写在前面的话本次要使用的几个工具
- IDA
- AloneMonkey的MonkeyDev
- Charles
- Kali
什么是直播盒子?
- 单个直播的叫平台,比如斗鱼,熊猫,快手等等
- 所有的平台放在一个App里面就被称为盒子
- 现在上面上有很多直播平台(带颜色的)
什么是iOS逆向?
- 对我来说就是研究别人App里面的东西
为什么逆向这个盒子?
- 事情的起因是:帮兄弟的帮,兄弟让■■,所以研究下
首先上个图(市面上的直播盒子现在也有很多,图只是其中一种,兄弟发过来的链接)
- 首页
- 随便点击一个
您的会员账号已到期,请续费付费是不可能付费的,这辈子都不会付费的。只能靠逆向才能维持生活这样子。。。
然后使用Chareles抓包 得到以下结果
- 显然作者对数据进行了加密
- 看到了Host api.appplat6688.com
- 看到域名那就扫描一下端口吧 !祭出Kali
nmap api.appplat6688.com
过了半根烟的时间
- 出现如下结果:
Starting Nmap 7.60 ( https://nmap.org ) at 2018-05-13 15:52 CST
Nmap scan report for api.appplat6688.com (101.55.26.69)
Host is up (0.64s latency).
Other addresses for api.appplat6688.com (not scanned): 220.95.210.101 101.55.26.70 182.16.53.100 216.118.239.124 52.128.230.228 180.178.48.220 103.90.137.107 216.118.239.132 220.95.210.78 182.16.55.76 180.178.51.212 119.42.148.148
Not shown: 983 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
901/tcp filtered samba-swat
1068/tcp filtered instl_bootc
3128/tcp filtered squid-http
3333/tcp filtered dec-notes
4444/tcp filtered krb524
5800/tcp filtered vnc-http
5900/tcp filtered vnc
6129/tcp filtered unknown
6667/tcp filtered irc
6789/tcp open ibm-db2-admin
Nmap done: 1 IP address (1 host up) scanned in 59.59 seconds
- 上面这些端口呢。基本上都是常用的。坦白的说我也搞不定它。所以先不管它(估计有人会问:既然搞不定,为什么要扫呢?因为人外有人,天外有天,我搞不了的不代表正在看文章的你搞不定。帮你扫的!)
因为我们的主题是逆向iOS客户端
-
如上图所示。此客户端进行了数据加密。一般数据加密的App说明开发者对自己的App做了保护。那么我们就要去看看他是怎么加密的
-
把件IPA文件(经过3秒的思想斗争。最终决定还是不放链接了,想研究的加我V信)扔到IDA里面
半根烟时间后
- 全局搜索
您的会员账号已到期
- 最终结果
- 点击X按钮(一路X只到出现汇编代码)
- 经过一些列分析,定位到如下代码
- hook
KYLMQxqXCDsiemxz:params:success:failure:
%hook GBoxNetManager
-(void)KYLMQxqXCDsiemxz:(id)arg1 params:(id) arg2 success:(id)arg3 failure:(id)arg4 {
%log;
NSLog(@"arg1%@", arg1);
NSLog(@"arg2%@", arg2);
NSLog(@"arg3%@", arg3);
NSLog(@"arg4%@", arg4);
%orig;
}
%end
- 得到以下结果
- 那就看看这个函数的返汇编,和F5(IDA常用功能)出来的伪代码
- 根据我浅显的英文水准,判断出
GBoxNetCrypto这个类就是加密类 - 那么我们就去看看这个类,然后Hook它
- Hook代码
%hook GBoxNetCrypto
- (id) desEncrypt:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"desEncrypt arg1 = %@ arg2 = %@", arg1, arg2 );
NSLog(@"desEncrypt===orig %@", %orig);
return %orig;
}
- (id) desDecrypt:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"desDecrypt arg1 = %@ arg2 = %@", arg1, arg2 );
NSLog(@"desDecrypt===orig %@", %orig);
return %orig;
}
- (id) QVGRSpobWNqWYHVm:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"QVGRSpobWNqWYHVm:key arg1 = %@ arg2 = %@", arg1, arg2 );
return %orig;
}
- (id) QVGRSpobWNqWYHVm:(id)arg1 {
// %log;
NSLog(@"QVGRSpobWNqWYHVm arg1 = %@", arg1 );
return %orig;
}
- (id) dCkFSxbcvATgvDOF:(id)arg1 {
// %log;
NSLog(@"dCkFSxbcvATgvDOF arg1 = %@", arg1 );
return %orig;
}
- (id) PxXAtABexHNGjGWc:(id)arg1 {
// %log;
NSLog(@"PxXAtABexHNGjGWc arg1 = %@", arg1 );
return %orig;
}
%end
- 这里我没有去关注它内部的加密逻辑,只是拿到了加密的输出和输入(我们要的就是这个)
- 那么我们就去我们想要的界面去找想要的内容
看打印出的服务端返回内容
{
"code": 200,
"list": [{
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/310598/1525874444233.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "MZZ颜宝",
"roomId": "213909",
"roomPay": 0,
"url": "",
"userId": 310598,
"watchNum": 2774
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/300719/1526197877705.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "红酒女神",
"roomId": "213901",
"roomPay": 0,
"url": "",
"userId": 300719,
"watchNum": 2640
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/343317/201805030457277987.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "U兔宝宝",
"roomId": "213934",
"roomPay": 0,
"url": "",
"userId": 343317,
"watchNum": 2433
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/258508/201805091218287030.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Mzz人丑对不起祖国",
"roomId": "213709",
"roomPay": 0,
"url": "",
"userId": 258508,
"watchNum": 8792
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/222192/1525758635927.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "er秀秀女",
"roomId": "213861",
"roomPay": 0,
"url": "",
"userId": 222192,
"watchNum": 3623
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/273879/201805130501314734.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "妞妞Da姐姐",
"roomId": "213955",
"roomPay": 0,
"url": "",
"userId": 273879,
"watchNum": 387
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/288102/1526199691114.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "cK小淫妹",
"roomId": "213923",
"roomPay": 0,
"url": "",
"userId": 288102,
"watchNum": 1407
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/217817/1523589369535.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "MZZ小辣椒",
"roomId": "213964",
"roomPay": 0,
"url": "",
"userId": 217817,
"watchNum": 359
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/330326/1525259084018.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "FV俄国留学生",
"roomId": "213875",
"roomPay": 0,
"url": "",
"userId": 330326,
"watchNum": 4004
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/283380/1526202846359.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG新葡京官方认证推筒子",
"roomId": "213969",
