1、上传本地文件
===>GetGps:Now
===>GetKeyChain:Now
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb-shm
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb-wal
===>UploadFile:/var/mobile/Library/SMS/sms.db
===>UploadFile:/var/mobile/Library/SMS/sms.db-shm
===>UploadFile:/var/mobile/Library/SMS/sms.db-wal
===>UploadFile:/var/wireless/Library/CallHistory/call_history.db
===>GetWeiXin:Now
===>UploadFile:/private/var/mobile/Media/DCIM/100APPLE/IMG_[…].JPG
SecClassGenericPassword
SecClassInternetPassword
SecClassIdentity
SecClassCertificate
SecClassKey
然后将密钥信息(密码、认证标志等)打包成一个xml文件并使用同样的方式上传。
===>GetGps:Now
===>GetKeyChain:Now
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb-shm
===>UploadFile:/var/mobile/Library/AddressBook/AddressBook.sqlitedb-wal
===>UploadFile:/var/mobile/Library/SMS/sms.db
===>UploadFile:/var/mobile/Library/SMS/sms.db-shm
===>UploadFile:/var/mobile/Library/SMS/sms.db-wal
===>UploadFile:/var/wireless/Library/CallHistory/call_history.db
===>GetWeiXin:Now
===>UploadFile:/private/var/mobile/Media/DCIM/100APPLE/IMG_[…].JPG
2、获取GPS信息.获取方式是采用CoreTelephony的getCellInfo函数达成的.
3、获取微信/QQ消息.通过TargetUploadFile命名找到DB/MM.sqlite文件并上传到服务器上
4、获取密钥.具体密钥类型为:SecClassGenericPassword
SecClassInternetPassword
SecClassIdentity
SecClassCertificate
SecClassKey
然后将密钥信息(密码、认证标志等)打包成一个xml文件并使用同样的方式上传。
5、暂未查明监测到的行为: 发送信息 拨打电话 执行命令 上传文件类型。当然,没有监测到并不代表不会执行相关指令,既然app已经强大到如此的程度,这些一般标配 行为肯定是存在的,只是等待相关指令待触发罢了。
ios 5 6 7 可以通过解析"/private/var/mobile/Library/Caches/com.app.mobile.installation.plist" 文件获取当前安装app的列表了.
ios8 请使用下面这个plist文件.
"/var/mobile/Library/MobileInstallation/LastLaunchServicesMap.plist"
6. 可以获取照片