使用说明ipamd5UDID域名|ip编译路径字符串常量Caid(苹果禁止使用)支付跳转外链App 文件结构图像识别对比机审-网络请求域名请求UIWebView (API_DEPRECATED)WKWebView机审-代码代码量审查支付方式项目关键词代码重复率demo.app/demo类协议函数汇编机审-图像识别对比
使用说明
● 说明文档: https://nichaoge.com/review.html ● 优先修改文件以及代码特征,其次是网络请求和UI界面 ● 高危选项,必须修改处理 ● 建议修改处理,如果找不到就忽略 ● 可忽略
ipa
md5
demo.app/Data/sharedassets1.assets ↓
md5: e0aa0eb85ce507893ccef0d028433a6c
|
|---|
demo.app/Data/sharedassets1.assets
|
demo.app/Data/resources.assets ↓
md5: 697d51564f02c1d977709e5a56571b42
|
|---|
demo.app/Data/resources.assets
|
demo.app/Data/ScriptingAssemblies.json ↓
md5: 1f4c53488f32dbbe0192853b53007c4f
|
|---|
demo.app/Data/ScriptingAssemblies.json
|
demo.app/Assets.car/AppIcon_40x40_@3x.png ↓
md5: ca47b25d597ff75000a963d3148d626c
|
|---|
demo.app/Assets.car/AppIcon_40x40_@3x.png
|
demo.app/AppIcon60x60@2x.png ↓
md5: 2393764f8d45a6ad7303badeb4c8a6e0
|
|---|
demo.app/AppIcon60x60@2x.png
|
UDID
有些UDID是文件扩展信息等,直接删除不会影响程序,查找文件UDID命令:
strings <文件路径> | grep -i <UDID字符串>
demo.app/demo (4)↓
d6f1b49cd2764a078bfc052308531bd8 9480614254043a44d8edf3f0620fca1e d2dcf80f-6aed-4661-87fa-e02487efafce 29ff21e0-0308-11eb-8ff1-d5dcf8779628 |
|---|
域名|ip
demo.app/demo (8)↓
https://api.bzc5da.com
|
|---|
demo1.app/demo1
|
https://api.h33lbc.com
|
demo1.app/demo1
|
https://api.x7nhm.com
|
demo1.app/demo1
|
https://mobile-symbol-upload.tingyun.com
|
demo1.app/demo1
|
demo.app/DINPro_02.ttf ↓
http://www.fontfont.com/eula/license.html
|
|---|
demo1.app/DINPro_02.ttf
|
编译路径
demo.app/demo ↓
/Users/perfgao/workroom/gitlab/jni/IOS_project/libappvest/appvest/SDK/app_proxy.mm
|
|---|
demo1.app/demo1
|
字符串常量
demo.app/demo (56)↓
#F8F5F7
|
|---|
%@:%d%%
|
%ld.txt
|
%lds
|
%ld个月%ld天
|
%ld年%ld个月%ld天
|
%s [Line %d] %hSneerDecree %@
|
%s [Line %d] currentTimeString = %@
|
%s [Line %d] tmp sizewidth is %f sizeHeight is %f
|
([\w\.\-]+):([\w]+)
|
---zMicrowavePolymer--%@
|
--getdata----url+---%@
|
/static
|
00c66aaf5f2c3f49946f15c1ad2ea0d3
|
0485d1
|
111111Not Restricted111
|
111111Restricrted
|
111111Unknown
|
2D59D7E58F274ADDB3DED23C1085B12E
|
3%@ 2C
|
3%@ 3%@ 2C
|
3%@ 3%@ 2C 0D 0A
|
3,20,10,10,40
|
4e92604801cc4d11
|
6HRSOv0f1AXJAuhe*JOIuJ2j
|
9f1-f7610e523a07
|
9天前
|
<div style="text-align:justify; text-justify:inter-ideograph;">%@
|
APRangeIncapableWade.m
|
ARFComposerSaturationStingEssentialMonkIngenuityController
|
C20679_102
|
CWCarousel 初始化失败!