"roomPay": 0,
"url": "",
"userId": 283380,
"watchNum": 315
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/351343/1526190381915.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG魔图精灵",
"roomId": "213787",
"roomPay": 0,
"url": "",
"userId": 351343,
"watchNum": 437
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/225589/201804151030587590.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "燕子",
"roomId": "213929",
"roomPay": 0,
"url": "",
"userId": 225589,
"watchNum": 912
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/383599/1526185673046.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Q户外运动2",
"roomId": "213897",
"roomPay": 0,
"url": "",
"userId": 383599,
"watchNum": 2
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/341027/1526190449533.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "MZZ我叫然儿",
"roomId": "213790",
"roomPay": 0,
"url": "",
"userId": 341027,
"watchNum": 3139
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/218746/1523616631878.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "苏苏",
"roomId": "213624",
"roomPay": 0,
"url": "",
"userId": 218746,
"watchNum": 4265
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/381140/1526200185989.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG赌皇国际娱乐会所",
"roomId": "213936",
"roomPay": 0,
"url": "",
"userId": 381140,
"watchNum": 53
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/235006/1526194826473.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG娱乐在线",
"roomId": "213865",
"roomPay": 0,
"url": "",
"userId": 235006,
"watchNum": 70
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/335223/1525414300646.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "SR-甜甜蜜蜜",
"roomId": "213949",
"roomPay": 0,
"url": "",
"userId": 335223,
"watchNum": 143
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365481/1526195868109.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG娱乐一筒天下",
"roomId": "213881",
"roomPay": 0,
"url": "",
"userId": 365481,
"watchNum": 408
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/283355/1526007090245.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Q闺蜜老公",
"roomId": "213721",
"roomPay": 0,
"url": "",
"userId": 283355,
"watchNum": 949
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/238973/1526150049307.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "湿妹",
"roomId": "213956",
"roomPay": 0,
"url": "",
"userId": 238973,
"watchNum": 487
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/217200/1526201580870.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道小浪妹",
"roomId": "213948",
"roomPay": 0,
"url": "",
"userId": 217200,
"watchNum": 714
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/313511/1524838889797.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "sr魅魔",
"roomId": "213595",
"roomPay": 0,
"url": "",
"userId": 313511,
"watchNum": 2845
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/384935/1526185367686.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG名流娱乐会所",
"roomId": "213726",
"roomPay": 0,
"url": "",
"userId": 384935,
"watchNum": 5325
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/329991/201805011847014858.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "MI芊",
"roomId": "213889",
"roomPay": 0,
"url": "",
"userId": 329991,
"watchNum": 1315
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/312549/201805010204564037.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "JL雨",
"roomId": "213907",
"roomPay": 0,
"url": "",
"userId": 312549,
"watchNum": 1899
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/262886/1525618035798.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Dz妖孽人生",
"roomId": "213821",
"roomPay": 0,
"url": "",
"userId": 262886,
"watchNum": 2608
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/223279/1526201868037.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "至尊大湿妹",
"roomId": "213951",
"roomPay": 0,
"url": "",
"userId": 223279,
"watchNum": 1055
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/264781/1526201888712.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "小小姐",
"roomId": "213953",
"roomPay": 0,
"url": "",
"userId": 264781,
"watchNum": 954
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/360406/201805071210131372.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道宝贝",
"roomId": "213940",
"roomPay": 0,
"url": "",
"userId": 360406,
"watchNum": 681
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/354808/1525544975204.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Q妖姬",
"roomId": "213789",
"roomPay": 0,
"url": "",
"userId": 354808,
"watchNum": 1143
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/377175/1526170882681.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "SG闭月羞花2",
"roomId": "213567",
"roomPay": 0,
"url": "",
"userId": 377175,
"watchNum": 2508
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/272572/1525795865574.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道全国跪求约泡可怜求爱爱",
"roomId": "213950",
