阅读 1431

如何调试支付宝(iOS)

前言

最近在做的一件事情,从代码层面分析下各家小程序(微信、头条、支付宝、百度)的启动性能,探究各家小程序的实现细节和差异。具体步骤如下:

  • 1、越狱砸壳获取ipa
  • 2、搭建调试壳工程
  • 3、注入callTrace分析代码
  • 4、hook小程序开始调用入口以及渲染完成入口, 加上callTrace逻辑,统计主线程和js线程方法调用栈以及方法耗时
  • 5、增加callTrace 可视化界面入口

当前的进展如下

  • 1、微信、百度已完成,微信的分析工程已上传到github:CallTraceForWeChat
  • 2、由于本人在百度做小程序相关的工作,故百度的分析工程无法提供,但是原理都是一样的。
  • 3、支付宝当前,已完成1 2 3 5步骤,第4步只做了主线程。代码已上传到github:AliPayForDebug
  • 4、头条未开始。
  • 5、关于callTrace,可以查看CallTraceForWeChatreadme的介绍。

支付宝为什么只做了一半,原因呢是因为支付宝做了很多复杂的反调试防护,给我的分析工作增加了不少障碍。目前为止也没有很好的完成支付宝的反反调试工作。因此这里写一篇文章记录下反反调试支付宝的过程踩过的坑,分享给大家,希望能帮到遇到同样问题的小伙伴。

关于反调试&反反调试

反反调试支付宝详细过程

越狱&砸壳

越狱

  • 1、下载安装checkra1n

  • 2、checkra1n无法打开,提示“您应该将它移到废纸篓”, 终端执行以下命令

    codesign -f -s - --deep /Applications/checkra1n.app
    sudo xattr -r -d com.apple.quarantine 
    sudo xattr -r -d com.apple.quarantine /Applications/checkra1n.app
复制代码
  • 3、按提示操作越狱

砸壳

  • 1、我使用的是frida-ios-dump,详细使用步骤可以看作者的githubfrida-ios-dump, 遇到的问题如下
    • 更新fria一直卡住

      • 终端先设置代理再执行命令
       export https_proxy=你的代理如http://xxx.xxx.com:9999
       export http_proxy=你的代理
       sudo pip install -r requirements.txt --upgrade
复制代码
  • ssh连接手机失败

    • 确保在一个局域网
    • 重新安装openssl openssh,还不行再重新操作一次越狱

调试壳工程搭建

  • 我使用的是MonkeyDev,安装使用请移步原作者的github
  • 重要提醒1:在iOS13手机上报如下错时, 除了按照作者文档提到的步骤,还需要删除 AlipayWallet.app 包里的 com.apple.WatchPlaceholder 文件夹,再删除 DerivedData 重新run。

反反调试详细步骤

iOS12

MONKEYDEV_DEFAUTL_BUNDLEID=YES

  • 1、开始run时,app直接闪退,控制台log如下
2020-03-28 19:06:15.395011+0800 AlipayWallet[12252:1974005] [AntiAntiDebug] - dlsym get ptrace symbol
2020-03-28 19:06:15.395125+0800 AlipayWallet[12252:1974005] [AntiAntiDebug] - ptrace request is PT_DENY_ATTACH
2020-03-28 19:06:15.701070+0800 AlipayWallet[12252:1974265] [NetworkInfo] Signal strength query returned
复制代码
  • 2、MonkeyDev已经集成了 AntiAntiDebug ,为什么没生效,因为默认没替换sysctl, 这里打开注释
  • 3、打开注释后,还是被杀,log如下
<CTServiceDescriptor 0x10ca47a20, domain=1, instance=2>
2020-03-29 00:44:38.089052+0800 AlipayWallet[13454:2074728] [NetworkInfo] Signal strength query returned error: Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied", descriptor: <CTServiceDescriptor 0x10c9dad30, domain=1, instance=1>
2020-03-29 00:44:38.089937+0800 AlipayWallet[13454:2074728] [NetworkInfo] Signal strength query returned error: Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied", descriptor: <CTServiceDescriptor 0x10c9d9860, domain=1, instance=2>
2020-03-29 00:44:52.923884+0800 AlipayWallet[13454:2074898] [NetworkInfo] Signal strength query returned error: Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied", descriptor: <CTServiceDescriptor 0x10ce07310, domain=1, instance=1>
2020-03-29 00:44:52.925006+0800 AlipayWallet[13454:2074898] [NetworkInfo] Signal strength query returned error: Error Domain=NSPOSIXErrorDomain Code=13 "Permission denied", descriptor: <CTServiceDescriptor 0x10ce07380, domain=1, instance=2>
Message from debugger: Terminated due to signal 5

复制代码
  • 4、添加符号断点exit,module:libsystem_c.dylib, 看看哪里退出的

    • 没有断住
  • 5、断点my_sysctl方法,可以看到+[AAAPBootStartPoint load]会去调用sysctl

  • 6、+[AAAPBootStartPoint load]做了什么?可以看到用c函数enable_crash_reporter_service去启动crash上报服务,这个服务里有反调试的逻辑?
    • [AAAPBootStartPoint load]
void __cdecl +[AAAPBootStartPoint load](AAAPBootStartPoint_meta *self, SEL a2)
{
  __int64 v2; // x0
  __int64 v3; // x0

  v2 = MPStartupTimeMarkAppStartPoint((__int64)self);
  CACurrentMediaTime(v2);
  v3 = enable_crash_reporter_service();
  CACurrentMediaTime(v3);
  MPStartupTimeSetRangeCost("crashinit");
}
复制代码
  • enable_crash_reporter_service
伪代码-展开查看

  __int64 enable_crash_reporter_service()
{
  __int64 v0; // x0
  void *v1; // x0
  void *v2; // x20
  void *v3; // x0
  void *v4; // x19
  void *v5; // x0
  __int64 v6; // x20
  void *v7; // x0
  void *v8; // x21
  int v9; // w0
  __int64 v10; // x0
  __int64 v11; // x19
  __int64 v12; // x0
  __int64 v13; // x20
  __int64 v14; // x0
  void *v15; // x20
  int v16; // w0
  void *v17; // x0
  void *v18; // x21
  __int64 v19; // x22
  __int64 v20; // x0
  __int64 v21; // x23
  const __CFString *v22; // x2
  signed __int64 v23; // x1
  char v24; // w21
  __int64 v25; // x20
  __int64 v27; // [xsp+0h] [xbp-300h]
  __int64 v28; // [xsp+0h] [xbp-300h]
  __int64 v29; // [xsp+10h] [xbp-2F0h]
  size_t v30; // [xsp+18h] [xbp-2E8h]
  int v31[2]; // [xsp+20h] [xbp-2E0h]
  int v32; // [xsp+28h] [xbp-2D8h]
  pid_t v33; // [xsp+2Ch] [xbp-2D4h]
  __int128 v34; // [xsp+30h] [xbp-2D0h]
  __int64 (__fastcall *v35)(); // [xsp+40h] [xbp-2C0h]
  int v36; // [xsp+50h] [xbp-2B0h]

v0 = NSSearchPathForDirectoriesInDomains(5LL, 1LL, 1LL); v1 = (void *)objc_retainAutoreleasedReturnValue(v0); v2 = v1; v3 = objc_msgSend(v1, "objectAtIndexedSubscript:", 0LL); v4 = (void *)objc_retainAutoreleasedReturnValue(v3); objc_release(v2); v5 = objc_msgSend(v4, "stringByAppendingPathComponent:", CFSTR("crash")); v6 = objc_retainAutoreleasedReturnValue(v5); v7 = objc_msgSend(&OBJC_CLASS___NSFileManager, "defaultManager"); v8 = (void *)objc_retainAutoreleasedReturnValue(v7); LOBYTE(v34) = 0; v9 = (unsigned __int64)objc_msgSend(v8, "fileExistsAtPath:isDirectory:", v6, &v34); if ( !(_BYTE)v34 || !v9 )

objc_msgSend(v8, "createDirectoryAtPath:withIntermediateDirectories:attributes:error:", v6, 1LL, 0LL, 0LL);
复制代码

objc_release(v8); objc_release(v6); v10 = objc_release(v4); v11 = objc_autoreleasePoolPush(v10); v30 = 648LL; *(_QWORD *)v31 = 60129542145LL; v32 = 1; v33 = getpid(); if ( sysctl(v31, 4u, &v34, &v30, 0LL, 0LL) == -1 || !(v36 & 0x800) ) {

v12 = configure_crash_reporter();
v13 = objc_retainAutoreleasedReturnValue(v12);
v14 = qword_10701BD88;
qword_10701BD88 = v13;
objc_release(v14);
v15 = (void *)objc_retain(v13);
v16 = (unsigned __int64)objc_msgSend(v15, "hasPendingCrashReport");
if ( v15 && v16 )
{
  *(_QWORD *)&v34 = 0LL;
  v17 = objc_msgSend(v15, "loadPendingCrashReportDataAndReturnError:", &v34);
  v18 = (void *)objc_retainAutoreleasedReturnValue(v17);
  v19 = objc_retain(v34);
  if ( v18 )
  {
    v20 = sub_1008E8934(CFSTR("portal.plcrash"));
    v21 = objc_retainAutoreleasedReturnValue(v20);
    if ( (unsigned __int64)objc_msgSend(v18, "writeToFile:atomically:", v21, 1LL) & 1 )
    {
      v28 = v21;
      v22 = CFSTR("Copy crash report to: %@");
      v23 = 20000LL;
    }
    else
    {
      v28 = v21;
      v22 = CFSTR("Failed to copy crash report to: %@");
      v23 = 40000LL;
    }
    APLogToFile(CFSTR("[APCrashReporter] "), v23, v22);
    objc_msgSend(v15, "purgePendingCrashReport", v28);
    objc_release(v21);
  }
  else
  {
    v27 = v19;
    APLogToFile(CFSTR("[APCrashReporter] "), 40000LL, CFSTR("Failed to load crash report data: %@"));
  }
  objc_release(v18);
  objc_release(v19);
}
objc_release(v15);
v35 = sub_1008E76CC;
v34 = xmmword_105689F18;
objc_msgSend((void *)qword_10701BD88, "setCrashCallbacks:", &v34, v27);
v29 = 0LL;
v24 = (unsigned __int64)objc_msgSend((void *)qword_10701BD88, "enableCrashReporterAndReturnError:", &v29);
v25 = objc_retain(v29);
if ( !(v24 & 1) )
  APLogToFile(CFSTR("[APCrashReporter] "), 40000LL, CFSTR("Could not enable crash reporter: %@"));
objc_release(v25);
复制代码
复制代码

} return objc_autoreleasePoolPop(v11); }

  • 7、看了伪代码并没有反调试逻辑,先替换 +[AAAPBootStartPoint load]load 方法为空实现, 顺利进入首页。why?
  • 8、尝试AntiDebugBypass, 也没有生效。
  • 9、接着就是加入我的业务逻辑,主线程已实现,效果如下

小结

  • 针对iOS12设备,完成以下3步就可以正常调试了
    • 1、配置MONKEYDEV_DEFAUTL_BUNDLEID=YES
    • 2、打开 rebind_symbols((struct rebinding[1]){{"sysctl", my_sysctl, (void*)&orig_sysctl}},1); 注释
    • 3、替换 [AAAPBootStartPoint load] 为空实现

iOS13

MONKEYDEV_DEFAUTL_BUNDLEID=YES

  • 在iOS13手机上报如下错 An unknown error has occurred. Domain: com.apple.dt.MobileDeviceErrorDomain Code: -402620415
  • 此路不通 ?

