;
@property(retain, nonatomic) UIView* setView;
@property(retain, nonatomic) MMPPopupAlertView* alertView;
@property(retain, nonatomic) MMPPasswordSwichView* payWaySwitch;
@property(assign, nonatomic, getter=isSubChannelChanged) BOOL bChangeSub;
@property(assign, nonatomic) BOOL bFirstChannel;
@property(assign, nonatomic) BOOL bHasSub;
@property(assign, nonatomic) BOOL bAutopayon;
@property(assign, nonatomic) BOOL bSimplePwd;
@property(assign, nonatomic) BOOL bNeedPwd;
@property(assign, nonatomic) BOOL bOpenMiniPay;
@property(assign, nonatomic) BOOL bCheck;
@property(retain, nonatomic) UILabel* tipLabel;
@property(retain, nonatomic) UIButton* saveButton;
@property(retain, nonatomic) NSMutableArray* unCheckArray;
@property(retain, nonatomic) NSMutableArray* subChanneSelectedlList;
@property(retain, nonatomic) NSMutableArray* channelListArray;
@property(retain, nonatomic) UITableView* channelListTableView;
-(void).cxx_destruct;
-(void)subChannelDidSelected:(id)subChannel;
-(void)switchCheckButtonClicked:(id)clicked;
-(void)checkboxButtonClicked:(id)clicked;
-(void)onCellClick:(id)click;
-(void)showSubChannels;
-(void)tableView:(id)view didSelectRowAtIndexPath:(id)indexPath;
-(id)tableView:(id)view cellForRowAtIndexPath:(id)indexPath;
-(int)tableView:(id)view numberOfRowsInSection:(int)section;
-(float)tableView:(id)view heightForRowAtIndexPath:(id)indexPath;
-(int)numberOfSectionsInTableView:(id)tableView;
-(void)setTableViewFootView:(id)view;
-(void)setTableViewHeaderView:(id)view;
-(id)tableView:(id)view viewForHeaderInSection:(int)section;
-(id)tableView:(id)view viewForFooterInSection:(int)section;
-(float)tableView:(id)view heightForHeaderInSection:(int)section;
-(float)tableView:(id)view heightForFooterInSection:(int)section;
-(void)alertView:(id)view clickeonAtIndex:(int)index;
-(void)clickSave;
-(void)netWorkRequestWithPwd:(id)pwd;
-(void)setPayWaySwitchStates:(id)states;
-(void)changePayWaySwitch:(id)aSwitch;
-(void)scrollToSelectedRow;
-(void)didReceiveMemoryWarning;
-(void)viewDidLoad;
-(void)applicationEnterBackground:(id)background;
-(void)dealloc;
-(void)goBack;
-(BOOL)isChannelsSetChanged;
-(id)subChannelCode:(int)code;
-(id)subChannelDesc:(int)desc;
-(id)initWithDefaultData:(id)defaultData;
-(id)initWithNibName:(id)nibName bundle:(id)bundle;
-(void)commonInit:(id)init;
@end
分析支付宝源码片段
使用了 @private 关键字限制成员访问权限
使用nbsp;class-dump-znbsp;分析支付宝nbsp;App相关推荐
- iOS安全攻防(六):使用class-dump-z分析支付宝app
为了了解支付宝app的源码结构,我们可以使用class-dump-z工具来分析支付宝二进制. 1.下载配置class_dump_z 前往 https://code.google.com/p/netwo ...
- ios--安全攻防--使用class-dump-z分析支付宝app
使用class-dump-z分析支付宝app 文章出处:http://blog.csdn.net/yiyaaixuexi/article/details/18353423#comments 为了了解支 ...
- Windbg内核调试之四: Dump文件分析
Dump 文件分析很大程度上就是分析蓝屏产生的原因.这种系统级的错误算是Windows提示错误中比较严重的一种(更严重的还有启动黑屏等硬件或软件兼容性错误等等).说它是比较严重,是因为毕竟Window ...
- java Thread Dump 日志分析
jstack Dump 日志文件中的线程状态 dump 文件里,值得关注的线程状态有: 死锁,Deadlock(重点关注) 执行中,Runnable 等待资源,Waiting on condition ...
- Java的dump文件分析及JProfiler使用
Java的dump文件分析及JProfiler使用 1 dump文件介绍 从软件开发的角度上,dump文件就是当程序产生异常时,用来记录当时的程序状态信息(例如堆栈的状态),用于程序开发定位问题. i ...
- Android 系统(78)---《android framework常用api源码分析》之 app应用安装流程
<android framework常用api源码分析>之 app应用安装流程 <android framework常用api源码分析>android生态在中国已经发展非常庞大 ...
- Android基于rxjava2+retrofit2实现断点续传下载,模拟支付宝更新app
前言 在rxjava和retrofit日益火热的今天,我们也要给自己定个小目标,比如说利用其来实现支付宝更新app的断点续传下载功能. 基本原理 其实下载文件就是一个get请求,而断点续传则是要把发生 ...
- Android逆向小技巧①:从Activity下手找到切入点,逆向分析支付宝APP
明确目标 关于Android应用的解包.反编译,在网上已经有无数文章了,此处不再赘述.当你已经使用 [d2j-dex2jar] 和 [jd-gui] 得到了APK反编译后的JAVA代码,面对庞大的代码 ...
- 【JVM】jstack和dump线程分析(2)
一:jstack jstack命令的语法格式: jstack <pid>.可以用jps查看java进程id.这里要注意的是: 1. 不同的 JAVA虚机的线程 DUMP的创建方法和文件格 ...
最新文章
- ThinkPHP+AJAX三级联动
- Javascript JSON 序列化和反序列化
- pdo 连接数据库 报错 could not find driver 解决方法
- SAP Commerce Cloud CMS page 和 page template 的概念
- java httppost wsdl_Java使用HttpUrlConnection调用webService(wsdl)
- android wear中国版,AndroidWear中国版App——小白上手指南
- ppt课堂教学流程图_ppt怎么做流程图 ppt做流程图的方法是什么
- 远程唤醒电脑WOL(Wake On LAN - 局域网唤醒)
- EXCEL打开文件密码如何找回
- 河海大学计算机与信息科学,刘凡 - 河海大学 - 计算机与信息学院
- 环信sdk android 聊天,Android基于环信SDK开发IM即时聊天
- 使用python的requests库实现书籍比价工具
- 思科ACS5.8最新搭建教程-亲测可用
- 探索移动端音视频与GSYVideoPlayer之旅 | Agora Talk
- 福特sync恢复出厂设置_急急急啊!福特sync服务中心如何注册
- 个人微信开发API协议接口
- Scrapy爬取当当网图书销售前100
- 《软件方法》第六章 自测题
- 基于JSP会议管理系统毕业设计
- js数组排序 中间大两边小