12章小程序格式分析WeChat版本问题,-目前贴出6.9到7.9的C伪代码-得到老板肯定继续分析
本帖最后由 ningkong 于 2023-1-7 15:43 编辑IDA pro 7.0 反编译的 WAPackageInfoCacheLogic unpackPkgWithFilePath:unpackLib 函数和书上的为何不一致呢? 分析不然没法跟上,主要看飘哥的分析步骤。
所以 将书本2019.12月 7.0到 7.10的所有旧版本微信全部下载了一遍,脱壳后没有书中的代码 IDA proF5一致的代码, 飘哥没有贴出targe在光盘, 不然分析起来可以还原。
Wechat 6.7
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x23
__int64 v5; // x19
void *v6; // x0
void *v7; // x22
__int64 v8; // x1
__int64 v9; // x21
void *v10; // x0
__int64 v11; // x25
void *v12; // x25
void *v13; // x26
void *v14; // x0
bool v15; // w24
__int64 v16; // x0
char v18; //
__int64 v19; //
v4 = a4;
v5 = objc_retain(a3, a2);
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v19 = 0LL;
v6 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v19);
v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
v9 = objc_retain(v19, v8);
if ( v9 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v9);
}
else if ( objc_msgSend(v7, "length") )
{
goto LABEL_5;
}
v10 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v11 = objc_retainAutoreleasedReturnValue(v10);
objc_release(v7);
v7 = (void *)v11;
LABEL_5:
if ( objc_msgSend(v7, "length") )
{
sub_1030E8470(&v18);
v12 = (void *)objc_retainAutorelease(v7);
v13 = objc_msgSend(v12, "bytes");
v14 = objc_msgSend(v12, "length");
sub_1030E85E0(&v18, v13, v14);
v15 = 1;
v16 = sub_1005A4DEC(v4, &v18, 1LL);
if ( (_DWORD)v16 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v16);
v15 = 0;
}
sub_1030E8520(&v18);
}
else
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v15 = 0;
}
objc_release(v7);
objc_release(v9);
objc_release(v5);
return v15;
}
wechat 7.0
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x23
__int64 v5; // x19
void *v6; // x0
void *v7; // x22
__int64 v8; // x1
__int64 v9; // x21
void *v10; // x0
__int64 v11; // x25
void *v12; // x25
void *v13; // x26
void *v14; // x0
bool v15; // w24
__int64 v16; // x0
char v18; //
__int64 v19; //
v4 = a4;
v5 = objc_retain(a3, a2);
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v19 = 0LL;
v6 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v19);
v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
v9 = objc_retain(v19, v8);
if ( v9 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v9);
}
else if ( objc_msgSend(v7, "length") )
{
goto LABEL_5;
}
v10 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v11 = objc_retainAutoreleasedReturnValue(v10);
objc_release(v7);
v7 = (void *)v11;
LABEL_5:
if ( objc_msgSend(v7, "length") )
{
sub_103346574(&v18);
v12 = (void *)objc_retainAutorelease(v7);
v13 = objc_msgSend(v12, "bytes");
v14 = objc_msgSend(v12, "length");
sub_1033466E4(&v18, v13, v14);
v15 = 1;
v16 = sub_1005E9CC0(v4, &v18, 1LL);
if ( (_DWORD)v16 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v16);
v15 = 0;
}
sub_103346624(&v18);
}
else
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v15 = 0;
}
objc_release(v7);
objc_release(v9);
objc_release(v5);
return v15;
}
WeChat 7.1
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x23
__int64 v5; // x19
void *v6; // x0
void *v7; // x22
__int64 v8; // x1
__int64 v9; // x21
void *v10; // x0
__int64 v11; // x25
void *v12; // x25
void *v13; // x26
void *v14; // x0
bool v15; // w24
__int64 v16; // x0
char v18; //
__int64 v19; //
v4 = a4;
v5 = objc_retain(a3, a2);
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v19 = 0LL;
v6 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v19);
v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
v9 = objc_retain(v19, v8);
if ( v9 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v9);
}
else if ( objc_msgSend(v7, "length") )
{
goto LABEL_5;
}
v10 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v11 = objc_retainAutoreleasedReturnValue(v10);
objc_release(v7);
v7 = (void *)v11;
LABEL_5:
if ( objc_msgSend(v7, "length") )
{
sub_103346754(&v18);
v12 = (void *)objc_retainAutorelease(v7);
v13 = objc_msgSend(v12, "bytes");
v14 = objc_msgSend(v12, "length");
sub_1033468C4(&v18, v13, v14);
v15 = 1;
v16 = sub_1005E9CC0(v4, &v18, 1LL);
if ( (_DWORD)v16 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v16);
v15 = 0;
}
sub_103346804(&v18);
}
else
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v15 = 0;
}
objc_release(v7);
objc_release(v9);
objc_release(v5);
return v15;
}
WeChat 7.2
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x23
__int64 v5; // x19
void *v6; // x0
void *v7; // x22
__int64 v8; // x1
__int64 v9; // x21
void *v10; // x0
__int64 v11; // x25
void *v12; // x25
void *v13; // x26
void *v14; // x0