MONKEYDEV_DEFAUTL_BUNDLEID=NO

  • 1、 可以安装到手机,但是启动闪退
    • 控制台log如下
+ 触发my_sysctl的调用栈如下
  • iOS13 替换load不生效
  • 2、是plcrashreporter引起的吗?先替换下enableCrashReporterAndReturnError为空实现

  • 3、替换后 [APDataCenterInterface setDefaultCryptKey:] 会调用exit()直接退出

伪代码-展开查看

bool __cdecl -[APDataCenterInterface setDefaultCryptKey:](APDataCenterInterface *self, SEL a2, void *a3) { int v3; // w25 void *v4; // x27 struct objc_object *v5; // x0 void *v6; // x0 void *v7; // x19 void *v8; // x0 void *v9; // x28 void *v10; // x0 __int64 v11; // x19 void *v12; // x0 void *v13; // x20 void (__fastcall *v15)(void *); // [xsp+8h] [xbp-68h]

v3 = 0; v4 = 0LL; v15 = (void (__fastcall *)(void *))a3; while ( 1 ) {

v5 = +[SecurityGuardManager getInstance](&OBJC_CLASS___SecurityGuardManager, "getInstance");
v6 = (void *)objc_retainAutoreleasedReturnValue(v5);
v7 = v6;
v8 = objc_msgSend(v6, "getStaticDataStoreComp");
v9 = (void *)objc_retainAutoreleasedReturnValue(v8);
objc_release(v7);
if ( v9 )
  break;
复制代码

LABEL_6:

usleep(0x12Cu);
objc_release(v9);
if ( (unsigned int)++v3 >= 3 )
  goto LABEL_9;
复制代码

} v10 = objc_msgSend(v9, "getExtraData:", CFSTR("datacenter-default")); v11 = objc_retainAutoreleasedReturnValue(v10); if ( !v11

|| (v12 = objc_msgSend(&OBJC_CLASS___NSData, "alloc"),
    v13 = objc_msgSend(v12, "initWithBase64EncodedString:options:", v11, 0LL),
    objc_release(v4),
    v4 = v13,
    objc_msgSend(v13, "length") != (void *)32) )
复制代码

{

objc_release(v11);
goto LABEL_6;
复制代码

} objc_release(v11); objc_release(v9); v4 = v13; LABEL_9: if ( objc_msgSend(v4, "length") != (void *)32 )

exit(0);
复制代码
复制代码

v15(v4); objc_release(v4); return 1; }

  • 从伪代码里可以看到取getExtraData, 取到的字符串长度不是32就直接退出了,用lldb调试下,也确实如此。原因是我修改了bundleid, datacenter-default这个值的计算应该是和bundleid绑定的。
  (lldb) po [SecurityGuardManager getInstance]
  <SecurityGuardManager: 0x10d365fb0>

  (lldb) po [[SecurityGuardManager getInstance]   getStaticDataStoreComp]
  <SecurityGuardStaticDataStore: 0x11440a9d0>

  (lldb) po [[[SecurityGuardManager getInstance]   getStaticDataStoreComp] getExtraData:@"datacenter-default"]
 nil
(lldb) 
复制代码
* 4、替换getExtraData: 的实现,返回一个长度为32的字符串, 可以正常进入支付宝了,但是无法登陆,还是无法调试,心好累,难道要放弃iOS13吗?
  • 5、我的目的是要调试小程序相关的功能,不登陆也没有关系,所以只要hook调强制登陆的逻辑就可以进入首页了。

    • 通过view debuger 找到登陆页面的vc
     Printing description of $16:
    <ALULoginNewcomerViewController: 0x10e0f0a00>
    复制代码
    • 通过memory graph 找到vc创建的调用栈,可以看到登录的逻辑是在下面触发的
    -[DFMicroApplicationManager doStartApplication:params:launchMode:]
    复制代码
  • -[DFMicroApplicationManager doStartApplication:params:launchMode:] 伪代码,1700多行,可以想象业务是多么的复杂。
伪代码-展开查看
  

