iOS逆向-企业微信修改打卡定位


#1
转载请注明出处:http://blog.csdn.net/pilgrim1385/article/details/54707580
说明:本文章涉及内容非常简单,故只简要说明逆向思路,具体实现方式请自行查询相关知识点。

需要已越狱的iPhone
1.脱壳:使用Clutch脱掉从App Store下载的企业微信App的壳。
2.导出头文件:使用ClassDump导出脱壳后程序的头文件。
3.定位目标:因为要修改的是打卡定位的功能,第一时间想到的是替换GPS返回给APP的位置信息,从而影响APP的定位位置。而iOS原生开发中,定位相关的内容在CLLocation中。因此,使用Hooper加载脱壳后的程序,搜索didUpdateLocations(这是原生开发中获取经纬度常用的代理方法),出现了一些使用了这个代理方法的方法。在Tweak中hook它们的实现,改掉代理返回的经纬度信息,并传给它们原来的实现。经尝试,这种改法并不能成功,因此又继续寻找,发现企业微信使用的是腾讯地图,使用之前的方式,Hooper中搜索didUpdateUserLocation,hook实现、改返回经纬度、传给原实现,可以成功修改定位位置。此deb插件(1.3.2版本)
最近使用,发现企业微信版本升级,原有插件已失去效果。重新分析,发现腾讯地图新增了代理方法didUpdateToLocation fromLocation,Hooper搜索didUpdateToLocation,hook实现、改返回经纬度、传给原实现。重新搜索之前的didUpdateLocations、didUpdateUserLocation,发现之前版本有些文件已经没有了,有些文件是新增的(最近版本可能做了代码重构)。修改Tweak,按之前的方法挨个hook,成功修改定位位置。(1.3.4版本)
BTW:经同事提醒,尝试hook CLLocation coordinate get方法,但是并没有成功修改定位位置,页面变成定位失败。从网上看到可以hook住CLLocationManager的startUpdatingLocation方法,没有试过,感觉是可以一试的。
4.制作Tweak:使用THEOS生成Tweak文件,编写之前分析得到的hook代码,打包、安装,后台杀死APP并重新打开,发现定位位置已经变成我们想要的了。
PS:deb文件中增加了输入经纬度的输入框,输入经纬度会保存在本地,下次进入自动使用以前输入的位置。经纬度需要按照提示的格式填写,相关位置的经纬度可以自行百度,要google地图的坐标(我忘了,好像是的)

deb下载地址:https://pan.baidu.com/s/1nv9CEUH   提取码:s8g5
deb只有越狱手机才能装。iPhone5S以上arm64架构机型。删除此插件请打开APP Cydia进行删除。



附录一:Tweak文件内容(直接复制打不了包哦,需要准备相关的头文件才行)
#include <substrate.h>
#import <CoreLocation/CoreLocation.h>
#import "QUserLocation.h"
#import "pilgrimHeader.h"

%hook WWKMessageListController
%new
- (void)hidePilgrimView {
    UIView * pilgrimView = [[[UIApplication sharedApplication] keyWindow] viewWithTag:10001];
    [pilgrimView removeFromSuperview];
}
%new
- (void)jumpButtonDidClick {
    [self hidePilgrimView];
}
%new
- (void)confirmButtonDidClick {
    UIView * pilgrimView = [[[UIApplication sharedApplication] keyWindow] viewWithTag:10001];
    UIView * middleView = [pilgrimView viewWithTag:10002];
    UITextField * latitudeTF = [middleView viewWithTag:10003];
    UITextField * longitudeTF = [middleView viewWithTag:10004];
    [[NSUserDefaults standardUserDefaults] setObject:latitudeTF.text forKey:@"pilgrimLatitude"];
    [[NSUserDefaults standardUserDefaults] setObject:longitudeTF.text forKey:@"pilgrimLongitude"];
    [[NSUserDefaults standardUserDefaults] synchronize];
    [self hidePilgrimView];
}
%new
- (void)showPilgrimView {
    UIView * pilgrimView = [[UIView alloc] initWithFrame:CGRectMake(0, 0, [UIScreen mainScreen].bounds.size.width, [UIScreen mainScreen].bounds.size.height)];
    pilgrimView.tag = 10001;
    pilgrimView.backgroundColor = [[UIColor blackColor] colorWithAlphaComponent:0.6];
    [[[UIApplication sharedApplication] keyWindow] addSubview:pilgrimView];
    [[[UIApplication sharedApplication] keyWindow] bringSubviewToFront:pilgrimView];

