你好,游客 登录 注册 搜索
背景:
阅读新闻

iOS微信逆向实现非群主@所有人

[日期:2017-07-15] 来源:本站整理    作者:zhaozy.com [字体: ]

微信中只有群主才有@所有人的权限,下面用iOS逆向实现一下非群主@所有人的功能。

 
1、Makefile文件代码如下:
 
THEOS_DEVICE_IP = 192.123.10.123
TARGET = iphone:latest:8.0
ARCHS = armv7 arm64
 
include theos/makefiles/common.mk
 
TWEAK_NAME = weichatselectall
weichatselectall_FILES = Tweak.xm
weichatselectall_FRAMEWORKS = UIKit CoreFoundation Foundation CoreGraphics QuartzCore Security
 
 
include $(THEOS_MAKE_PATH)/tweak.mk
 
after-install::
    install.exec "killall -9 WeChat"
 
2、Tweak.xm 代码如下:
 
#import <UIKit/UIKit.h>
#import "WeChatRedEnvelop.h"
#import <Foundation/Foundation.h>
 
%hook NewMainFrameViewController
 
- (void)viewDidLoad
{
    %orig;
 
    UIButton *transparentButton = [UIButton buttonWithType:UIButtonTypeCustom];
    transparentButton.frame = CGRectMake(0, 64, 44, 44);
    transparentButton.layer.cornerRadius = 8;
    transparentButton.clipsToBounds = YES;
    transparentButton.backgroundColor = [UIColor blueColor];
    [transparentButton addTarget:self action:@selector(clickImage) forControlEvents:UIControlEventTouchUpInside];
    [((UIViewController *)self).view addSubview:transparentButton];
}
 
%new
- (void)clickImage
{
    UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"请输入文本" message:@"" delegate:self cancelButtonTitle:@"取消" otherButtonTitles:@"确定",nil];
    [alert setAlertViewStyle:UIAlertViewStylePlainTextInput];
    [alert show];
}
 
%new
- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex
{
    if(buttonIndex == 1) {
        UITextField *field = [alertView textFieldAtIndex:0];
        NSLog(@"txt ==== %@",field.text);
 
        NSString *path = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES).lastObject;
        NSString *plistPath =  [path stringByAppendingPathComponent:@"data.plist"];
 
        NSMutableArray *roomArray = [NSMutableArray arrayWithContentsOfFile:plistPath];
        NSLog(@"roomArray ===== %@",roomArray);
 
 
        CMessageMgr *messager = [[objc_getClass("MMServiceCenter") defaultCenter] getService:[objc_getClass("CMessageMgr") class]];
        CMessageWrap *wrap = [[%c(CMessageWrap) alloc] initWithMsgType:1];
 
        for(NSString *roomID in roomArray) {
            NSLog(@"顺序测试-----%@",roomID);
            NSTimeInterval time = [[NSDate date] timeIntervalSince1970];
            long long int date = (long long int)time;
 
            NSString *name =[%c(SettingUtil) getLocalUsrName:0];
            wrap.m_nsFromUsr = name;
            wrap.m_nsContent = [NSString stringWithFormat:@"#所有人 %@",field.text];
            wrap.m_nsToUsr = roomID;
            wrap.m_uiCreateTime = date;
            wrap.m_uiStatus = 1;
            wrap.m_nsMsgSource = nil;
            [messager AddMsg:roomID MsgWrap:wrap];
        }
    }
}
 
%end
 
%hook CMessageMgr
 
- (void)AsyncOnAddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap{
 
    NSLog(@"接收到消息%@",wrap);
    NSString *fromUser = wrap.m_nsFromUsr ;
 
    if ([fromUser  hasSuffix:@"@chatroom"]) {
 
        NSLog(@"chatroom found");
 