bool __cdecl -[DFMicroApplicationManager doStartApplication:params:launchMode:](DFMicroApplicationManager *self, SEL a2, id a3, id a4, signed __int64 a5){ signed __int64 v5; // x25 id v6; // x20 DFMicroApplicationManager *v7; // x21 void *v8; // x19 __int64 v9; // x28 void *v10; // x0 void *v11; // x0 __int64 v12; // x0 __int64 v13; // x21 void *v14; // x0 void *v15; // x23 int v16; // w24 void *v17; // x0 void *v18; // x21 int v19; // w20 __int64 v20; // x2 const __CFString *v21; // x3 bool v22; // w20 void *v23; // x0 void *v24; // x0 void *v25; // x21 void *v26; // x0 __int64 v27; // x25 void *v28; // x0 void *v29; // x0 void *v30; // x23 void *v31; // x0 __int64 v32; // x0 const __CFString *v33; // x20 void *v34; // x0 __int64 v35; // x21 void *v36; // x0 __int64 v37; // x0 const __CFString *v38; // x27 void *v39; // x0 __int64 v40; // x21 void *v41; // x0 __int64 v42; // x0 const __CFString *v43; // x28 __int64 v44; // x0 __int64 v45; // x0 void *v46; // x0 void *v47; // x21 void *v48; // x0 void *v49; // x0 void *v50; // x23 void *v51; // x0 const __CFString *v52; // x0 const __CFString *v53; // x26 __int64 v54; // x25 void *v55; // x0 __int64 v56; // x0 __CFString *v57; // x21 void *v58; // x0 void *v59; // x0 void *v60; // x23 void *v61; // x0 __int64 v62; // x0 void *v63; // x0 void *v64; // x0 __int64 v65; // x22 void *v66; // x0 void *v67; // x23 void *v68; // x22 void *v69; // x0 __int64 v70; // x24 void *v71; // x0 __int64 v72; // x23 void *v73; // x23 dispatch_queue_t v74; // x0 __int64 v75; // x22 __int64 v76; // x0 __int64 v77; // x0 __int64 v78; // x0 __int64 v79; // x0 __int64 v80; // x0 void *v81; // x0 __int64 v82; // x0 __int64 v83; // x21 void *v84; // x0 void *v85; // x22 int v86; // w23 char *v87; // x25 void *v88; // x0 void *v89; // x21 void *v90; // x0 DFMicroApplicationManager *v91; // x21 void *v92; // x0 void *v93; // x0 void *v94; // x20 void *v95; // x0 void *v96; // x21 int v97; // w22 void *v98; // x0 DFStartApplicationOperation *v99; // x20 void *v100; // x0 void *v101; // x0 void *v102; // x20 void *v103; // x0 __int64 v104; // x21 DFStartApplicationOperation *v105; // x0 void *v106; // x23 DFStartApplicationOperation *v107; // x0 void *v108; // x20 DFStartApplicationOperation *v109; // x0 void *v110; // x20 __int64 v111; // x27 signed int v112; // w22 __int64 v113; // x21 void *v114; // x0 void *v115; // x0 __int64 v116; // x20 void *v117; // x0 void *v118; // x21 struct objc_object *v119; // x0 char *v120; // x20 void *v121; // x0 void *v122; // x21 void *v123; // x0 void *v124; // x23 int v125; // w22 const __CFString *v126; // x0 __int64 v127; // x21 void *v128; // x0 const __CFString *v129; // x0 const __CFString *v130; // x22 char *v131; // x26 __int64 v132; // x25 void *v133; // x0 void *v134; // x0 void *v135; // x22 void *v136; // x0 void *v137; // x0 void *v138; // x23 void *v139; // x0 const __CFString *v140; // x0 const __CFString *v141; // x24 __int64 v142; // x28 __int64 v143; // x0 __int64 v144; // x0 void *v145; // x22 __int128 v146; // q0 void *v147; // x0 __int64 v148; // x23 void *v149; // x0 __int64 v150; // x24 __int64 v151; // x0 __int64 v152; // x0 DFMicroApplicationManager *v153; // x21 struct objc_object *v154; // x0 DFStartApplicationOperation *v155; // x0 DFStartApplicationOperation *v156; // x20 void *v157; // x0 void *v158; // x0 void *v159; // x21 void *v160; // x0 __int64 v161; // x22 void *v162; // x0 __int64 v163; // x21 void *v164; // x0 __int64 v165; // x21 void *v166; // x0 NSMutableArray *v167; // x0 void *v168; // x21 void *v169; // x0 __int64 v170; // x21 void *v171; // x0 __int64 v172; // x22 void *v173; // x0 void *v174; // x21 void *v175; // x0 NSMutableArray *v176; // x0 void *v177; // x21 char *v178; // x22 void *v179; // x0 __int64 v180; // x0 __int64 v181; // x21 void *v182; // x0 __int64 v183; // x22 void *v184; // x0 __int64 v185; // x0 __int64 v186; // x26 void *v187; // x0 void *v188; // x27 int v189; // w28 void *v190; // x0 void *v191; // x26 void *v192; // x0 void *v193; // x0 __int64 v194; // x0 __int64 v195; // x26 void *v196; // x0 void *v197; // x27 int v198; // w28 void *v199; // x0 void *v200; // x26 void *v201; // x0 NSMutableArray *v202; // x0 void *v203; // x26 char *v204; // x21 signed __int64 v205; // x27 NSMutableArray *v206; // x0 void *v207; // x26 char *v208; // x25 signed __int64 v209; // x26 signed __int64 v210; // x21 NSMutableArray *v211; // x0 void *v212; // x0 void *v213; // x23 signed __int64 v214; // x20 void *v215; // x0 __int64 v216; // x25 void *v217; // x0 __int64 v218; // x23 OS_dispatch_queue *v219; // x21 DFStartApplicationOperation *v220; // x0 NSMutableArray *v221; // x0 __int64 v222; // x20 NSMutableArray *v223; // x0 void *v224; // x21 signed int v225; // w22 __int64 v226; // x21 void *v227; // x0 void *v228; // x0 __int64 v229; // x20 void *v230; // x0 void *v231; // x21 int v232; // w21 void *v233; // x0 __int64 v234; // x0 __int64 v235; // x20 void *v236; // x0 void *v237; // x22 int v238; // w23 void *v239; // x0 void *v240; // x20 void *v241; // x0 __int64 v242; // x20 const __CFString *v243; // x2 void *v244; // x0 void *v245; // x22 int v246; // w23 void *v247; // x0 void *v248; // x20 void *v249; // x0 void *v250; // x0 __int64 v251; // x0 __int64 v252; // x21 void *v253; // x0 void *v254; // x22 int v255; // w23 void *v256; // x0 void *v257; // x21 void *v258; // x0 void *v259; // x0 void *v260; // x20 void *v261; // x21 void *v262; // x0 void *v263; // x21 void *v264; // x0 __int64 v265; // x0 __int64 v266; // x24 void *v267; // x0 void *v268; // x23 int v269; // w25 void *v270; // x0 void *v271; // x23 void *v272; // x0 void *v273; // x25 void *v274; // x0 __int64 v275; // x0 __int64 v276; // x26 void *v277; // x0 __int64 v278; // x21 void *v279; // x0 void *v280; // x0 __int64 v281; // x20 void *v282; // x0 void *v283; // x0 void *v284; // x21 void *v285; // x0 void *v286; // x0 __int64 v287; // x0 __int64 v288; // x23 char *v289; // x22 void *v290; // x0 void *v291; // x24 int v292; // w25 void *v293; // x0 void *v294; // x24 signed int v295; // w23 void *v296; // x0 void *v297; // x0 __int64 v298; // x21 void *v299; // x0 void *v300; // x23 int v301; // w24 void *v302; // x0 __int64 v303; // x0 __int64 v304; // x24 void *v305; // x0 char *v306; // x22 char *v307; // x25 BOOL v308; // w22 DFNavigationController *v309; // x0 DFNavigationController *v310; // x21 void *v311; // x0 __int64 v312; // x0 __int64 v313; // x25 void *v314; // x0 void *v315; // x26 int v316; // w27 void *v317; // x0 void *v318; // x25 void *v319; // x0 __int64 v320; // x0 __int64 v321; // x25 void *v322; // x0 void *v323; // x26 int v324; // w27 void *v325; // x0 void *v326; // x25 char v327; // w24 void *v328; // x0 void *v329; // x21 void *v330; // x0 void *v331; // x23 void *v332; // x0 __int64 v333; // x0 __int64 v334; // x25 void *v335; // x0 __int64 v336; // x26 void *v337; // x0 void *v338; // x0 void *v339; // x0 void *v340; // x21 void *v341; // x0 void *v342; // x26 __int64 v343; // x20 unsigned __int64 v344; // x22 void *v345; // x23 void *v346; // x0 __int64 v347; // x24 void *v348; // x0 void *v349; // x21 struct objc_object *v350; // x0 void *v351; // x0 void *v352; // x22 void *v353; // x0 void *v354; // x23 void *v355; // x0 void *v356; // x0 void *v357; // x21 void *v358; // x0 DFNavigationController *v359; // x24 __int64 v360; // x0 DFNavigationController *v361; // x21 void *v362; // x0 __int64 v363; // x24 NSMutableArray *v364; // x0 void *v365; // x24 void *v366; // x0 __int64 v367; // x20 void *v368; // x0 __int64 v369; // x0 __int64 v370; // x24 void *v371; // x0 void *v372; // x26 int v373; // w27 void *v374; // x0 void *v375; // x24 void *v376; // x0 DFNavigationController *v377; // x0 void *v378; // x24 void *v379; // x0 __int64 v380; // x25 DFNavigationController *v381; // x24 void *v382; // x0 __int64 v383; // x20 void *v384; // x0 __int64 v385; // x0 __int64 v386; // x21 void *v387; // x0 void *v388; // x24 int v389; // w25 void *v390; // x0 void *v391; // x21 void *v392; // x0 void *v393; // x0 __int64 v394; // x0 __int64 v395; // x21 void *v396; // x0 void *v397; // x22 int v398; // w23 void *v399; // x0 void *v400; // x21 void *v401; // x0 NSMutableArray *v402; // x0 void *v403; // x0 __int64 v404; // x0 __int64 v405; // x24 void *v406; // x0 void *v407; // x25 int v408; // w26 void *v409; // x0 void *v410; // x0 void *v411; // x24 void *v412; // x0 void *v413; // x0 void *v414; // x26 int v415; // w27 void *v416; // x0 void *v417; // x26 void *v418; // x0 void *v419; // x25 int v420; // w21 void *v421; // x0 void *v422; // x0 void *v423; // x21 void *v424; // x0 NSMutableArray *v425; // x0 void *v426; // x23 char v427; // w24 NSMutableArray *v428; // x0 void *v429; // x24 void *v430; // x25 unsigned __int64 v431; // x24 NSMutableArray *v432; // x0 void *v433; // x0 void *v434; // x27 void *v435; // x0 __int64 v436; // x26 NSMutableArray *v437; // x0 void *v438; // x27 char v439; // w28 NSMutableArray *v440; // x0 void *v441; // x26 void *v442; // x27 NSMutableArray *v443; // x0 void *v444; // x21 NSMutableArray *v445; // x0 void *v446; // x21 bool result; // w0 __int64 v448; // [xsp+0h] [xbp-3D0h] __int64 v449; // [xsp+0h] [xbp-3D0h] char *v450; // [xsp+0h] [xbp-3D0h] __int64 v451; // [xsp+0h] [xbp-3D0h] __int64 v452; // [xsp+0h] [xbp-3D0h] __int64 v453; // [xsp+0h] [xbp-3D0h] __int64 v454; // [xsp+0h] [xbp-3D0h] void *v455; // [xsp+0h] [xbp-3D0h] __int64 v456; // [xsp+0h] [xbp-3D0h] __int64 v457; // [xsp+0h] [xbp-3D0h] __int64 v458; // [xsp+8h] [xbp-3C8h] void *v459; // [xsp+8h] [xbp-3C8h] void *v460; // [xsp+48h] [xbp-388h] __int64 v461; // [xsp+60h] [xbp-370h] __int64 v462; // [xsp+68h] [xbp-368h] char *v463; // [xsp+70h] [xbp-360h] char *v464; // [xsp+70h] [xbp-360h] __int64 v465; // [xsp+80h] [xbp-350h] __int64 v466; // [xsp+88h] [xbp-348h] char *v467; // [xsp+90h] [xbp-340h] char *v468; // [xsp+98h] [xbp-338h] char *v469; // [xsp+98h] [xbp-338h] char *v470; // [xsp+98h] [xbp-338h] void *v471; // [xsp+A8h] [xbp-328h] __int64 v472; // [xsp+B0h] [xbp-320h] DFMicroApplicationManager *v473; // [xsp+B8h] [xbp-318h] void **v474; // [xsp+C0h] [xbp-310h] __int64 v475; // [xsp+C8h] [xbp-308h] __int64 (__fastcall *v476)(); // [xsp+D0h] [xbp-300h] void *v477; // [xsp+D8h] [xbp-2F8h] __int64 v478; // [xsp+E0h] [xbp-2F0h] __int64 v479; // [xsp+E8h] [xbp-2E8h] __int64 v480; // [xsp+F0h] [xbp-2E0h] char v481; // [xsp+F8h] [xbp-2D8h] void **v482; // [xsp+100h] [xbp-2D0h] __int64 v483; // [xsp+108h] [xbp-2C8h] __int64 (__fastcall *v484)(); // [xsp+110h] [xbp-2C0h] void *v485; // [xsp+118h] [xbp-2B8h] __int64 v486; // [xsp+120h] [xbp-2B0h] __int64 v487; // [xsp+128h] [xbp-2A8h] void **v488; // [xsp+130h] [xbp-2A0h] __int64 v489; // [xsp+138h] [xbp-298h] __int64 (__fastcall *v490)(); // [xsp+140h] [xbp-290h] void *v491; // [xsp+148h] [xbp-288h] __int64 v492; // [xsp+150h] [xbp-280h] __int64 v493; // [xsp+158h] [xbp-278h] __int128 v494; // [xsp+160h] [xbp-270h] __int128 v495; // [xsp+170h] [xbp-260h] __int128 v496; // [xsp+180h] [xbp-250h] __int128 v497; // [xsp+190h] [xbp-240h] void **v498; // [xsp+1A0h] [xbp-230h] __int64 v499; // [xsp+1A8h] [xbp-228h] __int64 (__fastcall *v500)(); // [xsp+1B0h] [xbp-220h] void *v501; // [xsp+1B8h] [xbp-218h] __int64 v502; // [xsp+1C0h] [xbp-210h] __int64 v503; // [xsp+1C8h] [xbp-208h] __int64 v504; // [xsp+1D0h] [xbp-200h] __int64 v505; // [xsp+1D8h] [xbp-1F8h] __int64 v506; // [xsp+1E0h] [xbp-1F0h] char v507; // [xsp+1E8h] [xbp-1E8h] const __CFString *v508; // [xsp+1F0h] [xbp-1E0h] __int64 v509; // [xsp+1F8h] [xbp-1D8h] const __CFString *v510; // [xsp+200h] [xbp-1D0h] const __CFString *v511; // [xsp+208h] [xbp-1C8h] const __CFString *v512; // [xsp+210h] [xbp-1C0h] __int64 v513; // [xsp+218h] [xbp-1B8h] void *v514; // [xsp+220h] [xbp-1B0h] __int64 v515; // [xsp+228h] [xbp-1A8h] char v516; // [xsp+230h] [xbp-1A0h] const __CFString *v517; // [xsp+2B0h] [xbp-120h] const __CFString *v518; // [xsp+2B8h] [xbp-118h] const __CFString *v519; // [xsp+2C0h] [xbp-110h] __int64 v520; // [xsp+2C8h] [xbp-108h] void *v521; // [xsp+2D0h] [xbp-100h] __int64 v522; // [xsp+2D8h] [xbp-F8h] __int128 v523; // [xsp+2E0h] [xbp-F0h] const __CFString *v524; // [xsp+2F0h] [xbp-E0h] __int64 v525; // [xsp+2F8h] [xbp-D8h] __int64 v526; // [xsp+300h] [xbp-D0h] __int64 v527; // [xsp+308h] [xbp-C8h] __int64 v528; // [xsp+310h] [xbp-C0h] __int64 v529; // [xsp+318h] [xbp-B8h] __int64 v530; // [xsp+320h] [xbp-B0h] __int64 v531; // [xsp+328h] [xbp-A8h] const __CFString *v532; // [xsp+330h] [xbp-A0h] const __CFString *v533; // [xsp+338h] [xbp-98h] const __CFString *v534; // [xsp+340h] [xbp-90h] __int64 v535; // [xsp+348h] [xbp-88h] void *v536; // [xsp+350h] [xbp-80h] __int64 v537; // [xsp+358h] [xbp-78h] __int64 v538; // [xsp+360h] [xbp-70h]

