IOS微信逆向-免越狱抢红包防撤回等自定义功能实现

微信砸壳

CrackerXI+砸壳，或手动使用dumpdecrypted砸壳

把已砸壳的wech使用scp或者助手at.ipa导出

monkeydev

MonkeyDev集成在xcode上面，可以快速开发hook的代码，链接到Mach-O文件，支持修改ipa后的免越狱安装。

新建MonkeyDev项目

把砸壳后的微信ipa拖进工程中的TargetApp目录

run编译真机调试

打开微信设置页面，xcode打开Debug View Hierarychy查看层级。

新增控件类WCTableViewManager

%hook NewSettingViewController

- (void)reloadTableData{

%orig;

WCTableViewManager *tableViewMgr = MSHookIvar<id>(self, "m_tableViewMgr");

MMTableView *tableView = [tableViewMgr getTableView];

WCTableViewNormalCellManager *newCell = [%c(WCTableViewNormalCellManager) normalCellForSel:@selector(setting) target:self title:@"你懂的"];

[((WCTableViewSectionManager*)tableViewMgr.sections[0]) addCell: newCell];

[tableView reloadData];

}

%new

- (void)setting {

UIViewController *vc = [[HZWechatSettingController alloc] init];

[((UIViewController *)self).navigationController PushViewController:vc animated:true];

}

%end

新增自动抢红包、消息防撤回、微信步数修改选项

WCTableViewCellManager *autoEnvelopCell = [HZWechat switchCellWithSel:@selector(autoEnvelopSwitchChange:) target:self title:@"自动抢红包" switchOn:[HZWechatConfig autoRedEnvelop]];

[nidongde addCell:autoEnvelopCell];

WCTableViewCellManager *revokeIntercept = [HZWechat switchCellWithSel:@selector(revokeIntercept:) target:self title:@"消息防撤回" switchOn:[HZWechatConfig preventRevoke]];

[nidongde addCell:revokeIntercept];

WCTableViewCellManager *changeStepsCell = [HZWechat switchCellWithSel:@selector(changedSteps:) target:self title:@"修改微信步数" switchOn:[HZWechatConfig changeSteps]];

[nidongde addCell:changeStepsCell];

hook红包消息实现自动抢

BOOL (^shouldReceiveRedEnvelop)() = ^BOOL() {

if (!HZWechatConfig.autoRedEnvelop) { return NO; }

if (isGroupInBlackList()) { return NO; }

if (isContaintKeyWords()) { return NO; }

return isGroupReceiver() ||

(isGroupSender() && isReceiveSelfRedEnvelop()) ||

(!isGroupReceiver() && HZWechatConfig.personalRedEnvelopEnable);

};

NSDictionary *(^parseNativeUrl)(NSString *nativeUrl) = ^(NSString *nativeUrl) {

nativeUrl = [nativeUrl substringFromIndex:[@"wxpay://c2cbizmessagehandler/hongbao/receivehongbao?" length]];

return [%c(WCBizUtil) dictionaryWithDecodedComponets:nativeUrl separator:@"&"];

};

防撤回实现

%hook CMessageMgr

- (void)onRevokeMsg:(CMessageWrap *)arg1 {

if (HZWechatConfig.preventRevoke) {

NSString *msgContent = arg1.m_nsContent;

NSString *(^parseParam)(NSString *, NSString *,NSString *) = ^NSString *(NSString *content, NSString *paramBegin,NSString *paramEnd) {

NSUInteger startIndex = [content rangeOfString:paramBegin].location + paramBegin.length;

NSUInteger endIndex = [content rangeOfString:paramEnd].location;

NSRange range = NSMakeRange(startIndex, endIndex - startIndex);

return [content substringWithRange:range];

};

NSString *session = parseParam(msgContent, @"<session>", @"</session>");

NSString *newmsgid = parseParam(msgContent, @"<newmsgid>", @"</newmsgid>");

NSString *fromUsrName = parseParam(msgContent, @"<![CDATA[", @"撤回了一条消息");

CMessageWrap *revokemsg = [self GetMsg:session n64SvrID:[newmsgid integerValue]];

CContactMgr *contactMgr = [[objc_getClass("MMServiceCenter") defaultCenter] getService:objc_getClass("CContactMgr")];

CContact *selfContact = [contactMgr getSelfContact];

NSString *newMsgContent = @"";

if ([revokemsg.m_nsFromUsr isEqualToString:selfContact.m_nsUsrName]) {

if (revokemsg.m_uiMessageType == 1) { // 判断是否为文本消息

newMsgContent = [NSString stringWithFormat:@"拦截到你撤回了一条消息：\n %@",revokemsg.m_nsContent];

} else {

newMsgContent = @"拦截到你撤回一条消息";

}

} else {

if (revokemsg.m_uiMessageType == 1) {

newMsgContent = [NSString stringWithFormat:@"拦截到一条 %@撤回消息：\n %@",fromUsrName, revokemsg.m_nsContent];

} else {

newMsgContent = [NSString stringWithFormat:@"拦截到一条 %@撤回消息",fromUsrName];

}

CMessageWrap *newWrap = ({

CMessageWrap *msg = [[%c(CMessageWrap) alloc] initWithMsgType:0x2710];

[msg setM_nsFromUsr:revokemsg.m_nsFromUsr];

[msg setM_nsToUsr:revokemsg.m_nsToUsr];

[msg setM_uiStatus:0x4];

[msg setM_nsContent:newMsgContent];

[msg setM_uiCreateTime:[arg1 m_uiCreateTime]];

msg;

});

[self AddLocalMsg:session MsgWrap:newWrap fixTime:0x1 NewMsgArriveNotify:0x0];

return;

}

%orig;

}

%end

修改微信运动步数

%hook WCDeviceStepObject

-(NSInteger)m7StepCount {

NSInteger stepCount = %orig;

NSInteger newStepCount = HZWechatConfig.changedSteps;

return HZWechatConfig.changeSteps ? newStepCount : stepCount;

}

-(NSInteger)hkStepCount {

NSInteger stepCount = %orig;

NSInteger newStepCount = HZWechatConfig.changedSteps;

return HZWechatConfig.changeSteps ? newStepCount : stepCount;

}

%end

自签名打包后实现多开，配合AltDeploy+AltStore食用更佳

感谢

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.rhkb.cn/news/58181.html

如若内容造成侵权/违法违规/事实不符，请联系长河编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！