        NSString *path = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES).lastObject;
        NSString *plistPath =  [path stringByAppendingPathComponent:@"data.plist"];
        NSMutableArray *arrayM = [NSMutableArray array];
        NSArray *storArray = [NSArray arrayWithContentsOfFile:plistPath];
        [arrayM addObjectsFromArray:storArray];
 
        if (![arrayM containsObject:fromUser]){
            [arrayM addObject:fromUser];
            NSLog(@"存储数据");
            NSLog(@"arrayM ==== %@",arrayM);
            [arrayM writeToFile:plistPath atomically:YES];
        }
    }
    %orig;
}
 
- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap
{
 
    NSLog(@"time ===%ld",(unsigned long)wrap.m_uiCreateTime);
 
    int type = wrap.m_uiMessageType;
    NSString *knFromUser = wrap.m_nsFromUsr;
    NSString *knToUsr = wrap.m_nsToUsr;
    NSString *knContent = wrap.m_nsContent;
    NSString *knSource = wrap.m_nsMsgSource;
    NSString *message = [NSString stringWithFormat:@"type=%d--knFromUser=%@--knToUsr=%@--knContent=%@--knSource=%@",type,knFromUser,knToUsr,knContent,knSource];
 
    CContactMgr *contactManager = [[objc_getClass("MMServiceCenter") defaultCenter] getService:[objc_getClass("CContactMgr") class]];
    CContact *selfContact = [contactManager getSelfContact];
 
    NSLog(@"message ======= %@",message);
 
    if (type == 1) {
        if ([knFromUser isEqualToString:selfContact.m_nsUsrName]) {
            if ([knToUsr hasSuffix:@"@chatroom"]) {
                NSLog(@"selfContact ==== %@",selfContact);
                    if( knSource == nil){
                        NSString *aaa = [selfContact.m_nsUsrName stringByAddingPercentEscapesUsingEncoding:NSUTF8StringEncoding];
                        NSLog(@"length=%lu,%@",(unsigned long)aaa.length,aaa);
                        NSArray *result = (NSArray *)[objc_getClass("CContact") getChatRoomMemberWithoutMyself:knToUsr];
 
                            if ([knContent hasPrefix:@"#所有人"]){ // 前缀要求
                                NSString *subStr = [knContent substringFromIndex:4];
                                NSMutableString *string = [NSMutableString string];
                                [result enumerateObjectsUsingBlock:^(CContact *obj, NSUInteger idx, BOOL * _Nonnull stop) {
                                    [string appendFormat:@",%@",obj.m_nsUsrName];
                                }];
 
                                NSString *sourceString = [string substringFromIndex:1];
                                wrap.m_uiStatus = 3;
                                wrap.m_nsContent = subStr;
                                wrap.m_nsMsgSource = [NSString stringWithFormat:@"<msgsource><atuserlist>%@</atuserlist></msgsource>",sourceString];
 
                                int type2 = wrap.m_uiMessageType;
                                NSString *knFromUser2 = wrap.m_nsFromUsr;
                                NSString *knToUsr2 = wrap.m_nsToUsr;
                                NSString *knContent2 = wrap.m_nsContent;
                                NSString *knSource2 = wrap.m_nsMsgSource;
                                NSString *message2 = [NSString stringWithFormat:@"type=%d--knFromUser=%@--knToUsr=%@--knContent=%@--knSource=%@",type2,knFromUser2,knToUsr2,knContent2,knSource2];
 
                                NSLog(@"message2 ======= %@",message2);
                            }
                    }
            }
        }
    }
 
    NSLog(@"wrap ===== %@,=====%@",wrap.m_nsContent,wrap);
    %orig;
    // NSString *userName = wrap.m_nsUsrName;
 
}
 
%end
 
 
3、WeChatRedEnvelop.h 代码如下:
 
#pragma mark - Util
 
@interface WCBizUtil : NSObject
 
+ (id)dictionaryWithDecodedComponets:(id)arg1 separator:(id)arg2;
 
@end
 
@interface SKBuiltinBuffer_t : NSObject
 
@property(retain, nonatomic) NSData *buffer; // @dynamic buffer;
 
