21
2017
09

cycript快速定位ViewController

打印当前视图层次UIApp.keyWindow.recursiveDescription().toString()获取上级响应者[#id nextresponsder]
18
2017
09

iOS10越狱后yalu102无法连接SSH的解决办法

用Filza修改/private/var/containers/Bundle/Application/{UUID}/yalu102.app/dropbear.plist把里面有个参数127.0.0.1:22改成22保存,重启手机即可
18
2017
09

两次登录POST参数对比

接口地址https://p19-buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/authenticate同一个账号进行两次登录对比X-Apple-AMDX-Apple-I-MDX-Apple-ActionSignatureX-Apple-I-Client-Time不一样POST内容里的kbsyncpassword不一样其他都一样 这里的password应该是一个在原始密码上加密后的动态密码,并且请求是一次性的,因为已POST的数据,模拟
06
2017
09

AuthKit之AKAnisetteData

   "X-Apple-I-MD" = "AAAABQAAABDWY2vBx3pIU8OPynC3vEvQAAAAAw==";    "X-Apple-I-MD-M" = "7yObbrA4jeBvNqIWYIPyb6qQEhOgluAKsAE1p4VNYKzTVW95jAK5IfbTyIcurQNo6Q83nGHm/WWs07CJ";    "X
06
2017
09

AuthKit之AKAccountManager

+ (BOOL)isAccountsFrameworkAvailable;检测服务是否可用- (id)_tokenWithName:(id)arg1 forAccount:(id)arg2;生成token 实际测试参数为 arg1:heartbeat-tokenarg2:xxxx@qq.com (xx-24A5-4031-9E86-xxxx) 值:AAAABLwIAAAAAFmvVqsRCmdzLmlkbXMuaGK9AEOsqKk2/7CTCCfT5+j5B/3Fxarjg
31
2017
08

AppStore检测账号是否正常接口

我之前逆向找登录接口都是随便输入一个账号然后点击登录查看是否能登。不过经过测试发现,苹果会先调用一个接口查案这个账号是否是正常状态(如果被多次尝试登录或者有其他异常行为会被锁定),如果这个账号不存在也会返回错误的状态码。这个接口不需要密码。接口地址:https://gsa.apple.com/grandslam/GsService2 HEADER X-MMe-Client-Info: <iPhone7,2> <iPhone OS;10.2;14C92> <
30
2017
08

iTunes&AppStore登录窗口

今天逆向找了半天,找出在设置里的itunes store与appstore点击登录后显示的登录框。涉及framework有authkit与authkitui.framework其中一个可疑的方法- (void)shouldContinueWithAuthenticationResults:(id)arg1 error:(id)arg2 forContextID:(id)arg3 completion:(id /* block */)arg4;登录后会调用其中arg1为字典类型{@"AK
29
2017
08

APPStore协议之下载接口

两次下载抓包发现所提交参数只有两个地方不一样,一个自然是软件的id,另外一个则是kbsync。接口地址:https://buy.itunes.apple.com/WebObjects/MZBuy.woa/wa/buyProductcookie:mz_mt0-11379330482ApP12//wyqkdN0H67hE9ho45tz8TxVfCrbC2/7psJG78BrFWL0V+AN7AZobYdVrOofQRZl+fytBzYwNkMed/fkUcpIrMh425NZRNaun3mAPLeW
28
2017
08

APPStore协议之登录接口

以前还能用各种软件抓APPStore的HTTPS通讯过程,现在不行了。不过还是抓到了。登录地址:https://buy.itunes.apple.com/WebObjects/MZFinance.woa/wa/authenticate HeaderX-Apple-Store-Front: 143465-19,17X-Apple-ActionSignature: Au8X+4ZjPiuApI9jJWaw0nqdvnxkkHvZ5MbBpFLVU2k2AAAB0AMAAAACAAABAKvN76vN
28
2017
08

iOS逆向,微信步数修改

hook住WCDeviceStepObject和SportDeviceInfo的两个方法就可以了代码如下@interface WCDeviceStepObject : NSObject-(unsigned int)hkStepCount;-(unsigned int)m7StepCount;@end@class WCDeviceStepObject;CHDeclareClass(WCDeviceStepObject);CHOptimizedMethod(0, self, unsigned lon