前言

http://code.taobao.org/p/mpaa...

查找AlipayWallet相关的代码

1、alipaywalletchatvoicesaver
iOS支付宝蚂蚁森林能量收取助手

diff
ALISJSBridgeKit

刚开源不久的
https://github.com/davidxwwan... 目前支付宝使用的JsBridge,9 天之前 有人以静态库的形式 共享到GitHub

//JsBridge类,用来处理Native和Js的相互调用

//JsBridge类,用来处理Native和Js的相互调用
+@interface PSDJsBridge : NSObject<UIWebViewDelegate>
+
+/**
+ *  @brief 创建一个JsBridge对象
+ *
+ *  @date 2014-08-20
+ *
+ *  @param page     关联的PSDPage对象
+ *  @param webView  关联的webView对象
+ *  @param delegate webView的代理
+ *
+ *  @return 返回一个JsBridge对象
+ */
++ (instancetype)bridge4Page:(PSDPage *)page webView:(UIWebView *)webView webViewDelegate:(id<UIWebViewDelegate>)delegate;
+
+/**

#import "PSDKernel.h"

@class NSString, PSDJsBridge, PSDPageParam;

@interface PSDPage : PSDKernel
{
    PSDJsBridge *_bridge;
    NSString *_pageUUID;
    PSDPageParam *_pageParam;
}

+ (id)pageWithPageParam:(id)arg1 parentObject:(id)arg2;
@property(retain, nonatomic) PSDPageParam *pageParam; // @synthesize pageParam=_pageParam;
@property(retain, nonatomic) NSString *pageUUID; // @synthesize pageUUID=_pageUUID;
@property(readonly, nonatomic) PSDJsBridge *bridge; // @synthesize bridge=_bridge;
- (void).cxx_destruct;
- (id)createParam;
- (id)initWithPageParam:(id)arg1 parentObject:(id)arg2;
- (void)triggerRecord;
- (id)getH5PageHAR;

@end
\t_jsApiManager (PSDJsApiManager*): <PSDJsApiManager: 0x8ce3fa0>
\t_pluginManager (PSDPluginManager*): <PSDPluginManager: 0x8cd48a0>
cy# [#0x10b689e0 _ivarDescription].toString()
`<PSDJsBridge: 0x10b689e0>:
in PSDJsBridge:
\t_isBridgeReady (BOOL): 1
\t_isFailToLoad (BOOL): 0
\t_isTimeout (BOOL): 0
\t_uniqueId (int): 0
\t_page (PSDPage*): <PSDPage: 0x10b67e00>
\t_responseCallbacks (NSMutableDictionary*): <__NSDictionaryM: 0x10b68a40>
\t_startupMessageQueue (NSMutableArray*): nil
\t_contentView (PSDContentView*): <H5WebView: 0x1028ff00>
\t_webViewDelegate (<UIWebViewDelegate>*): <PSDView: 0x1028fec0>
\t_webViewUIDelegate (<WKUIDelegate>*): <PSDView: 0x1028fec0>
\t_webViewNavigationDelegate (<WKNavigationDelegate>*): <PSDView: 0x1028fec0>
\t_loadFinishedDate (NSDate*): <__NSDate: 0x10185770>
in NSObject:
\tisa (Class): NSKVONotifying_PSDJsBridge`

关键代码模拟请求

+(void)collectBubbles:(id)mbrige bubbleId:(NSString*)bID userId :(NSString*)userID
{
      long timems=[[NSDate  date] timeIntervalSince1970]*1000;
      NSString *timeStamp = [NSString stringWithFormat:@"%ld", timems];
      NSString *randNum=[H5WebViewController getNumberRandom:16];
      NSString *arg1=[NSString stringWithFormat:@"[{\"handlerName\":\"remoteLog\",\"data\":{\"seedId\":\"ANTFOREST-BEHAVIOR-CLICK-COLLECT\",\"param1\":\"shareBiz=none^bubbleId=%@^actionUserId=%@^type=behavior^currentTimestamp=%@\",\"param2\":\"monitor_type=clicked^remoteType=info^pageName=home.html^pageState=friend%@_enterhomeOff\",\"bizType\":\"antForest\"},\"callbackId\":\"remoteLog_15105601282940.%@\"},{\"handlerName\":\"rpc\",\"data\":{\"operationType\":\"alipay.antmember.forest.h5.collectEnergy\",\"requestData\":[{\"userId\":%@,\"bubbleIds\":[%@],\"av\":\"5\",\"ct\":\"ios\"}],\"disableLimitView\":true},\"callbackId\":\"rpc_15105601282960.%@\"}] ",bID,userID,timeStamp,userID,randNum,userID,bID,randNum];
      NSString *arg2=[NSString stringWithFormat:@"https://60000002.h5app.alipay.com/app/src/home.html?userId=%@",userID];
      PSDJsBridge *jsB=mbrige;
      [jsB _doFlushMessageQueue:arg1 url:arg2];
}
install.exec "killall -9 AlipayWallet"

