OPlayer Lite 最新去广告

OPlayer Lite 最新去广告

问问题： http://bbs.iosre.com/forum.php?mod=viewthread&tid=707&page=1&extra=#pid3881

lldb 命令 ： http://objccn.io/issue-19-2/

列举目录：~~~~~~~~~~~~~
cy#

[[NSFileManager defaultManager] URLsForDirectory:NSDocumentDirectory inDomains:NSUserDomainMask][0]

#"file:///var/mobile/Containers/Data/Application/235BFE91-3A0F-4728-9AEB-CCB321D30E92/Documents/"


Panda-iphone:/var/mobile/Containers/Data/Application/235BFE91-3A0F-4728-9AEB-CCB321D30E92/Documents root#
脱壳~~~~~~~~~~~~~~~~~~~~~~~~~~
DYLD_INSERT_LIBRARIES=dumpdecrypted7.dylib /var/mobile/Containers/Bundle/Application/EA468FAA-CC33-4BF7-B6B1-4F933CA4D7A2/OPlayer\ Lite.app/OPlayer\ Lite

\mach-o decryption dumper
DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.

[+] detected 32bit ARM binary in memory.
[+] offset to cryptid found: @0x4abc(from 0x4000) = abc
[+] Found encrypted data at address 00004000 of length 23592960 bytes - type 1.
[+] Opening /private/var/mobile/Containers/Bundle/Application/EA468FAA-CC33-4BF7-B6B1-4F933CA4D7A2/OPlayer Lite.app/OPlayer Lite for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a plain MACH-O image
[+] Opening OPlayer Lite.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Setting the LC_ENCRYPTION_INFO→cryptid to 0 at offset abc
[+] Closing original file
[+] Closing dump file

class-dump -H -I xxx -o xxx.h

搜索广告类 ADBannerView
PlayViewController.h

#import "ADBannerViewDelegate.h"
#import "GADBannerViewDelegate.h"

@class ADBannerView, AVAssetReader, AVPlayer, AVPlayerDemoPlaybackView,
AVPlayerItem, FloatingView, GADBannerView, HTTPServer, InfoViewController,
MPVolumeView, NSDictionary, NSMutableArray, NSString, NSTimer, NSURL,
OSMusicMetaInfo, OSPlayerHelper, PlaySeekView, PlayerView, RoundedRectView,
SubtitleLabel, UIActivityIndicatorView, UIButton, UIImage, UIImageView, UILabel,
UINavigationController, UIView, WBEngine;

__attribute__((visibility("hidden")))
@interface PlayViewController : UIViewController <ADBannerViewDelegate,
GADBannerViewDelegate, UIAlertViewDelegate, WBEngineDelegate,
WBLogInAlertViewDelegate, WBSendViewDelegate, RNGridMenuDelegate>
{
    ADBannerView *iAdView;
    GADBannerView *gAdView;
    ····
}
    @property(retain, nonatomic) ADBannerView *iAdView; // @synthesize iAdView;

查看某个类的 属性在哪里~~~~~
cy# [[UIWindow keyWindow] recursiveDescription] 也可以直接 reveal 查看


检测 dylib 版本信息~~~~
1）➜ DynamicLibraries lipo -info OPlayer.dylib
Non-fat file: OPlayer.dylib is architecture: arm64


2）➜ DynamicLibraries file OPlayer.dylib
OPlayer.dylib: Mach-O 64-bit dynamically linked shared library

3）snakeninnys-MacBook:~ snakeninny$ otool -h /Users/snakeninny/Code/SMSNinja（bigboss）/SMSNinjaNow/layout/Library/MobileSubstrate/DynamicLibraries/libsmsninja.dylib 
/Users/snakeninny/Code/SMSNinja（bigboss）/SMSNinjaNow/layout/Library/MobileSubstrate/DynamicLibraries/libsmsninja.dylib (architecture armv7):
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedface      12          9  0x00          6    27       3336 0x00100085
/Users/snakeninny/Code/SMSNinja（bigboss）/SMSNinjaNow/layout/Library/MobileSubstrate/DynamicLibraries/libsmsninja.dylib (architecture arm64):
Mach header