The words written in the front
A couple of tools to use this time
- IDA
- The AloneMonkey MonkeyDev
- Charles
- KALI
What is a live box?
- Single live call platform, such as Douyu, Panda, kuaishou and so on
- All platforms in one App are called boxes
- Now there are many live streaming platforms on it (with color)
What is iOS reverse?
- For me, it’s studying what’s in someone else’s App
Why reverse the box?
- The cause of the matter is: help brother help, brother let crack, so research
First of all, the last picture (there are many live broadcast boxes on the market now, the picture is just one of them, the link sent by my brother)
-
Home page
-
Click on any one
Your membership account has expired, please renew it
It’s impossible to pay for something, not in this life. The only way to live is by going backwards…
Then use Chareles to capture packets and get the following results
- Apparently the author encrypted the data
- See Host api.appplat6688.com
- If you see the domain name, scan the port. Offering the Kali
nmap api.appplat6688.com
Copy the code
Half a cigarette went by
- The following results appear:
Starting Nmap 7.60 (https://nmap.org) at 2018-05-13 15:52 CST Nmap Scan ReportforApi.appplat6688.com (101.55.26.69) Host is up (latency). Other addressesforapi.appplat6688.com (not scanned): 220.95.210.101 101.55.26.70 182.16.53.100 216.118.239.124 52.128.230.228 180.178.48.220 103.90.137.107 216.118.239.132 220.95.210.78 182.16.55.76 180.178.51.212 119.42.148.148 Not shown: 983 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 443/tcp open https 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 901/tcp filtered samba-swat 1068/tcp filtered instl_bootc 3128/tcp filtered squid-http 3333/tcp filtered dec-notes 4444/tcp filtered krb524 5800/tcp filtered vnc-http 5900/tcp filtered vnc 6129/tcp filtered unknown 6667/tcp filtered irc 6789/tcp open ibm-db2-admin Nmapdone: 1 IP address (1 host up) scanned in 59.59 seconds
Copy the code
- What about these ports up here. Pretty much all of them. Frankly, I can’t handle it either. So leave it alone (some might ask: why sweep if you can’t fix it? Because there are people out there, and just because I can’t handle it doesn’t mean you can’t handle it right now. Sweep it for you!
Because our topic is reverse iOS client
-
As shown above. This client encrypts the data. General data encryption App indicates that developers have done their own App protection. So we’re gonna find out how he encrypted it
-
Put the piece IPA file (after 3 seconds of thought struggle. Finally decided not to put links, want to study our V letter: Yuzhouheikewll) throw IDA inside
After half a cigarette
- Global search
Your membership account has expired
- The final result
- Click the X button (X all the way until assembly code appears)
- After some column analysis, the following code is located
- hook
KYLMQxqXCDsiemxz:params:success:failure:
%hook GBoxNetManager
-(void)KYLMQxqXCDsiemxz:(id)arg1 params:(id) arg2 success:(id)arg3 failure:(id)arg4 {
%log;
NSLog(@"arg1%@", arg1);
NSLog(@"arg2%@", arg2);
NSLog(@"arg3%@", arg3);
NSLog(@"arg4%@", arg4);
%orig;
}
%end
Copy the code
- The following results are obtained
- Take a look at the back assembly of this function and the pseudo-code from F5 (a common IDA function)
- Judging from my simple English level
GBoxNetCrypto
This class is the encryption class - So let’s just look at this class and Hook it
- Hook code
%hook GBoxNetCrypto
- (id) desEncrypt:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"desEncrypt arg1 = %@ arg2 = %@", arg1, arg2 );
NSLog(@"desEncrypt===orig %@", %orig);
return %orig;
}
- (id) desDecrypt:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"desDecrypt arg1 = %@ arg2 = %@", arg1, arg2 );
NSLog(@"desDecrypt===orig %@", %orig);
return %orig;
}
- (id) QVGRSpobWNqWYHVm:(id)arg1 key:(id)arg2 {
// %log;
NSLog(@"QVGRSpobWNqWYHVm: key arg1 = %@ arg2 = %@", arg1, arg2 );
return %orig;
}
- (id) QVGRSpobWNqWYHVm:(id)arg1 {
// %log;
NSLog(@"QVGRSpobWNqWYHVm arg1 = %@", arg1 );
return %orig;
}
- (id) dCkFSxbcvATgvDOF:(id)arg1 {
// %log;
NSLog(@"dCkFSxbcvATgvDOF arg1 = %@", arg1 );
return %orig;
}
- (id) PxXAtABexHNGjGWc:(id)arg1 {
// %log;
NSLog(@"PxXAtABexHNGjGWc arg1 = %@", arg1 );
return %orig;
}
%end
Copy the code
- Here I don’t care about the encryption logic inside it, just get the encrypted output and input (that’s what we want)
- So we go to the interface we want to find the content we want
See what the printed server returns
{
"code": 200."list": [{
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/310598/1525874444233.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "MZZ YanBao"."roomId": "213909"."roomPay": 0."url": ""."userId": 310598."watchNum": 2774
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/300719/1526197877705.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Wine Goddess"."roomId": "213901"."roomPay": 0."url": ""."userId": 300719."watchNum": 2640
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/343317/201805030457277987.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "U Bunny"."roomId": "213934"."roomPay": 0."url": ""."userId": 343317."watchNum": 2433
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/258508/201805091218287030.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Mzz ugly sorry motherland."."roomId": "213709"."roomPay": 0."url": ""."userId": 258508."watchNum": 8792
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/222192/1525758635927.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Er Show Girl"."roomId": "213861"."roomPay": 0."url": ""."userId": 222192."watchNum": 3623