@end
 
#pragma mark - Message
 
@interface WCPayInfoItem: NSObject
 
@property(retain, nonatomic) NSString *m_c2cNativeUrl;
 
@end
 
@interface CMessageWrap : NSObject
 
@property (retain, nonatomic) WCPayInfoItem *m_oWCPayInfoItem;
@property (assign, nonatomic) NSUInteger m_uiMesLocalID;
@property (retain, nonatomic) NSString* m_nsFromUsr;            ///< 发信人,可能是群或个人
@property (retain, nonatomic) NSString* m_nsToUsr;              ///< 收信人
@property (assign, nonatomic) NSUInteger m_uiStatus;
@property (retain, nonatomic) NSString* m_nsContent;            ///< 消息内容
@property (retain, nonatomic) NSString* m_nsRealChatUsr;        ///< 群消息的发信人,具体是群里的哪个人
@property (assign, nonatomic) NSUInteger m_uiMessageType;
@property (assign, nonatomic) long long m_n64MesSvrID;
@property (assign, nonatomic) NSUInteger m_uiCreateTime;
@property (retain, nonatomic) NSString *m_nsDesc;
@property (retain, nonatomic) NSString *m_nsAppExtInfo;
@property (assign, nonatomic) NSUInteger m_uiAppDataSize;
@property (assign, nonatomic) NSUInteger m_uiAppMsgInnerType;
@property (retain, nonatomic) NSString *m_nsShareOpenUrl;
@property (retain, nonatomic) NSString *m_nsShareOriginUrl;
@property (retain, nonatomic) NSString *m_nsJsAppId;
@property (retain, nonatomic) NSString *m_nsPrePublishId;
@property (retain, nonatomic) NSString *m_nsAppID;
@property (retain, nonatomic) NSString *m_nsAppName;
@property (retain, nonatomic) NSString *m_nsThumbUrl;
@property (retain, nonatomic) NSString *m_nsAppMediaUrl;
@property (retain, nonatomic) NSData *m_dtThumbnail;
@property (retain, nonatomic) NSString *m_nsTitle;
@property (retain, nonatomic) NSString *m_nsMsgSource;
 
- (id)initWithMsgType:(long long)arg1;
+ (_Bool)isSenderFromMsgWrap:(id)arg1;
 
//- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
//- (void)AsyncOnAddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
 
@end
 
@interface CMessageMgr : NSObject
 
- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
 
- (void)AddLocalMsg:(id)arg1 MsgWrap:(id)arg2 fixTime:(_Bool)arg3 NewMsgArriveNotify:(_Bool)arg4;
 
    @end
 
@interface MMServiceCenter : NSObject
 
+ (instancetype)defaultCenter;
- (id)getService:(Class)service;
 
@end
 
@interface MMLanguageMgr: NSObject
 
- (id)getStringForCurLanguage:(id)arg1 defaultTo:(id)arg2;
 
 
@end
 
#pragma mark - RedEnvelop
 
@interface WCRedEnvelopesControlData : NSObject
 
@property(retain, nonatomic) CMessageWrap *m_oSelectedMessageWrap;
 
@end
 
@interface WCRedEnvelopesLogicMgr: NSObject
 
- (void)OpenRedEnvelopesRequest:(id)params;
- (void)ReceiverQueryRedEnvelopesRequest:(id)arg1;
- (void)GetHongbaoBusinessRequest:(id)arg1 CMDID:(unsigned int)arg2 OutputType:(unsigned int)arg3;
 
/** Added Methods */
- (unsigned int)calculateDelaySeconds;
 
@end
 
@interface HongBaoRes : NSObject
 
@property(retain, nonatomic) SKBuiltinBuffer_t *retText; // @dynamic retText;
@property(nonatomic) int cgiCmdid; // @dynamic cgiCmdid;
 
@end
 
@interface HongBaoReq : NSObject
 
@property(retain, nonatomic) SKBuiltinBuffer_t *reqText; // @dynamic reqText;
 