复制代码

v5 = a5; v6 = a4; v7 = self; v8 = (void *)objc_retain(a3); v9 = objc_retain(v6); if ( !v8 ) { v20 = NSInvalidArgumentException; v21 = CFSTR("The parameter 'app' MUST NOT be nil."); LABEL_9: objc_msgSend(&OBJC_CLASS___NSException, "raise:format:", v20, v21); goto LABEL_10; } v10 = objc_msgSend(&OBJC_CLASS___DTMicroApplication, "class"); if ( !((unsigned __int64)objc_msgSend(v8, "isKindOfClass:", v10) & 1) ) { v20 = NSGenericException; v21 = CFSTR("The parameter 'app' MUST be a subclass of DFMicroApplication"); goto LABEL_9; } v473 = v7; v11 = objc_msgSend(v8, "delegate"); v12 = objc_retainAutoreleasedReturnValue(v11); if ( v12 ) { v13 = v12; v14 = objc_msgSend(v8, "delegate"); v15 = (void *)objc_retainAutoreleasedReturnValue(v14); v16 = (unsigned __int64)objc_msgSend(v15, "respondsToSelector:", "applicationInterruptStart:params:aunchMode:"); objc_release(v15); objc_release(v13); if ( v16 ) { v17 = objc_msgSend(v8, "delegate"); v18 = (void *)objc_retainAutoreleasedReturnValue(v17); v19 = (unsigned __int64)objc_msgSend(v18, "applicationInterruptStart:params:aunchMode:", v8, v9, v5); objc_release(v18); if ( v19 ) { APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("doStartApplication interrupt %@")); LABEL_10: v22 = 0; goto LABEL_178; } } } v463 = (char *)v5; v23 = objc_msgSend(v8, "descriptor"); v24 = (void *)objc_retainAutoreleasedReturnValue(v23); v25 = v24; v26 = objc_msgSend(v24, "name"); v27 = objc_retainAutoreleasedReturnValue(v26); if ( v27 ) { v28 = objc_msgSend(v8, "descriptor"); v29 = (void *)objc_retainAutoreleasedReturnValue(v28); v30 = v29; v31 = objc_msgSend(v29, "name"); v32 = objc_retainAutoreleasedReturnValue(v31); v33 = (const __CFString *)objc_retain(v32); objc_release(v33); objc_release(v30); } else { v33 = &stru_1057F4708; objc_retain(&stru_1057F4708); } objc_release(v27); objc_release(v25); v34 = objc_msgSend(v8, "type"); v35 = objc_retainAutoreleasedReturnValue(v34); if ( v35 ) { v36 = objc_msgSend(v8, "type"); v37 = objc_retainAutoreleasedReturnValue(v36); v38 = (const __CFString *)objc_retain(v37); objc_release(v38); } else { v38 = &stru_1057F4708; objc_retain(&stru_1057F4708); } v471 = (void *)v9; objc_release(v35); v39 = objc_msgSend(v8, "sourceId"); v40 = objc_retainAutoreleasedReturnValue(v39); if ( v40 ) { v41 = objc_msgSend(v8, "sourceId"); v42 = objc_retainAutoreleasedReturnValue(v41); v43 = (const __CFString *)objc_retain(v42); objc_release(v43); } else { v43 = &stru_1057F4708; objc_retain(&stru_1057F4708); } v44 = objc_release(v40); v45 = DTMicroApplicationGetCurrent(v44); v46 = (void *)objc_retainAutoreleasedReturnValue(v45); v47 = v46; v48 = objc_msgSend(v46, "descriptor"); v49 = (void *)objc_retainAutoreleasedReturnValue(v48); v50 = v49; v51 = objc_msgSend(v49, "name"); v52 = (const __CFString *)objc_retainAutoreleasedReturnValue(v51); v53 = v52; if ( !v52 ) v52 = &stru_1057F4708; v54 = objc_retain(v52); objc_release(v53); objc_release(v50); objc_release(v47); v55 = objc_msgSend(v471, "objectForKeyedSubscript:", CFSTR("chInfo")); v56 = objc_retainAutoreleasedReturnValue(v55); if ( v56 ) { v57 = (__CFString *)objc_retain(v56); objc_release(v57); goto LABEL_25; } v58 = objc_msgSend(v8, "sceneParams"); v59 = (void *)objc_retainAutoreleasedReturnValue(v58); v60 = v59; v61 = objc_msgSend(v59, "objectForKeyedSubscript:", CFSTR("chInfo")); v62 = objc_retainAutoreleasedReturnValue(v61); v57 = (__CFString *)objc_retain(v62); objc_release(v57); objc_release(v60); if ( v57 ) { LABEL_25: v63 = objc_msgSend(&OBJC_CLASS___NSString, "class"); if ( (unsigned __int64)objc_msgSend(v57, "isKindOfClass:", v63) & 1 ) goto LABEL_27; } objc_retain(&stru_1057F4708); objc_release(v57); v57 = &stru_1057F4708; LABEL_27: v64 = objc_msgSend(v8, "sceneParams"); v65 = objc_retainAutoreleasedReturnValue(v64); objc_release(v65); if ( v65 ) { v66 = objc_msgSend(v8, "sceneParams"); v67 = (void *)objc_retainAutoreleasedReturnValue(v66); v68 = objc_msgSend(v67, "mutableCopy"); objc_release(v67); v69 = objc_msgSend(v68, "valueForKey:", CFSTR("kSceneParamsIsNotRequireAuth")); v70 = objc_retainAutoreleasedReturnValue(v69); objc_release(v70); if ( v70 ) objc_msgSend(v68, "removeObjectForKey:", CFSTR("kSceneParamsIsNotRequireAuth")); v71 = objc_msgSend(v68, "valueForKey:", CFSTR("fltFullLinkId")); v72 = objc_retainAutoreleasedReturnValue(v71); objc_release(v72); if ( v72 ) objc_msgSend(v68, "removeObjectForKey:", CFSTR("fltFullLinkId")); v73 = objc_msgSend(v68, "copy"); objc_msgSend(v8, "setSceneParams:", v73); objc_release(v73); objc_release(v68); } v74 = dispatch_get_global_queue(-2LL, 0LL); v75 = objc_retainAutoreleasedReturnValue(v74); v498 = _NSConcreteStackBlock; v499 = 3254779904LL; v500 = sub_100CD3BFC; v501 = &unk_105689228; v76 = objc_retain(v33); v472 = v76; v502 = v76; v77 = objc_retain(v43); v466 = v77; v503 = v77; v78 = objc_retain(v38); v465 = v78; v504 = v78; v79 = objc_retain(v54); v462 = v79; v505 = v79; v80 = objc_retain(v57); v461 = v80; v506 = v80; aispatch_async(v75, &v498); objc_release(v75); v81 = objc_msgSend(v8, "delegate"); v82 = objc_retainAutoreleasedReturnValue(v81); if ( v82 ) { v83 = v82; v84 = objc_msgSend(v8, "delegate"); v85 = (void *)objc_retainAutoreleasedReturnValue(v84); v86 = (unsigned __int64)objc_msgSend(v85, "respondsToSelector:", "applicationLaunchMode:params:"); objc_release(v85); objc_release(v83); v9 = (__int64)v471; v87 = v463; if ( v86 ) { v88 = objc_msgSend(v8, "delegate"); v89 = (void *)objc_retainAutoreleasedReturnValue(v88); v87 = (char *)objc_msgSend(v89, "applicationLaunchMode:params:", v8, v471); objc_release(v89); v90 = objc_msgSend(v8, "delegate"); v448 = objc_retainAutoreleasedReturnValue(v90); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationLaunchMode : %@")); objc_release(v448); } } else { v9 = (__int64)v471; v87 = v463; } objc_msgSend(v8, "setLaunchMode:", v87, v448); APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("doStartApplication %@")); APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("doStartApplication")); v91 = v473; if ( !(unsigned int)-[DFMicroApplicationManager shouldHoldLoginApp](v473, "shouldHoldLoginApp", v8) ) { APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("self.shouldHoldLoginApp = NO")); -[DFMicroApplicationManager setShouldHoldLoginApp:](v473, "setShouldHoldLoginApp:", 1LL); LABEL_41: if ( v472 ) { v532 = CFSTR("appId"); v535 = v472; v536 = v8; v533 = CFSTR("DTMicroApplicationKey"); v534 = CFSTR("DTMicroApplicationParamsKey"); if ( v9 ) { v112 = 0; v113 = v9; } else { v114 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v507, &v507, 0LL); v113 = objc_retainAutoreleasedReturnValue(v114); v112 = 1; } v537 = v113; v115 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v535, &v532, 3LL); v116 = objc_retainAutoreleasedReturnValue(v115); if ( v112 ) objc_release(v113); v117 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter"); v118 = (void *)objc_retainAutoreleasedReturnValue(v117); objc_msgSend( v118, "postNotificationName:object:userInfo:", CFSTR("DTMicroApplicationWillStartNotification"), 0LL, v116); objc_release(v118); objc_release(v116); v91 = v473; } v119 = +DFContext sharedContext; v460 = (void *)objc_retainAutoreleasedReturnValue(v119); v120 = -[DFMicroApplicationManager findApp:](v91, "findApp:", v8); v121 = objc_msgSend(v8, "sourceId"); v122 = (void *)objc_retainAutoreleasedReturnValue(v121); if ( (unsigned int)objc_msgSend(v122, "isEqualToString:", CFSTR("outerUrl")) ) { objc_release(v122); } else { v123 = objc_msgSend(v8, "sourceId"); v124 = (void *)objc_retainAutoreleasedReturnValue(v123); v125 = (unsigned __int64)objc_msgSend(v124, "isEqualToString:", CFSTR("push")); objc_release(v124); objc_release(v122); if ( !v125 ) goto LABEL_59; } if ( v120 == (char *)0x7FFFFFFFFFFFFFFFLL ) v126 = CFSTR("false"); else v126 = CFSTR("true"); v127 = objc_retain(v126); v128 = objc_msgSend(v8, "sourceAppBundleId"); v129 = (const __CFString *)objc_retainAutoreleasedReturnValue(v128); v130 = v129; if ( !v129 ) v129 = &stru_1057F4708; v131 = v87; v132 = objc_retain(v129); objc_release(v130); v133 = objc_msgSend(&OBJC_CLASS___UIApplication, "sharedApplication"); v134 = (void *)objc_retainAutoreleasedReturnValue(v133); v135 = v134; v136 = objc_msgSend(v134, "lastOpenedURL"); v137 = (void *)objc_retainAutoreleasedReturnValue(v136); v138 = v137; v139 = objc_msgSend(v137, "absoluteString"); v140 = (const __CFString *)objc_retainAutoreleasedReturnValue(v139); v141 = v140; if ( !v140 ) v140 = &stru_1057F4708; v142 = objc_retain(v140); objc_release(v141); objc_release(v138); v143 = objc_release(v135); v144 = getAPRemoteLogger(v143); v145 = (void *)objc_retainAutoreleasedReturnValue(v144); v527 = v127; v528 = v472; v530 = v465; v529 = v466; v525 = v132; v526 = v142; *(_QWORD *)&v146 = CFSTR("bundleId"); *((_QWORD *)&v146 + 1) = CFSTR("url"); v523 = v146; v524 = CFSTR("resumeApp"); v147 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v525, &v523, 3LL); v148 = objc_retainAutoreleasedReturnValue(v147); v531 = v148; v149 = objc_msgSend(&OBJC_CLASS___NSArray, "arrayWithObjects:count:", &v528, 4LL); v150 = objc_retainAutoreleasedReturnValue(v149); objc_msgSend( v145, "writeLogWithActionId:extParams:appId:seed:ucId:bizType:", CFSTR("event"), v150, &stru_1057F4708, CFSTR("ext_s_phase_s_entry_call_doStartApp"), &stru_1057F4708, CFSTR("OutLaunch")); objc_release(v150); objc_release(v148); objc_release(v145); v151 = v142; v9 = (__int64)v471; objc_release(v151); v152 = v132; v87 = v131; objc_release(v152); objc_release(v127); LABEL_59: v153 = v473; v154 = -DFMicroApplicationManager currentApplication; v467 = (char *)objc_retainAutoreleasedReturnValue(v154); if ( v120 != (char *)0x7FFFFFFFFFFFFFFFLL ) { v468 = (char *)((unsigned __int64)v87 | 2); v450 = v120; APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("app already in stack, index = %ld")); if ( v472 ) { v510 = CFSTR("appId"); v514 = v8; v513 = v472; v512 = CFSTR("resumeApp"); v511 = CFSTR("DTMicroApplicationKey"); v169 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithInt:", 1LL, v120); v170 = objc_retainAutoreleasedReturnValue(v169); v515 = v170; v171 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v513, &v510, 3LL); v172 = objc_retainAutoreleasedReturnValue(v171); objc_release(v170); v173 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter"); v174 = (void *)objc_retainAutoreleasedReturnValue(v173); objc_msgSend( v174, "postNotificationName:object:userInfo:", CFSTR("DTMicroApplicationDidStartNotification"), 0LL, v172); v175 = v174; v153 = v473; objc_release(v175); objc_release(v172); } v176 = -[DFMicroApplicationManager applicationStack](v153, "applicationStack", v450); v177 = (void *)objc_retainAutoreleasedReturnValue(v176); v178 = (char *)objc_msgSend(v177, "count") - 1; objc_release(v177); if ( v120 < v178 ) -[DFMicroApplicationManager setExistingAppFlag:](v473, "setExistingAppFlag:", 1LL); v508 = CFSTR("NoLifecycleCallback"); v179 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithBool:", 1LL); v180 = objc_retainAutoreleasedReturnValue(v179); v181 = v180; v509 = v180; v182 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v509, &v508, 1LL); v183 = objc_retainAutoreleasedReturnValue(v182); objc_release(v181); v184 = objc_msgSend(v8, "delegate"); v185 = objc_retainAutoreleasedReturnValue(v184); if ( v185 ) { v186 = v185; v187 = objc_msgSend(v8, "delegate"); v188 = (void *)objc_retainAutoreleasedReturnValue(v187); v189 = (unsigned __int64)objc_msgSend(v188, "respondsToSelector:", "application:willResumeWithOptions:"); objc_release(v188); objc_release(v186); if ( v189 ) { v190 = objc_msgSend(v8, "delegate"); v191 = (void *)objc_retainAutoreleasedReturnValue(v190); objc_msgSend(v191, "application:willResumeWithOptions:", v8, v471); objc_release(v191); v192 = objc_msgSend(v8, "delegate"); v451 = objc_retainAutoreleasedReturnValue(v192); APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("willResumeWithOptions delegate = %@")); objc_release(v451); } } v193 = objc_msgSend(v8, "delegate", v451); v194 = objc_retainAutoreleasedReturnValue(v193); if ( v194 ) { v195 = v194; v196 = objc_msgSend(v8, "delegate"); v197 = (void *)objc_retainAutoreleasedReturnValue(v196); v198 = (unsigned __int64)objc_msgSend( v197, "respondsToSelector:", "application:willResumeWithOptions:isStartApp:"); objc_release(v197); objc_release(v195); if ( v198 ) { v199 = objc_msgSend(v8, "delegate"); v200 = (void *)objc_retainAutoreleasedReturnValue(v199); objc_msgSend(v200, "application:willResumeWithOptions:isStartApp:", v8, v471, 1LL); objc_release(v200); v201 = objc_msgSend(v8, "delegate"); v452 = objc_retainAutoreleasedReturnValue(v201); APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("willResumeWithOptions:isStartApp delegate = %@")); objc_release(v452); } } v202 = -[DFMicroApplicationManager applicationStack](v473, "applicationStack", v452); v203 = (void *)objc_retainAutoreleasedReturnValue(v202); v204 = (char *)objc_msgSend(v203, "count"); objc_release(v203); v205 = (signed __int64)(v204 - 2); if ( (signed __int64)v120 < (signed __int64)(v204 - 2) ) { v206 = -DFMicroApplicationManager applicationStack; v207 = (void *)objc_retainAutoreleasedReturnValue(v206); v208 = (char *)objc_msgSend(v207, "count"); objc_release(v207); v209 = (signed __int64)(v208 - 1); if ( (signed __int64)(v208 - 1) > (signed __int64)(v120 + 1) ) { v210 = (signed __int64)&v204[(_QWORD)v120 + 2]; do -[DFMicroApplicationManager exitApplicationAtIndex:animated:options:]( v473, "exitApplicationAtIndex:animated:options:", v209--, 0LL, v183); while ( v209 > (signed __int64)(v120 + 1) ); v205 = v210 - (_QWORD)v208 - 2; } } if ( v120 == (char *)v205 ) { v211 = -DFMicroApplicationManager applicationStack; v212 = (void *)objc_retainAutoreleasedReturnValue(v211); v213 = v212; v214 = (signed __int64)(v120 + 1); v215 = objc_msgSend(v212, "objectAtIndex:", v214); v216 = objc_retainAutoreleasedReturnValue(v215); objc_release(v213); v217 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithBool:", 1LL); v218 = objc_retainAutoreleasedReturnValue(v217); objc_setAssociatedObject(v216, &unk_107F15F90, v218, 0LL); objc_release(v218); -[DFMicroApplicationManager exitApplicationAtIndex:animated:options:]( v473, "exitApplicationAtIndex:animated:options:", v214, v468 == (char *)3, v183); objc_release(v216); } objc_initWeak(&v481, v473); v219 = v473->_queueForApp; v474 = _NSConcreteStackBlock; v475 = 3254779904LL; v476 = sub_100CD3F40; v477 = &unk_1056681C8; v478 = objc_retain(v8); v9 = (__int64)v471; v479 = objc_retain(v471); objc_copyWeak(&v480, &v481); aispatch_async(v219, &v474); objc_destroyWeak(&v480); objc_release(v479); objc_release(v478); objc_destroyWeak(&v481); v220 = (DFStartApplicationOperation *)v183; goto LABEL_175; } APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("app not in stack, normal start, %@")); if ( (unsigned int)-[DFMicroApplicationManager existingAppFlag](v473, "existingAppFlag", v8) ) { v155 = objc_msgSend(&OBJC_CLASS___DFStartApplicationOperation, "alloc"); v156 = objc_msgSend(v155, "init"); v157 = objc_msgSend(v8, "descriptor"); v158 = (void *)objc_retainAutoreleasedReturnValue(v157); v159 = v158; v160 = objc_msgSend(v158, "name"); v161 = objc_retainAutoreleasedReturnValue(v160); -[DFStartApplicationOperation setAppName:](v156, "setAppName:", v161); objc_release(v161); objc_release(v159); -[DFStartApplicationOperation setParams:](v156, "setParams:", v9); -[DFStartApplicationOperation setLaunchMode:](v156, "setLaunchMode:", v87); v162 = objc_msgSend(v8, "sceneParams"); v163 = objc_retainAutoreleasedReturnValue(v162); -[DFStartApplicationOperation setSceneParams:](v156, "setSceneParams:", v163); objc_release(v163); v164 = objc_msgSend(v8, "sourceId"); v165 = objc_retainAutoreleasedReturnValue(v164); -[DFStartApplicationOperation setSourceId:](v156, "setSourceId:", v165); objc_release(v165); v166 = objc_msgSend(v8, "appClearTop"); -[DFStartApplicationOperation setAppClearTop:](v156, "setAppClearTop:", v166); v167 = -DFMicroApplicationManager pendingOperations; v168 = (void *)objc_retainAutoreleasedReturnValue(v167); objc_msgSend(v168, "addObject:", v156); objc_release(v168); -DFMicroApplicationManager resignLoginHoldingFlag; LABEL_174: v220 = v156; LABEL_175: objc_release(v220); v111 = v472; LABEL_176: objc_release(v467); objc_release(v460); v22 = 1; goto LABEL_177; } v221 = -DFMicroApplicationManager applicationStack; v222 = objc_retainAutoreleasedReturnValue(v221); objc_sync_enter(); v223 = -DFMicroApplicationManager applicationStack; v224 = (void *)objc_retainAutoreleasedReturnValue(v223); objc_msgSend(v224, "addObject:", v8); objc_release(v224); objc_sync_exit(v222); objc_release(v222); v111 = v472; if ( v472 ) { v517 = CFSTR("appId"); v521 = v8; v520 = v472; v519 = CFSTR("DTMicroApplicationParamsKey"); v518 = CFSTR("DTMicroApplicationKey"); if ( v9 ) { v225 = 0; v226 = v9; } else { v227 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v507, &v507, 0LL); v226 = objc_retainAutoreleasedReturnValue(v227); v225 = 1; } v522 = v226; v228 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v520, &v517, 3LL); v229 = objc_retainAutoreleasedReturnValue(v228); if ( v225 ) objc_release(v226); v230 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter"); v231 = (void *)objc_retainAutoreleasedReturnValue(v230); objc_msgSend( v231, "postNotificationName:object:userInfo:", CFSTR("DTMicroApplicationDidStartNotification"), 0LL, v229); objc_release(v231); objc_release(v229); } v469 = (char *)((unsigned __int64)v87 | 2); v232 = (unsigned __int64)objc_msgSend(v8, "createFromCache"); v233 = objc_msgSend(v8, "delegate"); v234 = objc_retainAutoreleasedReturnValue(v233); v235 = v234; if ( v232 ) { if ( !v234 ) goto LABEL_95; v236 = objc_msgSend(v8, "delegate"); v237 = (void *)objc_retainAutoreleasedReturnValue(v236); v238 = (unsigned __int64)objc_msgSend(v237, "respondsToSelector:", "applicationWillShow:options:"); objc_release(v237); objc_release(v235); if ( !v238 ) goto LABEL_95; v239 = objc_msgSend(v8, "delegate"); v240 = (void *)objc_retainAutoreleasedReturnValue(v239); objc_msgSend(v240, "applicationWillShow:options:", v8, v9); objc_release(v240); v241 = objc_msgSend(v8, "delegate"); v242 = objc_retainAutoreleasedReturnValue(v241); v449 = v242; v243 = CFSTR("applicationWillShow : %@"); } else { if ( !v234 ) goto LABEL_95; v244 = objc_msgSend(v8, "delegate"); v245 = (void *)objc_retainAutoreleasedReturnValue(v244); v246 = (unsigned __int64)objc_msgSend(v245, "respondsToSelector:", "application:willStartLaunchingWithOptions:"); objc_release(v245); objc_release(v235); if ( !v246 ) goto LABEL_95; v247 = objc_msgSend(v8, "delegate"); v248 = (void *)objc_retainAutoreleasedReturnValue(v247); objc_msgSend(v248, "application:willStartLaunchingWithOptions:", v8, v9); objc_release(v248); v249 = objc_msgSend(v8, "delegate"); v242 = objc_retainAutoreleasedReturnValue(v249); v449 = v242; v243 = CFSTR("willStartLaunchingWithOptions : %@"); } APLogToFile(CFSTR("APMobileFramework"), 20000LL, v243); objc_release(v242); LABEL_95: if ( v467 ) { v250 = objc_msgSend(v467, "delegate", v449); v251 = objc_retainAutoreleasedReturnValue(v250); if ( v251 ) { v252 = v251; v253 = objc_msgSend(v467, "delegate"); v254 = (void *)objc_retainAutoreleasedReturnValue(v253); v255 = (unsigned __int64)objc_msgSend(v254, "respondsToSelector:", "applicationWillPause:"); objc_release(v254); objc_release(v252); if ( v255 ) { v256 = objc_msgSend(v467, "delegate"); v257 = (void *)objc_retainAutoreleasedReturnValue(v256); objc_msgSend(v257, "applicationWillPause:", v467); objc_release(v257); v258 = objc_msgSend(v467, "delegate"); v449 = objc_retainAutoreleasedReturnValue(v258); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationWillPause : %@")); objc_release(v449); } } } if ( (unsigned int)objc_msgSend(v8, "shouldDelayRelease", v449) && (v259 = objc_msgSend(v8, "cachedViewControllers"), v260 = (void *)objc_retainAutoreleasedReturnValue(v259), v261 = objc_msgSend(v260, "count"), objc_release(v260), v261) ) { v464 = v87; v262 = objc_msgSend(v8, "viewControllers"); v263 = (void *)objc_retainAutoreleasedReturnValue(v262); objc_msgSend(v263, "removeAllObjects"); objc_release(v263); v264 = objc_msgSend(v8, "delegate"); v265 = objc_retainAutoreleasedReturnValue(v264); if ( v265 && (v266 = v265, v267 = objc_msgSend(v8, "delegate"), v268 = (void *)objc_retainAutoreleasedReturnValue(v267), v269 = (unsigned __int64)objc_msgSend( v268, "respondsToSelector:", "delayReleaseApplicationControllers:params:"), objc_release(v268), objc_release(v266), v269) ) { v270 = objc_msgSend(v8, "viewControllers"); v271 = (void *)objc_retainAutoreleasedReturnValue(v270); v272 = objc_msgSend(v8, "delegate"); v273 = (void *)objc_retainAutoreleasedReturnValue(v272); v274 = objc_msgSend(v8, "cachedViewControllers"); v275 = objc_retainAutoreleasedReturnValue(v274); v276 = v275; v277 = objc_msgSend(v273, "delayReleaseApplicationControllers:params:", v275, v9); v278 = objc_retainAutoreleasedReturnValue(v277); objc_msgSend(v271, "addObjectsFromArray:", v278); objc_release(v278); objc_release(v276); objc_release(v273); v279 = v271; } else { v297 = objc_msgSend(v8, "delegate"); v298 = objc_retainAutoreleasedReturnValue(v297); if ( v298 ) { v299 = objc_msgSend(v8, "delegate"); v300 = (void *)objc_retainAutoreleasedReturnValue(v299); v301 = (unsigned __int64)objc_msgSend(v300, "respondsToSelector:", "delayReleaseApplicationControllers:"); objc_release(v300); } else { v301 = 0; } objc_release(v298); v328 = objc_msgSend(v8, "viewControllers"); v329 = (void *)objc_retainAutoreleasedReturnValue(v328); if ( v301 ) { v330 = objc_msgSend(v8, "delegate"); v331 = (void *)objc_retainAutoreleasedReturnValue(v330); v332 = objc_msgSend(v8, "cachedViewControllers"); v333 = objc_retainAutoreleasedReturnValue(v332); v334 = v333; v335 = objc_msgSend(v331, "delayReleaseApplicationControllers:", v333); v336 = objc_retainAutoreleasedReturnValue(v335); objc_msgSend(v329, "addObjectsFromArray:", v336); objc_release(v336); objc_release(v334); } else { v337 = objc_msgSend(v8, "cachedViewControllers"); v331 = (void *)objc_retainAutoreleasedReturnValue(v337); objc_msgSend(v329, "addObjectsFromArray:", v331); } objc_release(v331); v279 = v329; } objc_release(v279); v496 = 0u; v497 = 0u; v494 = 0u; v495 = 0u; v338 = objc_msgSend(v8, "viewControllers"); v339 = (void *)objc_retainAutoreleasedReturnValue(v338); v340 = v339; v341 = objc_msgSend(v339, "countByEnumeratingWithState:objects:count:", &v494, &v516, 16LL); if ( v341 ) { v342 = v341; v343 = *(_QWORD *)v495; do { v344 = 0LL; do { if ( *(_QWORD )v495 != v343 ) objc_enumerationMutation(v340); v345 = (void **)(((_QWORD )&v494 + 1) + 8 * v344); v346 = objc_msgSend((void **)(((_QWORD *)&v494 + 1) + 8 * v344), "microApplication"); v347 = objc_retainAutoreleasedReturnValue(v346); objc_release(v347); if ( !v347 ) objc_msgSend(v345, "setMicroApplication:", v8); ++v344; } while ( v344 < (unsigned __int64)v342 ); v342 = objc_msgSend(v340, "countByEnumeratingWithState:objects:count:", &v494, &v516, 16LL); } while ( v342 ); } objc_release(v340); v348 = objc_msgSend(v8, "cachedViewControllers"); v349 = (void *)objc_retainAutoreleasedReturnValue(v348); objc_msgSend(v349, "removeAllObjects"); objc_release(v349); v350 = -[DFMicroApplicationManager findPreviousAppAndNavigationControllerForApp:]( v473, "findPreviousAppAndNavigationControllerForApp:", v8); v351 = (void *)objc_retainAutoreleasedReturnValue(v350); v352 = v351; v353 = objc_msgSend(v351, "objectForKeyedSubscript:", CFSTR("navController")); v354 = (void *)objc_retainAutoreleasedReturnValue(v353); v455 = v8; v459 = v354; APLogToFile( CFSTR("APMobileRuntime"), 20000LL, CFSTR("delay release,findPreviousAppAndNavigationControllerForApp: %@, navi: %@")); if ( !v354 ) { v355 = objc_msgSend(v460, "window", v8, 0LL); v356 = (void *)objc_retainAutoreleasedReturnValue(v355); v357 = v356; v358 = objc_msgSend(v356, "rootViewController"); v354 = (void *)objc_retainAutoreleasedReturnValue(v358); objc_release(v357); } v9 = (__int64)v471; if ( (unsigned __int64)(v464 - 3) > 1 ) { v378 = objc_msgSend(&OBJC_CLASS___NSMutableArray, "alloc", v455, v459); v379 = objc_msgSend(v354, "viewControllers"); v380 = objc_retainAutoreleasedReturnValue(v379); v381 = (DFNavigationController *)objc_msgSend(v378, "initWithArray:", v380); objc_release(v380); v382 = objc_msgSend(v8, "viewControllers"); v383 = objc_retainAutoreleasedReturnValue(v382); objc_msgSend(v381, "addObjectsFromArray:", v383); objc_release(v383); objc_msgSend(v354, "setViewControllers:animated:", v381, v469 == (char *)3); v377 = v381; } else { v359 = objc_msgSend(&OBJC_CLASS___DFNavigationController, "alloc", v455, v459); v360 = NSClassFromString(CFSTR("APNavigationBar")); v361 = -[DFNavigationController initWithNavigationBarClass:toolbarClass:]( v359, "initWithNavigationBarClass:toolbarClass:", v360, 0LL); v362 = objc_msgSend(v8, "viewControllers"); v363 = objc_retainAutoreleasedReturnValue(v362); -[DFNavigationController setViewControllers:animated:](v361, "setViewControllers:animated:", v363, 0LL); objc_release(v363); v364 = -DFNavigationController items; v365 = (void *)objc_retainAutoreleasedReturnValue(v364); v366 = objc_msgSend(v8, "viewControllers"); v367 = objc_retainAutoreleasedReturnValue(v366); objc_msgSend(v365, "addObjectsFromArray:", v367); objc_release(v367); objc_release(v365); v368 = objc_msgSend(v8, "delegate"); v369 = objc_retainAutoreleasedReturnValue(v368); if ( v369 ) { v370 = v369; v371 = objc_msgSend(v8, "delegate"); v372 = (void *)objc_retainAutoreleasedReturnValue(v371); v373 = (unsigned __int64)objc_msgSend(v372, "respondsToSelector:"); objc_release(v372); objc_release(v370); if ( v373 ) { v374 = objc_msgSend(v8, "delegate"); v375 = (void *)objc_retainAutoreleasedReturnValue(v374); objc_msgSend(v375, "applicationShouldPresent:params:navigationController:", v8, v471, v361); objc_release(v375); v376 = objc_msgSend(v8, "delegate"); v456 = objc_retainAutoreleasedReturnValue(v376); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationShouldPresent : %@")); objc_release(v456); } } v488 = _NSConcreteStackBlock; v489 = 3254779904LL; v490 = sub_100CD3D50; v491 = &unk_105667020; v492 = objc_retain(v8); v493 = objc_retain(v471); objc_msgSend( v354, "presentViewController:animated:completion:", v361, (v464 == (char *)3) & (unsigned __int8)(v469 == (char *)3), &v488, v456); objc_release(v493); objc_release(v492); v377 = v361; } objc_release(v377); v111 = v472; v384 = objc_msgSend(v8, "delegate"); v385 = objc_retainAutoreleasedReturnValue(v384); if ( v385 ) { v386 = v385; v387 = objc_msgSend(v8, "delegate"); v388 = (void *)objc_retainAutoreleasedReturnValue(v387); v389 = (unsigned __int64)objc_msgSend(v388, "respondsToSelector:", "applicationDidShow:"); objc_release(v388); objc_release(v386); if ( v389 ) { v390 = objc_msgSend(v8, "delegate"); v391 = (void *)objc_retainAutoreleasedReturnValue(v390); objc_msgSend(v391, "applicationDidShow:", v8); objc_release(v391); v392 = objc_msgSend(v8, "delegate"); v453 = objc_retainAutoreleasedReturnValue(v392); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationDidShow : %@")); objc_release(v453); } } objc_release(v354); objc_release(v352); } else { APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("create rootController begin")); v280 = objc_msgSend(v8, "rootController"); v281 = objc_retainAutoreleasedReturnValue(v280); v453 = v281; APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("create rootController end %@")); if ( v281 ) { v282 = objc_msgSend(v460, "window", v281); v283 = (void *)objc_retainAutoreleasedReturnValue(v282); v284 = v283; v285 = objc_msgSend(v283, "rootViewController"); v470 = (char *)objc_retainAutoreleasedReturnValue(v285); objc_release(v284); v286 = objc_msgSend(v8, "delegate"); v287 = objc_retainAutoreleasedReturnValue(v286); if ( v287 ) { v288 = v287; v289 = v87; v290 = objc_msgSend(v8, "delegate"); v291 = (void *)objc_retainAutoreleasedReturnValue(v290); v292 = (unsigned __int64)objc_msgSend( v291, "respondsToSelector:", "applicationStartRootControllerWithNoAnimation:"); objc_release(v291); objc_release(v288); if ( v292 ) { v293 = objc_msgSend(v8, "delegate"); v294 = (void *)objc_retainAutoreleasedReturnValue(v293); v295 = (unsigned __int64)objc_msgSend(v294, "applicationStartRootControllerWithNoAnimation:", v8) ^ 1; objc_release(v294); v296 = objc_msgSend(v8, "delegate"); v454 = objc_retainAutoreleasedReturnValue(v296); APLogToFile( CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationStartRootControllerWithNoAnimation : %@")); objc_release(v454); } else { v295 = 1; } v87 = v289; } else { v295 = 1; } v302 = objc_msgSend(v470, "class", v454); v303 = NSStringFromClass(v302); v304 = objc_retainAutoreleasedReturnValue(v303); v305 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithInteger:", v87); v306 = v87; v453 = v304; v458 = objc_retainAutoreleasedReturnValue(v305); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("navigationController is : %@, launchMode is : %@")); objc_release(v458); objc_release(v304); if ( (unsigned __int64)(v87 - 1) <= 5 ) JUMPOUT(CS, (char *)&loc_100CD2BD4 + 4 * byte_107F15F78[(_QWORD)(v87 - 1)]); v307 = v470; if ( (unsigned __int64)(v306 - 3) <= 1 ) { v308 = v306 == (char *)3; v309 = objc_msgSend(&OBJC_CLASS___DFNavigationController, "alloc", v304, v458); v310 = -[DFNavigationController initWithRootViewController:](v309, "initWithRootViewController:", v281); v311 = objc_msgSend(v8, "delegate"); v312 = objc_retainAutoreleasedReturnValue(v311); if ( v312 ) { v313 = v312; v314 = objc_msgSend(v8, "delegate"); v315 = (void *)objc_retainAutoreleasedReturnValue(v314); v316 = (unsigned __int64)objc_msgSend( v315, "respondsToSelector:", "applicationShouldPresent:params:navigationController:"); objc_release(v315); objc_release(v313); if ( v316 ) { v317 = objc_msgSend(v8, "delegate"); v318 = (void *)objc_retainAutoreleasedReturnValue(v317); objc_msgSend(v318, "applicationShouldPresent:params:navigationController:", v8, v471, v310); objc_release(v318); } } v319 = objc_msgSend(v8, "delegate"); v320 = objc_retainAutoreleasedReturnValue(v319); if ( !v320 ) goto LABEL_182; v321 = v320; v322 = objc_msgSend(v8, "delegate"); v323 = (void *)objc_retainAutoreleasedReturnValue(v322); v324 = (unsigned __int64)objc_msgSend( v323, "respondsToSelector:", "applicationShouldStopPresent:params:navigationController:"); objc_release(v323); objc_release(v321); if ( !v324 || (v325 = objc_msgSend(v8, "delegate"), v326 = (void *)objc_retainAutoreleasedReturnValue(v325), v327 = (unsigned __int64)objc_msgSend( v326, "applicationShouldStopPresent:params:navigationController:", v8, v471, v310), objc_release(v326), !(v327 & 1)) ) { LABEL_182: v482 = _NSConcreteStackBlock; v483 = 3254779904LL; v484 = sub_100CD3E6C; v485 = &unk_105667020; v486 = objc_retain(v8); v487 = objc_retain(v471); objc_msgSend(v470, "presentViewController:animated:completion:", v310, v308 & (unsigned int)v295, &v482); objc_release(v487); objc_release(v486); } objc_release(v310); v9 = (__int64)v471; v111 = v472; v307 = v470; } objc_release(v307); } objc_release(v281); } if ( !((unsigned __int64)objc_msgSend(v8, "createFromCache", v453, v458) & 1) ) { v393 = objc_msgSend(v8, "delegate"); v394 = objc_retainAutoreleasedReturnValue(v393); if ( v394 ) { v395 = v394; v396 = objc_msgSend(v8, "delegate"); v397 = (void *)objc_retainAutoreleasedReturnValue(v396); v398 = (unsigned __int64)objc_msgSend(v397, "respondsToSelector:", "applicationDidFinishLaunching:"); objc_release(v397); objc_release(v395); if ( v398 ) { v399 = objc_msgSend(v8, "delegate"); v400 = (void *)objc_retainAutoreleasedReturnValue(v399); objc_msgSend(v400, "applicationDidFinishLaunching:", v8); objc_release(v400); v401 = objc_msgSend(v8, "delegate"); v457 = objc_retainAutoreleasedReturnValue(v401); APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationDidFinishLaunching : %@")); objc_release(v457); } } } -[DFMicroApplicationManager resignLoginHoldingFlag](v473, "resignLoginHoldingFlag", v457); if ( (unsigned __int64)objc_msgSend(v8, "createFromCache") & 1 ) goto LABEL_176; v402 = -DFMicroApplicationManager delayReleaseApplications; v156 = (DFStartApplicationOperation *)objc_retainAutoreleasedReturnValue(v402); objc_sync_enter(); v403 = objc_msgSend(v8, "delegate"); v404 = objc_retainAutoreleasedReturnValue(v403); if ( v404 ) { v405 = v404; v406 = objc_msgSend(v8, "delegate"); v407 = (void *)objc_retainAutoreleasedReturnValue(v406); v408 = (unsigned __int64)objc_msgSend(v407, "respondsToSelector:", "applicationShouldDelayRelease:"); objc_release(v407); objc_release(v405); if ( v408 ) { v409 = objc_msgSend(v8, "delegate"); v410 = (void *)objc_retainAutoreleasedReturnValue(v409); v411 = v410; v412 = objc_msgSend(v410, "applicationShouldDelayRelease:", v8); objc_msgSend(v8, "setShouldDelayRelease:", v412); objc_release(v411); if ( (unsigned int)objc_msgSend(v8, "shouldDelayRelease") ) { objc_msgSend(v8, "setShouldReleaseWhenMemoryWarning:", 1LL); objc_msgSend(v8, "setAppSurvivalTimeInterval:", 300.0); v413 = objc_msgSend(v8, "delegate"); v414 = (void *)objc_retainAutoreleasedReturnValue(v413); v415 = (unsigned __int64)objc_msgSend(v414, "respondsToSelector:", "survivalTimeIntervalOfApplication:"); objc_release(v414); if ( v415 ) { v416 = objc_msgSend(v8, "delegate"); v417 = (void *)objc_retainAutoreleasedReturnValue(v416); objc_msgSend(v417, "survivalTimeIntervalOfApplication:", v8); objc_msgSend(v8, "setAppSurvivalTimeInterval:"); objc_release(v417); } v418 = objc_msgSend(v8, "delegate"); v419 = (void *)objc_retainAutoreleasedReturnValue(v418); v420 = (unsigned __int64)objc_msgSend( v419, "respondsToSelector:", "applicationShouldReleaseWhenReceivedMemoryWarning:"); objc_release(v419); if ( v420 ) { v421 = objc_msgSend(v8, "delegate"); v422 = (void *)objc_retainAutoreleasedReturnValue(v421); v423 = v422; v424 = objc_msgSend(v422, "applicationShouldReleaseWhenReceivedMemoryWarning:", v8); objc_msgSend(v8, "setShouldReleaseWhenMemoryWarning:", v424); objc_release(v423); } v425 = -DFMicroApplicationManager delayReleaseApplications; v426 = (void *)objc_retainAutoreleasedReturnValue(v425); v427 = (unsigned __int64)objc_msgSend(v426, "containsObject:", v8); objc_release(v426); if ( !(v427 & 1) ) { v428 = -DFMicroApplicationManager delayReleaseApplications; v429 = (void *)objc_retainAutoreleasedReturnValue(v428); v430 = objc_msgSend(v429, "count"); objc_release(v429); if ( (unsigned __int64)v430 >= 5 ) { v431 = 0LL; while ( 1 ) { v440 = -DFMicroApplicationManager delayReleaseApplications; v441 = (void *)objc_retainAutoreleasedReturnValue(v440); v442 = objc_msgSend(v441, "count"); objc_release(v441); if ( (unsigned __int64)v442 <= v431 ) break; v432 = -DFMicroApplicationManager delayReleaseApplications; v433 = (void *)objc_retainAutoreleasedReturnValue(v432); v434 = v433; v435 = objc_msgSend(v433, "objectAtIndexedSubscript:", v431); v436 = objc_retainAutoreleasedReturnValue(v435); objc_release(v434); v437 = -DFMicroApplicationManager applicationStack; v438 = (void *)objc_retainAutoreleasedReturnValue(v437); v439 = (unsigned __int64)objc_msgSend(v438, "containsObject:", v436); objc_release(v438); if ( !(v439 & 1) ) { v443 = -DFMicroApplicationManager delayReleaseApplications; v9 = (__int64)v471; v444 = (void *)objc_retain(v443); objc_msgSend(v444, "removeObjectAtIndex:", (unsigned int)v431); objc_release(v444); objc_release(v436); break; } objc_release(v436); ++v431; v9 = (__int64)v471; } } v445 = -DFMicroApplicationManager delayReleaseApplications; v446 = (void *)objc_retainAutoreleasedReturnValue(v445); objc_msgSend(v446, "addObject:", v8); objc_release(v446); } } } } objc_sync_exit(v156); goto LABEL_174; } APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("self.shouldHoldLoginApp = YES")); v92 = objc_msgSend(v8, "descriptor"); v93 = (void *)objc_retainAutoreleasedReturnValue(v92); v94 = v93; v95 = objc_msgSend(v93, "name"); v96 = (void *)objc_retainAutoreleasedReturnValue(v95); v97 = (unsigned __int64)objc_msgSend(v96, "isEqualToString:", CFSTR("20000008")); v98 = v96; v91 = v473; objc_release(v98); objc_release(v94); if ( !v97 ) goto LABEL_41; APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("Record login operation")); v99 = objc_msgSend(&OBJC_CLASS___DFStartApplicationOperation, "alloc"); -[DFMicroApplicationManager setLoginOperation:](v473, "setLoginOperation:", v99); objc_release(v99); v100 = objc_msgSend(v8, "descriptor"); v101 = (void *)objc_retainAutoreleasedReturnValue(v100); v102 = v101; v103 = objc_msgSend(v101, "name"); v104 = objc_retainAutoreleasedReturnValue(v103); v105 = -DFMicroApplicationManager loginOperation; v106 = (void *)objc_retainAutoreleasedReturnValue(v105); objc_msgSend(v106, "setAppName:", v104); objc_release(v106); objc_release(v104); objc_release(v102); v107 = -DFMicroApplicationManager loginOperation; v108 = (void *)objc_retainAutoreleasedReturnValue(v107); objc_msgSend(v108, "setParams:", v9); objc_release(v108); v109 = -DFMicroApplicationManager loginOperation; v110 = (void *)objc_retainAutoreleasedReturnValue(v109); objc_msgSend(v110, "setLaunchMode:", v87); objc_release(v110); v22 = 0; v111 = v472; LABEL_177: objc_release(v506); objc_release(v505); objc_release(v504); objc_release(v503); objc_release(v502); objc_release(v461); objc_release(v462); objc_release(v466); objc_release(v465); objc_release(v111); LABEL_178: objc_release(v9); result = objc_release(v8); if ( __stack_chk_guard == v538 ) result = v22; return result; }