"roomPay": 0,
"url": "",
"userId": 272572,
"watchNum": 45
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/224784/1525323978804.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "MZZ甜心可可",
"roomId": "213900",
"roomPay": 0,
"url": "",
"userId": 224784,
"watchNum": 1824
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/328016/201805130829280235.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道椰子壳",
"roomId": "213570",
"roomPay": 0,
"url": "",
"userId": 328016,
"watchNum": 1067
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/283909/1524472684340.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "283909丢丢",
"roomId": "213702",
"roomPay": 0,
"url": "",
"userId": 283909,
"watchNum": 5689
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/383651/1526101482856.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG诚信走天下B",
"roomId": "213944",
"roomPay": 0,
"url": "",
"userId": 383651,
"watchNum": 24
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/374105/1525901432016.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "新人求礼物",
"roomId": "213961",
"roomPay": 0,
"url": "",
"userId": 374105,
"watchNum": 456
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/378153/1526181757820.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道淫乱",
"roomId": "213674",
"roomPay": 0,
"url": "",
"userId": 378153,
"watchNum": 742
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/387256/201805130509055450.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "xv小妖精",
"roomId": "213965",
"roomPay": 0,
"url": "",
"userId": 387256,
"watchNum": 34
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/224084/1526197795009.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "nL小姐姐",
"roomId": "213899",
"roomPay": 0,
"url": "",
"userId": 224084,
"watchNum": 3
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/338856/1525672991470.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "霸道左小雨",
"roomId": "213921",
"roomPay": 0,
"url": "",
"userId": 338856,
"watchNum": 3
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/263866/1525086433855.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "醉红颜凡凡",
"roomId": "213960",
"roomPay": 0,
"url": "",
"userId": 263866,
"watchNum": 303
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/298724/201805130427082900.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG愤怒的蚊子",
"roomId": "213933",
"roomPay": 0,
"url": "",
"userId": 298724,
"watchNum": 914
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/316941/201805131623228255.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "妞妞可爱丽嘚嘚",
"roomId": "213928",
"roomPay": 0,
"url": "",
"userId": 316941,
"watchNum": 1566
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/379899/1526202488299.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "ZJ夢無痕",
"roomId": "213963",
"roomPay": 0,
"url": "",
"userId": 379899,
"watchNum": 251
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/277556/1526197660901.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "Oh舒服",
"roomId": "213959",
"roomPay": 0,
"url": "",
"userId": 277556,
"watchNum": 2
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365205/1525763881629.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG东东老虎鸡哦",
"roomId": "213958",
"roomPay": 0,
"url": "",
"userId": 365205,
"watchNum": 394
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/379459/1526135486226.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "LY多多呀",
"roomId": "213970",
"roomPay": 0,
"url": "",
"userId": 379459,
"watchNum": 63
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/356966/1525596024623.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG公平推筒子",
"roomId": "213914",
"roomPay": 0,
"url": "",
"userId": 356966,
"watchNum": 17
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/370521/201805130344003097.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG你好明天吧",
"roomId": "213893",
"roomPay": 0,
"url": "",
"userId": 370521,
"watchNum": 65
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/327725/201805130242323786.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG童颜大波",
"roomId": "213851",
"roomPay": 0,
"url": "",
"userId": 327725,
"watchNum": 945
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/245238/1526201838262.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG依",
"roomId": "213952",
"roomPay": 0,
"url": "",
"userId": 245238,
"watchNum": 5
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/384925/1526189955136.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GG辉煌娱乐",
"roomId": "213782",
"roomPay": 0,
"url": "",
"userId": 384925,
"watchNum": 297
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365824/1526173626609.png?x-oss-process=image/resize,m_mfit,h_200,w_200",
"nickName": "GGYYA诚信天下",
"roomId": "213592",
"roomPay": 0,
"url": "",
"userId": 365824,
"watchNum": 8458
}],
"accountConfig": "{\"sdkAppId\":\"1400081396\",\"accountType\":\"24916\",\"IMType\":\"1\",\"webSdkAppId\":\"1106161652\"}"
}