@end
 
#pragma mark - Contact
 
@interface CContact: NSObject <NSCoding>
 
@property(retain, nonatomic) NSString *m_nsUsrName;
@property(retain, nonatomic) NSString *m_nsHeadImgUrl;
@property(retain, nonatomic) NSString *m_nsNickName;
 
- (id)getContactDisplayName;
 
+ (id)getChatRoomMemberWithoutMyself:(id)arg1;
 
@end
 
@interface CContactMgr : NSObject
 
- (id)getSelfContact;
- (id)getContactByName:(id)arg1;
- (id)getContactForSearchByName:(id)arg1;
- (_Bool)getContactsFromServer:(id)arg1;
- (_Bool)isInContactList:(id)arg1;
- (_Bool)addLocalContact:(id)arg1 listType:(unsigned int)arg2;
 
@end
 
 
#pragma mark - QRCode
 
@interface ScanQRCodeLogicController: NSObject
 
@property(nonatomic) unsigned int fromScene;
- (id)initWithViewController:(id)arg1 CodeType:(int)arg2;
- (void)tryScanOnePicture:(id)arg1;
- (void)doScanQRCode:(id)arg1;
- (void)showScanResult;
 
@end
 
@interface NewQRCodeScanner: NSObject
 
- (id)initWithDelegate:(id)arg1 CodeType:(int)arg2;
- (void)notifyResult:(id)arg1 type:(id)arg2 version:(int)arg3;
 
@end
 
#pragma mark - MMTableView
 
@interface MMTableViewInfo
 
- (id)getTableView;
- (void)clearAllSection;
- (void)addSection:(id)arg1;
- (void)insertSection:(id)arg1 At:(unsigned int)arg2;
 
@end
 
@interface MMTableViewSectionInfo
 
+ (id)sectionInfoDefaut;
+ (id)sectionInfoHeader:(id)arg1;
+ (id)sectionInfoHeader:(id)arg1 Footer:(id)arg2;
- (void)addCell:(id)arg1;
 
@end
 
@interface MMTableViewCellInfo
 
+ (id)normalCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 accessoryType:(long long)arg4;
+ (id)switchCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 on:(_Bool)arg4;
+ (id)normalCellForSel:(SEL)arg1 target:(id)arg2 title:(id)arg3 rightValue:(id)arg4 accessoryType:(long long)arg5;
+ (id)normalCellForTitle:(id)arg1 rightValue:(id)arg2;
+ (id)urlCellForTitle:(id)arg1 url:(id)arg2;
 
@end
 
@interface MMTableView: UITableView
 
@end
 
#pragma mark - UI
@interface MMUICommonUtil : NSObject
 
+ (id)getBarButtonWithTitle:(id)arg1 target:(id)arg2 action:(SEL)arg3 style:(int)arg4;
 
@end
 
@interface MMLoadingView : UIView
 
@property(retain, nonatomic) UILabel *m_label; // @synthesize m_label;
@property (assign, nonatomic) BOOL m_bIgnoringInteractionEventsWhenLoading; // @synthesize m_bIgnoringInteractionEventsWhenLoading;
 
- (void)setFitFrame:(long long)arg1;
- (void)startLoading;
- (void)stopLoading;
- (void)stopLoadingAndShowError:(id)arg1;
- (void)stopLoadingAndShowOK:(id)arg1;
 
 
@end
 
@interface MMWebViewController: NSObject
 
- (id)initWithURL:(id)arg1 presentModal:(_Bool)arg2 extraInfo:(id)arg3;
 
@end
 
 
@protocol ContactSelectViewDelegate <NSObject>
 
- (void)onSelectContact:(CContact *)arg1;
 