模拟获取通讯录信息的请求

Nov 30 09:57:52 iPhone AlipayWallet[1494] <Warning>: KNHooklog :-(void)_doFlushMessageQueue:url:(have 2 value)
  return:(null)
  value1:__NSCFString-->[{"handlerName":"remoteLog","data":{"type":"monitor","bizType":"ALIPAYJSAPI","logLevel":1,"actionId":"MonitorReport","seedId":"ALIPAYJSAPI_INVOKE_COUNTER","param1":"hideOptionButton|getAllContacts|rpc"},"callbackId":"remoteLog_15120070727620.6753028354141861"}]
  value2:__NSCFString-->*https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown%3DNO%26showOptionMenu%3DNO%26transparent%3DNO%26networkIndicator%3DYES*
  object:<PSDJsBridge: 0x18f0ee40>
   ##########################################
  • _doFlushMessageQueue
{"handlerName":"remoteLog","data":{"type":"monitor","bizType":"ALIPAYJSAPI","logLevel":1,"actionId":"MonitorReport","seedId":"ALIPAYJSAPI_INVOKE_COUNTER","param1":"hideOptionButton|getAllContacts|rpc"},"callbackId":"remoteLog_15120070727620.6753028354141861"}
  • url
"https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown=NO&showOptionMenu=NO&transparent=NO&networkIndicator=YES"
Nov 30 13:00:04 iPhone AlipayWallet[1935] <Warning>: KNHooklog :-(void)setRequest:(have 1 value)
    return:(null)
    value1:NSMutableURLRequest--><NSMutableURLRequest: 0xdd02880> { URL: https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown%3DNO%26showOptionMenu%3DNO%26transparent%3DNO%26networkIndicator%3DYES }
    object:PSDProxyEvent-proxy.request.start.handle
     ##########################################

transformResponseData 获取数据

Nov 30 09:57:48 iPhone AlipayWallet[1494] <Warning>: KNHooklog :-(id)transformResponseData:(have 1 value)
Nov 29 18:59:41 iPhone AlipayWallet[1298] <Warning>: KNHooklog :-(void)addExposureChatMessage:(have 1 value)
CTDataFactoryViewController
Nov 29 18:59:39 iPhone AlipayWallet[1298] <Warning>: KNHooklog :-(void)mergeLoaclDataWithNewMessages:animation:cellDataItems:(have 3 value)

发送消息

Nov 29 19:05:35 iPhone AlipayWallet[1298] <Warning>: KNHooklog :-(void)addExposureChatMessage:(have 1 value)
    return:(null)
    value1:__NSDictionaryM-->{
        alignmentType = 2;
        data =     {
            HeadIcon = "http://tfs.alipayocts.com/images/partner/T11HbXXXXXXXX";
            action = 0;
            bizImage = "Local_Image_(null).right";
            bizMemo = The;
            cellSelected = 0;
            clientMsgID = "2088622058395905@151195353329254";
            fromUId = 20886058395905;
            localId = 10;
            m = "The ";
            msgID = 171129190533903721;
            seed = "2088622058395905@151195353329254";
            sessionId = 2088312287547988;
            sessionType = 1;
            timeLine = "2017-11-29 11:05:33 +0000";
            toUId = 20883127547988;
            userID = 20883187547988;
            userType = 1;
        };
        id = 11;
        msgType = 0;
        originId = 11;
        state = 2;
        templateData =     {
            m = "The ";
        };
    }
    object:<CTDataFactoryViewController: 0x5af3600>
Nov 30 10:08:02 iPhone AlipayWallet[1494] <Warning>: KNHooklog :-(void)_log:json:(have 2 value)
    return:(null)
    value1:__NSCFConstantString-->RCVD
    value2:__NSCFDictionary-->{
        callbackId = "rpc_15120076820390.505001102341339";
        data =     {
            headers =         {
            };
            operationType = "com.alipay.antmember.biz.rpc.invite.h5.InviteFriend";
            requestData =         (
                            {
                    friends =                 (
                                            {
                            mobile = 15576235981;
                            name = 155;
                            scope = "NOT_RELATED_ALIPAY_ACCOUNT";
                            userId = "";
                        }
                    );
                    scene = "C2C_OFFLINE_PAY";
                }
            );
        };
        handlerName = rpc;
    }
    object:<PSDJsBridge: 0x18f0ee40>

分析H5WebViewController的请求逻辑

%hook DFClientDelegate
- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
    
    %log();
    