bool v15; // w24
__int64 v16; // x0
char v18; //
__int64 v19; //
v4 = a4;
v5 = objc_retain(a3, a2);
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v19 = 0LL;
v6 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v19);
v7 = (void *)objc_retainAutoreleasedReturnValue(v6);
v9 = objc_retain(v19, v8);
if ( v9 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v9);
}
else if ( objc_msgSend(v7, "length") )
{
goto LABEL_5;
}
v10 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v11 = objc_retainAutoreleasedReturnValue(v10);
objc_release(v7);
v7 = (void *)v11;
LABEL_5:
if ( objc_msgSend(v7, "length") )
{
sub_10334E908(&v18);
v12 = (void *)objc_retainAutorelease(v7);
v13 = objc_msgSend(v12, "bytes");
v14 = objc_msgSend(v12, "length");
sub_10334EA78(&v18, v13, v14);
v15 = 1;
v16 = sub_1005E9CC0(v4, &v18, 1LL);
if ( (_DWORD)v16 )
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v16);
v15 = 0;
}
sub_10334E9B8(&v18);
}
else
{
+(
&OBJC_CLASS___iConsole,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v15 = 0;
}
objc_release(v7);
objc_release(v9);
objc_release(v5);
return v15;
}
wechat 7.3
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x24
void *v19; // x0
void *v20; // x0
char v22; //
__int64 v23; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v23 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v23);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v23, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_10354B138(&v22);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_10354B2A8(&v22, v15, v16);
v17 = 1;
v18 = sub_100735844(v4, &v22, 1LL);
if ( (_DWORD)v18 )
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v18);
v17 = 0;
}
sub_10354B1E8(&v22);
}
else
{
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
wechat 7.4
bool __cdecl -(
WAPackageInfoCacheLogic *self,
SEL a2,
id a3,
WXAPkg *a4)
{
id v5; // x19
objc_class *v6; // x0
NSData *v7; // x0
NSData *v8; // x22
id v9; // x21
objc_class *v10; // x0
NSData *v11; // x0
NSData *v12; // x26
NSData *v13; // x26
id v14; // x27
id v15; // x0
bool v16; // w25
__int64 v17; // x24
objc_class *v18; // x0
objc_class *v19; // x0
char v21; // BYREF
id v22; // BYREF
v5 = objc_retain(a3);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v22 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v22);
v8 = objc_retainAutoreleasedReturnValue(v7);
v9 = objc_retain(v22);
if ( v9 )
{
v10 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v10,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v9);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v11 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v12 = objc_retainAutoreleasedReturnValue(v11);
objc_release(v8);
v8 = v12;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_104116C4C(v21);
v13 = objc_retainAutorelease(v8);
v14 = objc_msgSend(v13, "bytes");
v15 = objc_msgSend(v13, "length");
sub_104116DBC(v21, v14, v15);
v16 = 1;
v17 = sub_10108BE84(a4, v21, 1LL);
if ( (_DWORD)v17 )
{
v18 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v18,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v17);
v16 = 0;
}
sub_104116CFC(v21);
}
else
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v16 = 0;
}
objc_release(v8);
objc_release(v9);
objc_release(v5);
return v16;
}
wechat 7.5
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x24
void *v19; // x0
void *v20; // x0
char v22; //
__int64 v23; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v23 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v23);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v23, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_104FB59E4(&v22);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_104FB5B54(&v22, v15, v16);
v17 = 1;
v18 = sub_100FC1930(v4, &v22, 1LL);
if ( (_DWORD)v18 )
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v18);
v17 = 0;
}
sub_104FB5A94(&v22);
}
else
{
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
wechat 7.7
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x24
void *v19; // x0
void *v20; // x0
char v22; //
__int64 v23; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
102LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v23 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v23);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v23, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
108LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_104E0FE70(&v22);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_100034E18(&v22, v15, v16);
v17 = 1;
