通过NSURLProtocol确实没抓到。
打个断点可以看到在识别过程中一个c方法调用了-[NSBundle bundleIdentifier]来进行客户端唯一标识的比对。
看看这个代码
```
代码块
```
function ccccccc {
*(r31 + 0xffffffffffffffa0) = r28;
*(0xffffffffffffffb0 + r31) = r27;
*(r31 + 0xffffffffffffffb0) = r26;
*(r31 + 0xffffffffffffffc0) = r25;
*(r31 + 0xffffffffffffffc0) = r24;
*(r31 + 0xffffffffffffffd0) = r23;
*(r31 + 0xffffffffffffffd0) = r22;
*(r31 + 0xffffffffffffffe0) = r21;
*(r31 + 0xffffffffffffffe0) = r20;
*(r31 + 0xfffffffffffffff0) = r19;
*(r31 + 0xfffffffffffffff0) = r29;
*(r31+0x0) =r30;
r29 = r31 + 0xfffffffffffffff0;
r31 = r31 + 0xffffffffffffffa0 - 0x50;
r25=r7;
r24=r5;
r27=r4;
r20=r3;
r21=r2;
r23=r1;
r19=r0;
*(r31+0x30) =0x0;
*(0x40+r31) =0x0;
*(int32_t*)(r31+0x38) =0x0;
*(r31+0x48) =zero_extend_64(0x12c);
*(0x58+r31) =0x0;
asm{ movk w26, #0xc767 };
*(r31+0x40) =0x0;
bzero(r0,0x400);
r26=r26+0x17;
if(((((r19!=0x0) && (r23!=0x0)) && (r21!=0x0)) && (r20>=0xa)) && (r27>=0xa)) {
time(r31+0x28);
r0=localtime(r31+0x28);
if(*(int32_t*)(r0+0xc) + (*(0x20+r0) *0x180|0x20) + *(r0+0x10) *0x20>zero_extend_64(0xf01e)) {
r26=zero_extend_64(0xfffe);
asm{ movk w26, #0xc767 };
}
else{
asm{ bfi x6, x8, #0x20, #0x20 };
asm{ bfi x5, x22, #0x20, #0x20 };
r26 = SUB_frvervedwce(r31 + 0x30, r23, r21, r20, stack[2048], stack[2049], stack[2050]);
if(!CPU_FLAGS & NE) {
time(r31+0x28);
r0=localtime(r31+0x28);
COND= *(int32_t*)(r0+0xc) + (*(0x20+r0) *0x180|0x20) + *(r0+0x10) *0x20>zero_extend_64(0xf01e);
r26=zero_extend_64(0xfffe);
asm{ movk w26, #0xc767 };
if(!COND) {
r3= *(int32_t*)(r31+0x34) -0x1;
asm{ bfi x3, x8, #0x20, #0x20 };
*(int128_t*)(r31+0x10) = *(int128_t*)(r31+0x40);
*(int128_t*)r31= *(int128_t*)(r31+0x30);
r26=SUB_Cccrfwfrefrer(r19,r31,zero_extend_64(0x0),r3,stack[2048]);
}
}
}
}
r0= *(r31+0x40);
if(r0!=0x0) {
free(r0);
*(r31+0x40) =0x0;
*(int32_t*)(r31+0x38) =0x0;
*(r31+0x30) =0x0;
*(int32_t*)(r31+0x48) =0x0;
}
r0=r26;
return r0;
}
简书竟然没有插入代码的控件!
一遇到汇编就虾米了。
再抓包,也没有网络请求。而且扫描过程中改变bundleid的返回值会报错。
我承认这个sdk没联网了。
网友评论