支付寶逆向研究收款二維碼

今天沒事研究了一下支付寶，二話不說先創建一個tweak工程，砸殼的支付寶ipa包能夠從pp助手上下載，class-dump一下就能夠拿到支付寶mach-o文件的header，我想試試能不能自動生成收款二維碼，

分析

Flex分析到收款二維碼的控制器是PEMainCodeNoticeViewController 我記得一個月以前支付寶的收款二維碼的控制器仍是PEMainCodeViewController，一轉眼就變了，嘿嘿嘿。仔細分析了一下，如今必要的參數是PECollectSettingViewController生成的，也就是說，生成收款碼的函數的所須要的參數來源於PECollectSettingViewController中的PECollectCodeController生成，仔細分析了一下PECollectCodeController 發現他實際上是一個NSObject對象，😆看來支付寶命名不規範，小小吐槽一下

#if TARGET_OS_SIMULATOR
#error Do not support the simulator, please use the real iPhone Device.
#endif

#import <UIKit/UIKit.h>
#import <FLEX/FLEX.h>
#import <Foundation/Foundation.h>

@interface PECollectCodeController : NSObject

@property(retain, nonatomic) NSString *offlineQRCode; // @synthesize offlineQRCode=_offlineQRCode;
@property(retain, nonatomic) NSString *onlineQRCode; // @synthesize onlineQRCode=_onlineQRCode;
@property(retain, nonatomic) NSString *collectCodeId; // @synthesize collectCodeId=_collectCodeId;
@property(retain, nonatomic) NSString *collectMemo; // @synthesize collectMemo=_collectMemo;
@property(retain, nonatomic) NSString *collectAmount; // @synthesize collectAmount=_collectAmount;
@property(retain, nonatomic) UIImageView *qrcodeImgView; // @synthesize qrcodeImgView=_qrcodeImgView;
@end


@interface PECollectSettingViewController

@property(retain, nonatomic) UITextField *activeTextField;
@property(nonatomic) _Bool needAddMemo; // @synthesize needAddMemo=_needAddMemo;
@property(retain, nonatomic) NSString *sessionId;
- (void)confirmSetAmount;
@end


@interface PEMainCodeNoticeViewController


@end

%hook AllAppDelegate


- (void)applicationDidFinishLaunching:(id)arg1{
    
    %orig;
    UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"支付寶逆向" message:@"越獄系統級別注入支付寶😁😁😁😁🤣🤣😂😂😂😂😂😂😡😡🤠🤠" delegate:self cancelButtonTitle:@"肯定" otherButtonTitles:@"取消", nil];
    [alert show];
    
     [[FLEXManager sharedManager] showExplorer];
    
}

%end


%hook PEMainCodeNoticeViewController

- (void)collectCodeControllerDidFinishSetAmount:(id)arg1 isFromSetting:(_Bool)arg2{
    
        UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"支付寶逆向" message:[NSString stringWithFormat:@"%@-%@-%d-----在線%@-----離線%@",arg1,((PECollectCodeController *)arg1).collectAmount,arg2,((PECollectCodeController *)arg1).onlineQRCode,((PECollectCodeController *)arg1).offlineQRCode] delegate:self cancelButtonTitle:@"肯定" otherButtonTitles:@"取消", nil];
        [alert show];
    UIView *view = [[UIView alloc]initWithFrame:CGRectMake(70, 70, 100, 100)];
    view.backgroundColor = [UIColor redColor];
    UIImageView *imagev = [[UIImageView alloc]initWithFrame:CGRectMake(5, 5, 90, 90)];
    imagev.image = ((PECollectCodeController *)arg1).qrcodeImgView.image;
    [view addSubview:imagev];
    [[UIApplication sharedApplication].keyWindow addSubview:view];
    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(20 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
        [view removeFromSuperview];
    });
    
       %orig;
}


- (void)viewDidLoad{
    
     %orig;
    
    
}

- (void)collectCodeControllerDidStartSetAmount:(id)arg1{
    
         %orig;
    
}

%end

%hook PECollectSettingViewController

- (void)viewDidAppear:(_Bool)arg1{
         %orig;
    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.5 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
        self.activeTextField.text = @"2";
    });
    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
        [self confirmSetAmount];
    });

}

%end
複製代碼