@end
 
@interface ContactSelectView : UIView
 
@property(nonatomic) unsigned int m_uiGroupScene; // @synthesize m_uiGroupScene;
@property(nonatomic) _Bool m_bMultiSelect; // @synthesize m_bMultiSelect;
@property(retain, nonatomic) NSMutableDictionary *m_dicMultiSelect; // @synthesize m_dicMultiSelect;
 
- (id)initWithFrame:(struct CGRect)arg1 delegate:(id)arg2;
- (void)initData:(unsigned int)arg1;
- (void)initView;
- (void)addSelect:(id)arg1;
 
@end
 
@interface ContactsDataLogic : NSObject
 
@property(nonatomic) unsigned int m_uiScene; // @synthesize m_uiScene;
 
@end
 
@interface MMUINavigationController : UINavigationController
 
@end
 
#pragma mark - UtilCategory
 
@interface NSMutableDictionary (SafeInsert)
 
- (void)safeSetObject:(id)arg1 forKey:(id)arg2;
 
@end
 
@interface NSDictionary (NSDictionary_SafeJSON)
 
- (id)arrayForKey:(id)arg1;
- (id)dictionaryForKey:(id)arg1;
- (double)doubleForKey:(id)arg1;
- (float)floatForKey:(id)arg1;
- (long long)int64ForKey:(id)arg1;
- (long long)integerForKey:(id)arg1;
- (id)stringForKey:(id)arg1;
 
@end
 
@interface NSString (NSString_SBJSON)
 
- (id)JSONArray;
- (id)JSONDictionary;
- (id)JSONValue;
 
@end
 
#pragma mark - UICategory
 
@interface UINavigationController (LogicController)
 
- (void)PushViewController:(id)arg1 animated:(_Bool)arg2;
 
@end
 
@interface MMUIViewController : UIViewController
 
- (void)startLoadingBlocked;
- (void)startLoadingNonBlock;
- (void)startLoadingWithText:(NSString *)text;
- (void)stopLoading;
- (void)stopLoadingWithFailText:(NSString *)text;
- (void)stopLoadingWithOKText:(NSString *)text;
 
@end
 
@interface NewSettingViewController: MMUIViewController
 
- (void)reloadTableData;
 
@end
 
@interface ContactInfoViewController : MMUIViewController
 
@property(retain, nonatomic) CContact *m_contact; // @synthesize m_contact;
 
@end
 
@protocol MultiSelectContactsViewControllerDelegate <NSObject>
- (void)onMultiSelectContactReturn:(NSArray *)arg1;
 
@optional
- (int)getFTSCommonScene;
- (void)onMultiSelectContactCancelForSns;
- (void)onMultiSelectContactReturnForSns:(NSArray *)arg1;
@end
 
@interface MultiSelectContactsViewController : UIViewController
 
@property(nonatomic) _Bool m_bKeepCurViewAfterSelect; // @synthesize m_bKeepCurViewAfterSelect=_m_bKeepCurViewAfterSelect;
@property(nonatomic) unsigned int m_uiGroupScene; // @synthesize m_uiGroupScene;
 
@property(nonatomic, weak) id <MultiSelectContactsViewControllerDelegate> m_delegate; // @synthesize m_delegate;
 
@end
 
@interface SettingUtil : NSObject
 
+ (NSString *)getLocalUsrName:(NSInteger)arg1;
 
@end
 
//@interface NewMainFrameViewController : UIViewController
// 
//- (void)AddMsg:(id)arg1 MsgWrap:(CMessageWrap *)wrap;
// 
//@end
 
 
demo地址:https://pan.baidu.com/s/1dEWKLqx
收藏 推荐 打印 | 录入:admin | 阅读:
相关新闻      
本文评论   查看全部评论 (0)
表情: 表情 姓名: 字数
点评:
       
评论声明
  • 尊重网上道德,遵守中华人民共和国的各项有关法律法规
  • 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
  • 本站管理人员有权保留或删除其管辖留言中的任意内容
  • 本站有权在网站内转载或引用您的评论
  • 参与本评论即表明您已经阅读并接受上述条款
AD
AD
热门评论