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/273879/201805130501314734.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Sister Niuniu Da"."roomId": "213955"."roomPay": 0."url": ""."userId": 273879."watchNum": 387
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/288102/1526199691114.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Calvin Klein slut."."roomId": "213923"."roomPay": 0."url": ""."userId": 288102."watchNum": 1407
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/217817/1523589369535.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "MZZ Pepper"."roomId": "213964"."roomPay": 0."url": ""."userId": 217817."watchNum": 359
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/330326/1525259084018.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "FV Russian Student"."roomId": "213875"."roomPay": 0."url": ""."userId": 330326."watchNum": 4004
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/283380/1526202846359.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG New Lisboa Official certification cylinder"."roomId": "213969"."roomPay": 0."url": ""."userId": 283380."watchNum": 315
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/351343/1526190381915.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG Magic Wizard."."roomId": "213787"."roomPay": 0."url": ""."userId": 351343."watchNum": 437
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/225589/201804151030587590.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Swallow"."roomId": "213929"."roomPay": 0."url": ""."userId": 225589."watchNum": 912
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/383599/1526185673046.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Q Outdoor Sports 2"."roomId": "213897"."roomPay": 0."url": ""."userId": 383599."watchNum": 2
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/341027/1526190449533.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "MZZ, my name is Ran er."."roomId": "213790"."roomPay": 0."url": ""."userId": 341027."watchNum": 3139
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/218746/1523616631878.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Susu"."roomId": "213624"."roomPay": 0."url": ""."userId": 218746."watchNum": 4265
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/381140/1526200185989.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG Gambling Emperor International Entertainment Club"."roomId": "213936"."roomPay": 0."url": ""."userId": 381140."watchNum": 53
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/235006/1526194826473.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": GG Entertainment Online."roomId": "213865"."roomPay": 0."url": ""."userId": 235006."watchNum": 70
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/335223/1525414300646.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "SR- Sweet And Sweet."."roomId": "213949"."roomPay": 0."url": ""."userId": 335223."watchNum": 143
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365481/1526195868109.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG Entertainment all over the world."."roomId": "213881"."roomPay": 0."url": ""."userId": 365481."watchNum": 408
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/283355/1526007090245.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Q best friend Husband."."roomId": "213721"."roomPay": 0."url": ""."userId": 283355."watchNum": 949
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/238973/1526150049307.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Wet sister"."roomId": "213956"."roomPay": 0."url": ""."userId": 238973."watchNum": 487
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/217200/1526201580870.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "The bully girl."."roomId": "213948"."roomPay": 0."url": ""."userId": 217200."watchNum": 714
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/313511/1524838889797.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "The sr succubus"."roomId": "213595"."roomPay": 0."url": ""."userId": 313511."watchNum": 2845
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/384935/1526185367686.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG Celebrity Entertainment Club"."roomId": "213726"."roomPay": 0."url": ""."userId": 384935."watchNum": 5325
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/329991/201805011847014858.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "MI Qian"."roomId": "213889"."roomPay": 0."url": ""."userId": 329991."watchNum": 1315
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/312549/201805010204564037.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "JL rain"."roomId": "213907"."roomPay": 0."url": ""."userId": 312549."watchNum": 1899
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/262886/1525618035798.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Dz's Life of evil."."roomId": "213821"."roomPay": 0."url": ""."userId": 262886."watchNum": 2608
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/223279/1526201868037.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "The Supreme Wet Girl."."roomId": "213951"."roomPay": 0."url": ""."userId": 223279."watchNum": 1055
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/264781/1526201888712.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Little miss"."roomId": "213953"."roomPay": 0."url": ""."userId": 264781."watchNum": 954
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/360406/201805071210131372.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Bully Baby."."roomId": "213940"."roomPay": 0."url": ""."userId": 360406."watchNum": 681
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/354808/1525544975204.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Q demon ji"."roomId": "213789"."roomPay": 0."url": ""."userId": 354808."watchNum": 1143
