Reverse World Cup live App CCTV video -iOS client

Listed above are the tools to use in this reverse

MonkeyDev or IPAPatch
HookZz

Origin of things

Recently my circle of friends is full of World Cup! Almost every fake football fan is watching the World Cup live! There are warm-hearted friends issued the World Cup live App(CCTV video and audio iOS) link! I clicked on it, but you had to watch the 60-second commercial before you could watch it live. As iOS reverse enthusiasts, decided to do something for the majority of fans ---- that is to remove advertising
Evidence chart with 60 ads

Now let’s talk about the reverse process and the idea

Train of thought

Because only to CCTV video App advertising! So the idea is simple (leave the object associated with the AD empty)

The reverse process

First step dynamic analysis

Print the function call using HookZZ’s objc_msgSend module
Focus only on classes that begin with Ad
Here’s the code

void objc_msgSend_pre_call(RegState *rs, ThreadStackPublic *ts, CallStackPublic *cs, const HookEntryInfo *info) {
    char *selector = (char *)rs->ZREG(1);
    id tmpObject = (id)rs->ZREG(0);
    Class tmpClass  = object_getClass(tmpObject);
   
    if(! tmpClass)return;
    const char *className               = class_getName(tmpClass);
    
    if(! strstr(className,"Ad") && !strstr(className, "Home")) {
        return;
    }
    
    memset(decollators, The '-', 512);
    if (ts->size * 3 >= 512)
        return;
    decollators[ts->size * 3] = '\ 0';
    
    printf("[OCMethodMonitor|%ld] %s [%s %s]\n", ts->thread_id, decollators, className, selector);
}
Copy the code

Briefly show what the objc_msgSend module of HookZz prints
- CNAdPlayerView

[OCMethodMonitor|7341845312] --- [CNAdPlayerView beatHandleForTime:] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView  adTime] [OCMethodMonitor|7341845312] ------ [CNAdPlayerViewsetSurplusSec:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlayerUIKit] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView queuePlayer] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView indexForPlayerItem:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView playItems] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView  playItems] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView playerEventType:value:] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView delegate] [OCMethodMonitor|7341845312] ------ [CNAdPlayerView playDelayTime] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adPlaying] [OCMethodMonitor|7341845312] --------- [CNAdPlayerView adTimeout]Copy the code

- AdsameBannerView


[OCMethodMonitor|7341845312] ------------ [AdsameBannerView alloc]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView initWithFrame:]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setClipsToBounds:]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setSlotStr:]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK def_volume]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK sharedSDK]
[OCMethodMonitor|7341845312] --------------- [AdsameCubeMaxSDK m_isMute]
[OCMethodMonitor|7341845312] --------------- [AdsameBannerView setIsOrderedBannerPaused:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUsingCache:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setCId:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setSlotStr:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsUserExposure:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setParentSDK:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setDelegateBanner:]
[OCMethodMonitor|7341845312] ------------ [AdsameBannerView setIsRetina:]

Copy the code

There are other classes with Ad that I don’t want to list

Step 2: Write hook code

Return nil for the class initialization code associated with Ad

// See http://iphonedevwiki.net/index.php/Logos

#import <UIKit/UIKit.h>

//AdsameBannerView

%hook AdsameBannerView
- (AdsameBannerView*)initWithFrame:(id)arg1{
	return nil;
}
%end

%hook CNAdPlayerView

-(CNAdPlayerView*)initWithFrame:(id)arg1{
	return nil;
}
%end

%hook CNADPlayerUIKit
-(CNADPlayerUIKit *)initWithFrame:(id)arg1{
	return nil;
}
%end

%hook AdMasterMobileTracking
+(id)sharedInstance{
	return nil;
}
-(AdMasterMobileTracking*)init
{
	%log;
	return nil;
}
%end


Copy the code

Step 3 pack and re-sign

MonkeyDev or IPAPatch use the first one, and the second one is fine

Finally, attach the IPA link without the advertisement ()

yuzhouheike.0a6j.cn/YSYY.ipa

Git source https://github.com/yuzhouheike/HookZz-Learn

The last

Thank you for reading my article in your busy schedule

Finally send you a Alipay red envelope

Open the home page of Alipay and search “8074157” to get a red envelope

Reverse World Cup live App CCTV video -iOS client

Origin of things

Now let’s talk about the reverse process and the idea

Train of thought

The reverse process

First step dynamic analysis

Step 2: Write hook code

Step 3 pack and re-sign

Finally, attach the IPA link without the advertisement ()

The last

Finally send you a Alipay red envelope

Related Posts

MAC copy and paste does not work

IOS resolves crashes and reads crash logs (iOS Carsh logs, as well as multithreaded Carsh)

TabBar click and slide to switch animations between logo and rocket 🚀