    CGFloat middleViewWidth = [UIScreen mainScreen].bounds.size.width - 16;
    CGFloat middleViewHeight = 258;
    UIView * middleView = [[UIView alloc] initWithFrame:CGRectMake(8, ([UIScreen mainScreen].bounds.size.height - middleViewHeight) / 2.0, middleViewWidth, middleViewHeight)];
    middleView.tag = 10002;
    middleView.backgroundColor = [UIColor whiteColor];
    [pilgrimView addSubview:middleView];

    CGFloat hintLabelWidth = middleViewWidth - 16;
    UILabel * hintLabel = [[UILabel alloc] initWithFrame:CGRectMake(8, 8, hintLabelWidth, 22)];
    hintLabel.text = @"请输入经纬度";
    hintLabel.textAlignment = NSTextAlignmentCenter;
    hintLabel.font = [UIFont systemFontOfSize:20];
    hintLabel.textColor = [UIColor blackColor];
    hintLabel.backgroundColor = [UIColor whiteColor];
    [middleView addSubview:hintLabel];

    UILabel * templateHintLabel1 = [[UILabel alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(hintLabel.frame) + 8, hintLabelWidth, 22)];
    templateHintLabel1.text = @"经度例如39.1138577412";
    templateHintLabel1.textAlignment = NSTextAlignmentCenter;
    templateHintLabel1.font = [UIFont systemFontOfSize:14];
    templateHintLabel1.textColor = [UIColor blackColor];
    templateHintLabel1.backgroundColor = [UIColor whiteColor];
    [middleView addSubview:templateHintLabel1];

    UILabel * templateHintLabel2 = [[UILabel alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(templateHintLabel1.frame) + 8, hintLabelWidth, 22)];
    templateHintLabel2.text = @"维度例如117.2162797155";
    templateHintLabel2.textAlignment = NSTextAlignmentCenter;
    templateHintLabel2.font = [UIFont systemFontOfSize:14];
    templateHintLabel2.textColor = [UIColor blackColor];
    templateHintLabel2.backgroundColor = [UIColor whiteColor];
    [middleView addSubview:templateHintLabel2];

    UITextField * latitudeTF = [[UITextField alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(templateHintLabel2.frame) + 8, hintLabelWidth, 22)];
    latitudeTF.tag = 10003;
    latitudeTF.placeholder = @"请输入经度";
    latitudeTF.textColor = [UIColor blackColor];
    latitudeTF.font = [UIFont systemFontOfSize:14.0];
    [middleView addSubview:latitudeTF];

    UITextField * longitudeTF = [[UITextField alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(latitudeTF.frame) + 8, hintLabelWidth, 22)];
    longitudeTF.tag = 10004;
    longitudeTF.placeholder = @"请输入纬度";
    longitudeTF.textColor = [UIColor blackColor];
    longitudeTF.font = [UIFont systemFontOfSize:14.0];
    [middleView addSubview:longitudeTF];

    UIButton * confirmButton = [[UIButton alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(longitudeTF.frame) + 8, hintLabelWidth, 42)];
    confirmButton.backgroundColor = [UIColor orangeColor];
    [confirmButton setTitle:@"确定" forState:UIControlStateNormal];
    [confirmButton setTitleColor:[UIColor whiteColor] forState:UIControlStateNormal];
    [confirmButton addTarget:self action:@selector(confirmButtonDidClick) forControlEvents:UIControlEventTouchUpInside];
    [middleView addSubview:confirmButton];

    UIButton * jumpButton = [[UIButton alloc] initWithFrame:CGRectMake(8, CGRectGetMaxY(confirmButton.frame) + 8, hintLabelWidth, 42)];
    jumpButton.backgroundColor = [UIColor purpleColor];
    [jumpButton setTitle:@"使用之前设置的经纬度" forState:UIControlStateNormal];
    [jumpButton setTitleColor:[UIColor whiteColor] forState:UIControlStateNormal];
    [jumpButton addTarget:self action:@selector(jumpButtonDidClick) forControlEvents:UIControlEventTouchUpInside];
    [middleView addSubview:jumpButton];
}
- (void)viewDidLoad {
    [self showPilgrimView];
    %orig;
}
%end

%hook JWeixinNativeCodeHandler_getLocation

-(void)locationManager:(CLLocationManager *)manager didUpdateLocations:(NSArray *)locations {