    // 打印某个类的所有方法的,查看所有方法的执行顺序
    
     [KNHook hookClass:@"H5Configs"];//H5WebViewController
    [KNHook hookClass:@"PSDJsBridge"];//
    [KNHook hookClass:@"H5ExternNativeApiManager"];//getUaPageName    aluMTopService _tokenLoginInvoker

     [KNHook hookClass:@"TBSDKMTOPServer"];//getUaPageName    aluMTopService _tokenLoginInvoker
    return %orig;
}
%end
     ##########################################
Nov 29 14:42:50 iPhone AlipayWallet[2539] <Warning>: KNHooklog :-(void)_doFlushMessageQueue:url:(have 2 value)
    return:(null)
    value1:__NSCFString-->[{"handlerName":"hideOptionMenu","data":{},"callbackId":"hideOptionMenu_15119377706460.3834035850595683"},{"handlerName":"getAllContacts","data":{},"callbackId":"getAllContacts_15119377706480.0362124708481133"},{"handlerName":"reportData","data":{"spm":{"url":"https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html","bizType":"H5behavior","isSPM":true,"cityid":"","spmId":"a284.b3011"},"spmDetail":{"url":"https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html","fullUrl":"https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown%3DNO%26showOptionMenu%3DNO%26transparent%3DNO%26networkIndicator%3DYES","mPageState":"","bizScenario":"","mBizScenario":"","appId":"20000067"}},"callbackId":"reportData_15119377706540.555558682186529"},{"handlerName":"remoteLog","data":{"seedId":"H5_TRACERT_USE_LOG","actionId":"clicked","logLevel":3,"param4":"tracert-version=1.1.0^mBizScenario=^mPageState=^mPageName=^fullURL=https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown%3DNO%26showOptionMenu%3DNO%26transparent%3DNO%26networkIndicator%3DYES","type":"monitor","bizType":"H5behavior"},"callbackId":"remoteLog_15119377706550.984431563410908"}]
    value2:__NSCFString-->https://render.alipay.com/p/f/fd-j6lzqrgm/addressbook.html?__webview_options__=canPullDown%3DNO%26showOptionMenu%3DNO%26transparent%3DNO%26networkIndicator%3DYES
    object:<PSDJsBridge: 0xc4a0f50>

重点关注handlerName

关注url 参数的如何组装

Nov 29 14:42:50 iPhone AlipayWallet[2539] <Warning>: KNHooklog :-(void)_log:json:(have 2 value)

PSDConnectionMonitor

  • PSDURLProtocolProcessor:didReceiveResponse
Nov 29 15:05:58 iPhone AlipayWallet[2579] <Warning>: KNHooklog :-(void)PSDURLProtocolProcessor:didReceiveResponse:(have 2 value)
    return:(null)
    value1:PSDURLProtocolProcessor--><PSDURLProtocolProcessor: 0x10ec60e0>
    value2:NSHTTPURLResponse--><NSHTTPURLResponse: 0xf93cf80> { URL: https://oalipay-dl-django.alicdn.com/rest/1.0/image?fileIds=5a6g8mQHRGidDFZ_6ftluAAAACMAAQQD&zoom=140w_140h } { status code: 200, headers {
        Age = 1096027;
        "Cache-Control" = "max-age=2592000";
        Connection = "keep-alive";
        "Content-Length" = 4181;
        "Content-Type" = "image/jpeg";
        Date = "Thu, 16 Nov 2017 14:38:51 GMT";
        EagleId = 776186cf15119391584854726e;
        Expires = "Sat, 16 Dec 2017 14:38:51 GMT";
        "Keep-Alive" = "timeout=120";
        "Last-Modified" = "Wed, 15 Apr 2015 07:03:44 GMT";
        Server = Tengine;
        "Timing-Allow-Origin" = "*";
        Via = "cache23.l2cn8[32,304-0,H], cache28.l2cn8[33,0], cache7.cn6[0,200-0,H], cache7.cn6[3,0]";
        "X-Cache" = "HIT TCP_MEM_HIT dirn:8:549551215 mlen:-1";
        "X-Swift-CacheTime" = 2592000;
        "X-Swift-SaveTime" = "Thu, 16 Nov 2017 14:38:51 GMT";
        auth = "1, serverlist, dl.django.t.taobao.com";
    } }
    object:<PSDConnectionMonitor: 0xd913e50>
     ##########################################
Nov 29 15:05:58 iPhone AlipayWallet[2579] <Warning>: KNHooklog :-(void)setCurrentResponse:(have 1 value)
Nov 29 15:05:58 iPhone AlipayWallet[2579] <Warning>: KNHooklog :-(void)startStatistics:receiveDataLength:error:(have 3 value)

iOS逆向
44 声望15 粉丝