v18 = sub_1000E1A88(v4, &v22, 1LL);
if ( (_DWORD)v18 )
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
125LL,
"-",
CFSTR("unpack error:%d"),
v18);
v17 = 0;
}
sub_104E0FEA4(&v22);
}
else
{
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
116LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
wechat 7.8
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x24
void *v19; // x0
void *v20; // x0
char v22; //
__int64 v23; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
102LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v23 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v23);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v23, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
108LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_104E11E50(&v22);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_100034E78(&v22, v15, v16);
v17 = 1;
v18 = sub_1000E1CF4(v4, &v22, 1LL);
if ( (_DWORD)v18 )
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
125LL,
"-",
CFSTR("unpack error:%d"),
v18);
v17 = 0;
}
sub_104E11E84(&v22);
}
else
{
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
116LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
wechat 7.9
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x0
__int64 v19; // x24
void *v20; // x0
void *v21; // x0
char v23; //
__int64 v24; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
102LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v24 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v24);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v24, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
108LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_10524DE88(&v23);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_100034214(&v23, v15, v16);
v17 = 1;
v18 = sub_1000DA800(v4, &v23, 1LL);
if ( (_DWORD)v18 )
{
v19 = v18;
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
125LL,
"-",
CFSTR("unpack error:%d"),
v19);
v17 = 0;
}
sub_10524DEBC(&v23);
}
else
{
v21 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v21,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
116LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
F5出来的代码有时候也会有差异,找到相同的特征然后对照分析你已经做到这一步了,说明动手能力非常OK了
能够得到,飘哥的赞扬,非常感动。 坚定了把逆向学到底的目标, 人生没有多少时光可以选择。
看雪, 出品的一本 软件加密与解密内幕,新版中,看到您的 格言,在逆向路上失败过,沮丧过,但从未放弃过!
继续的分析记录
本帖最后由 ningkong 于 2023-1-7 15:12 编辑目前分析基于 WeChat 7.0.3, 对比
bool __cdecl -(WAPackageInfoCacheLogic *self, SEL a2, id a3, WXAPkg *a4)
{
WXAPkg *v4; // x24
__int64 v5; // x19
void *v6; // x0
void *v7; // x0
void *v8; // x22
__int64 v9; // x1
__int64 v10; // x21
void *v11; // x0
void *v12; // x0
__int64 v13; // x26
void *v14; // x26
void *v15; // x27
void *v16; // x0
bool v17; // w25
__int64 v18; // x24
void *v19; // x0
void *v20; // x0
char v22; //
__int64 v23; //
v4 = a4;
v5 = objc_retain(a3, a2);
v6 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v6,
"logWithLevel:module:errorCode:file:line:func:format:",
2LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
103LL,
"-",
CFSTR("unpack pkg, path=%@"),
v5);
v23 = 0LL;
v7 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:options:error:", v5, 3LL, &v23);
v8 = (void *)objc_retainAutoreleasedReturnValue(v7);
v10 = objc_retain(v23, v9);
if ( v10 )
{
v11 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v11,
"logWithLevel:module:errorCode:file:line:func:format:",
3LL,
"WeApp",
0LL,
"WAPackageInfoCacheLogic.mm",
109LL,
"-",
CFSTR("unpackPkgWithFilePath(NSDataReadingMappedIfSafe | NSDataReadingUncached) error: %@"),
v10);
}
else if ( objc_msgSend(v8, "length") )
{
goto LABEL_5;
}
v12 = objc_msgSend(&OBJC_CLASS___NSData, "dataWithContentsOfFile:", v5);
v13 = objc_retainAutoreleasedReturnValue(v12);
objc_release(v8);
v8 = (void *)v13;
LABEL_5:
if ( objc_msgSend(v8, "length") )
{
sub_10354B138(&v22);
v14 = (void *)objc_retainAutorelease(v8);
v15 = objc_msgSend(v14, "bytes");
v16 = objc_msgSend(v14, "length");
sub_10354B2A8(&v22, v15, v16);
v17 = 1;
v18 = sub_100735844(v4, &v22, 1LL);
if ( (_DWORD)v18 )
{
v19 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v19,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
126LL,
"-",
CFSTR("unpack error:%d"),
v18);
v17 = 0;
}
sub_10354B1E8(&v22);
}
else
{
v20 = +(&OBJC_CLASS___WCLogger, "externalIMP");
objc_msgSend(
v20,
"logWithLevel:module:errorCode:file:line:func:format:",
4LL,
"WeAppError",
0LL,
"WAPackageInfoCacheLogic.mm",
117LL,
"-",
CFSTR("pkgData is empty"));
v17 = 0;
}
objc_release(v8);
objc_release(v10);
objc_release(v5);
return v17;
}
谢谢楼主的分享
页:
[1]