  • 在伪代码里搜索 login 关键字,就能看到调登陆的入口 -[DFMicroApplicationManager loginOperation] ,替换这个方法返回nil,还是强制登陆了,没有效果。
  • 还有一个关键字 shouldHoldLoginApp ,替换返回YES,直接黑屏了
  • 替换login---此路不通
  • 再回到登陆页,打印当前的vc,可以看到有2个ViewController,其中登陆aluNavigationController是被present出来的,因此只要调用下dismissViewControllerAnimated就可以退出登陆VC

  (lldb) pvc
<DFNavigationController 0x10e841c00>, state: disappeared, view: <UILayoutContainerView 0x119f7ea40> not in the window
   | <ALPLauncherController 0x10e8d0400>, state: disappeared, view: <UILayoutContainerView 0x10d6566c0> not in the window
   |    | <HPHomeWidgetGroup 0x11101e800>, state: disappeared, view: <DTBaseView 0x1142f85b0> not in the window
   |    |    | <HomeCardMainController 0x10e9f5800>, state: disappeared, view: <DTBaseView 0x1219b9b80> not in the window
   |    | <FHRootViewController 0x10e8a6e00>, state: disappeared, view: (view not loaded)
   |    | <O2OIndexViewController 0x10e8efa00>, state: disappeared, view: (view not loaded)
   |    | <APContactRecentViewController 0x10e9b5200>, state: disappeared, view: <DTBaseView 0x121385680> not in the window
   |    | <WWAssetsViewController 0x10e107c00>, state: disappeared, view: (view not loaded)
   + <aluNavigationController 0x10e949e00>, state: appeared, view: <UILayoutContainerView 0x119fc21e0>, presented with: <_UIFullscreenPresentationController 0x114219210>
   |    | <ALULoginNewcomerViewController 0x10e05e800>, state: appeared, view: <UIView 0x110e28f00>
(lldb) 
复制代码
  • 我在登陆按钮点击的时候dissMiss登录VC, 顺利进入支付宝首页
  • 虽然进了首页,但是小程序还是打不开,网络请求发送失败
+ 因为修改了bundleid, 尝试去恢复bundleid,首先重写NSBundle bundleIdentifier,返回固定值com.alipay.iphoneclient,然后重写infoDictionary, 写死CFBundleIdentifier的值,抓包看,所有发出的请求都请求成功了,但是小程序还是无法打开。

小结

  • 虽然顺利进入了支付宝首页,但是小程序功能还是不可用,我决定暂时放弃iOS13了 , 支付宝针对bundleid做了特殊的防护逻辑,后续再慢慢研究。

总结

  • 我日常工作也调试过很多家的app, 基本上自动化反反调试工具都能攻破,相比支付宝,他们的防护手段还是常规操作。
  • 对比微信和支付宝的防护可以看到支付宝的防护手段是从入口切断调试;微信没有做这种调试入口的防护,但是发现你在调试时会封你登陆的微信账户。
  • 2种防护都会消耗掉反调试者的大量时间和精力,没有耐心的基本就放弃了。
  • 逆向之路,路漫漫其修远兮,继续加油吧。