    NSMutableArray * tempArray = [NSMutableArray array];
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    for (CLLocation * location in locations) {
        CLLocation * newLocation = [[CLLocation alloc] initWithCoordinate:CLLocationCoordinate2DMake(myLatitude, myLongitude) altitude:location.altitude horizontalAccuracy:location.horizontalAccuracy verticalAccuracy:location.verticalAccuracy course:location.course speed:location.speed timestamp:location.timestamp];
        [tempArray addObject:newLocation];
    }
    NSArray * newLocations = [NSArray arrayWithArray:tempArray];
    %orig(manager, newLocations);
}

%end

%hook WWKLocationRetriever

-(void)locationManager:(CLLocationManager *)manager didUpdateLocations:(NSArray *)locations {

    NSMutableArray * tempArray = [NSMutableArray array];
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    for (CLLocation * location in locations) {
        CLLocation * newLocation = [[CLLocation alloc] initWithCoordinate:CLLocationCoordinate2DMake(myLatitude, myLongitude) altitude:location.altitude horizontalAccuracy:location.horizontalAccuracy verticalAccuracy:location.verticalAccuracy course:location.course speed:location.speed timestamp:location.timestamp];
        [tempArray addObject:newLocation];
    }
    NSArray * newLocations = [NSArray arrayWithArray:tempArray];
    %orig(manager, newLocations);
}
/*
- (void)mapView:(id)arg1 didUpdateUserLocation:(QUserLocation *)arg2 updatingLocation:(_Bool)arg3
{
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    [arg2 setCoordinate: CLLocationCoordinate2DMake(myLatitude, myLongitude)];
    %orig(arg1, arg2, arg3);
}
*/

%end

%hook WWKAttendancePositionTestViewController

-(void)locationManager:(CLLocationManager *)manager didUpdateLocations:(NSArray *)locations {

    NSMutableArray * tempArray = [NSMutableArray array];
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    for (CLLocation * location in locations) {
        CLLocation * newLocation = [[CLLocation alloc] initWithCoordinate:CLLocationCoordinate2DMake(myLatitude, myLongitude) altitude:location.altitude horizontalAccuracy:location.horizontalAccuracy verticalAccuracy:location.verticalAccuracy course:location.course speed:location.speed timestamp:location.timestamp];
        [tempArray addObject:newLocation];
    }
    NSArray * newLocations = [NSArray arrayWithArray:tempArray];
    %orig(manager, newLocations);
}

%end

/*
%hook WWKConversationLBSViewController
- (void)mapView:(id)arg1 didUpdateUserLocation:(QUserLocation *)arg2 updatingLocation:(_Bool)arg3
{
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    [arg2 setCoordinate: CLLocationCoordinate2DMake(myLatitude, myLongitude)];
    %orig(arg1, arg2, arg3);
}
%end

%hook WWKAttendanceMapView_V13
- (void)mapView:(id)arg1 didUpdateUserLocation:(QUserLocation *)arg2 updatingLocation:(_Bool)arg3
{
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    [arg2 setCoordinate: CLLocationCoordinate2DMake(myLatitude, myLongitude)];
    %orig(arg1, arg2, arg3);
}
%end
*/

%hook QMapView
- (void)locationManager:(id)arg1 didUpdateToLocation:(CLLocation *)arg2 fromLocation:(id)arg3
{
    NSString * latitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLatitude"];
    NSString * longitudeStr = [[NSUserDefaults standardUserDefaults] stringForKey:@"pilgrimLongitude"];
    if (latitudeStr == nil) {
        latitudeStr = @"39.1234567890";
    }
    if (longitudeStr == nil) {
        longitudeStr = @"117.1234567890";
    }
    double myLatitude = [latitudeStr doubleValue];
    double myLongitude = [longitudeStr doubleValue];
    CLLocation * newLocation = [[CLLocation alloc] initWithCoordinate:CLLocationCoordinate2DMake(myLatitude, myLongitude) altitude:arg2.altitude horizontalAccuracy:arg2.horizontalAccuracy verticalAccuracy:arg2.verticalAccuracy course:arg2.course speed:arg2.speed timestamp:arg2.timestamp];
    arg2 = newLocation;
    NSLog(@"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%@~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", arg2);
    NSLog(@"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%@~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~", arg3);
    %orig(arg1, arg2, arg3);
}
%end

免责声明:软件仅供技术交流,请勿用于商业及非法用途,如产生法律纠纷与本人无关。