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/377175/1526170882681.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "SG Full Moon 2"."roomId": "213567"."roomPay": 0."url": ""."userId": 377175."watchNum": 2508
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/272572/1525795865574.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "All over the country, begging for a date, begging for love."."roomId": "213950"."roomPay": 0."url": ""."userId": 272572."watchNum": 45
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/224784/1525323978804.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "MZZ Sweet Cocoa"."roomId": "213900"."roomPay": 0."url": ""."userId": 224784."watchNum": 1824
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/328016/201805130829280235.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Bully coconut shell."."roomId": "213570"."roomPay": 0."url": ""."userId": 328016."watchNum": 1067
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/283909/1524472684340.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "283909 diu diu"."roomId": "213702"."roomPay": 0."url": ""."userId": 283909."watchNum": 5689
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/383651/1526101482856.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG integrity walk the world B"."roomId": "213944"."roomPay": 0."url": ""."userId": 383651."watchNum": 24
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/374105/1525901432016.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Couple asks for gifts."."roomId": "213961"."roomPay": 0."url": ""."userId": 374105."watchNum": 456
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/378153/1526181757820.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Tyrannical and promiscuous."."roomId": "213674"."roomPay": 0."url": ""."userId": 378153."watchNum": 742
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/387256/201805130509055450.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Xv Leprechaun"."roomId": "213965"."roomPay": 0."url": ""."userId": 387256."watchNum": 34
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/224084/1526197795009.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "NL Little Sister."."roomId": "213899"."roomPay": 0."url": ""."userId": 224084."watchNum": 3
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/338856/1525672991470.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Domineering little Rain."."roomId": "213921"."roomPay": 0."url": ""."userId": 338856."watchNum": 3
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201804/263866/1525086433855.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Drunk And pretty."."roomId": "213960"."roomPay": 0."url": ""."userId": 263866."watchNum": 303
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/298724/201805130427082900.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "GG angry Mosquito."."roomId": "213933"."roomPay": 0."url": ""."userId": 298724."watchNum": 914
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/316941/201805131623228255.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "Niuniu and Aiiy."."roomId": "213928"."roomPay": 0."url": ""."userId": 316941."watchNum": 1566
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/379899/1526202488299.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "ZJ dreams without a trace."."roomId": "213963"."roomPay": 0."url": ""."userId": 379899."watchNum": 251
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/277556/1526197660901.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Oh well"."roomId": "213959"."roomPay": 0."url": ""."userId": 277556."watchNum": 2
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365205/1525763881629.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Oh, my god."."roomId": "213958"."roomPay": 0."url": ""."userId": 365205."watchNum": 394
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/379459/1526135486226.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "Lots of LY."."roomId": "213970"."roomPay": 0."url": ""."userId": 379459."watchNum": 63
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/356966/1525596024623.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GG Fair push cheese"."roomId": "213914"."roomPay": 0."url": ""."userId": 356966."watchNum": 17
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/370521/201805130344003097.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "GG hello tomorrow."."roomId": "213893"."roomPay": 0."url": ""."userId": 370521."watchNum": 65
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/327725/201805130242323786.png?x-oss-process=image/res ize,m_mfit,h_200,w_200"."nickName": "GG baby face big wave"."roomId": "213851"."roomPay": 0."url": ""."userId": 327725."watchNum": 945
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/245238/1526201838262.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": GG in accordance with the ""."roomId": "213952"."roomPay": 0."url": ""."userId": 245238."watchNum": 5
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/384925/1526189955136.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": GG Brilliant Entertainment."roomId": "213782"."roomPay": 0."url": ""."userId": 384925."watchNum": 297
}, {
"avatar": "http://lopk.oss-cn-shanghai.aliyuncs.com/public/attachment/201805/365824/1526173626609.png?x-oss-process=image/resize,m _mfit,h_200,w_200"."nickName": "GGYYA honest world"."roomId": "213592"."roomPay": 0."url": ""."userId": 365824."watchNum": 8458}]."accountConfig": "{\"sdkAppId\":\"1400081396\",\"accountType\":\"24916\",\"IMType\":\"1\",\"webSdkAppId\":\"1106161652\"}"
}
Copy the code