|
DeviceStorage
|
FNMBirthdayHemisphereDictatorWedgeFairWareCell
|
From=([\w^=-]+)
|
HH:mm:ss:SSSS
|
HWcqDwrNrFQOLL2ZqR+pZ1MzU84fuRGr1kl3wwQDFHGWs1Fleb8KF1aIQ5x+VBID
|
Ident-Token
|
KAGFractureSpokesmanRinseObserveForeseeCollideCell
|
KDevelopMiseryStrengthCell
|
LEssenceWaverWeaverIdentificationCartridgeInfinityCell
|
LFertileGramophoneStorageView
|
LayoutSubviews-%@
|
MSphericalArcticDeclineHurlScarEstablishCell
|
RIPantsShamDestine.m
|
RecommendId=([\w^=]+)
|
Rounding frame %zu's `lDiscernBarren` from %f up to default %f (minimum supported: %f).
|
SignalExceptionHandler
|
Synchronizing cLineCommence from iCloud
|
TShrinePerfectionCompatibleVoidHeaterStem.m
|
TVulgarValidityWorshipView
|
Use `-initWithAnimatedGIFData:` and supply the animated GIF data as an argument to initialize an object of type `APRangeIncapableWade`.
|
XDefinePositiveEnlightenShovelGrimQuestionCell
|
XStemSensorLuminousCrisisDineMicroscopicView.m
|
XUMTerminatetapLobbyCell
|
XVCShellNotoriousIceController
|
字符串常量总数量 ↓
demo.app/demo: 437
|
|---|
字符串常量重复率 ↓
demo1: 23.0%
|
|---|
Caid(苹果禁止使用)
demo.app/demo ↓
L3Zhci9tb2JpbGUvTGlicmFyeS9Vc2VyQ29uZmlndXJhdGlvblByb2ZpbGVzL1B1YmxpY0luZm8vTUNNZXRhLnBsaXN0
|
|---|
支付跳转外链
demo.app/demo ↓
weixin://
|
|---|
App 文件结构
文件名重复率 ↓
demo1: 18.6%
|
|---|
对比 App Store 线上应用 平均重复率: 6.9% 最高重复率: 16.7% 点击查看(Virtual Family Happy Life Sim) 14.3% 点击查看(BallShoot) 14.0% 点击查看(Octopus Robot Car Game) |
文件名 ↓
backgrounImageDef.png
|
|---|
文件路径 ↓
/Res.bundle/backgrounImageDef.png
|
|---|
图像识别对比
demo - demo.app/Res.bundle/backgrounImageDef.png ↓
demo - demo.app/Res.bundle/backgrounImageDef.png
|
|---|
|
demo1 - demo.app/Res.bundle/backgrounImageDef.png : 100%
|
|
|
demo - demo.app/Assets.car/AppIcon_40x40_@3x.png ↓
demo - demo.app/Assets.car/AppIcon_40x40_@3x.png
|
|---|
|
demo1 - demo.app/Assets.car/AppIcon_40x40_@3x.png : 100%
|
|
|
demo - demo.app/AppIcon60x60@2x.png ↓
demo - demo.app/AppIcon60x60@2x.png
|
|---|
|
|
demo1 - demo.app/Assets.car/AppIcon_40x40_@3x.png : 100%
|
|
|
机审-网络请求
域名
127.0.0.1:13048 ↓
demo1
|
v9-default.ixigua.com ↓
demo1
|
请求
https://p9-be-pack-sign.pglstatp-toutiao.com/tos-cn-p-0051/e1fda73a49ee4faf9404bc5790dbc27b~tplv-qgppglrh0x-noop.jpg ↓
URL: https://p9-be-pack-sign.pglstatp-toutiao.com/tos-cn-p-0051/e1fda73a49ee4faf9404bc5790dbc27b~tplv-qgppglrh0x-noop.jpg?x-expires=1942272000&x-signature=vTiXfOa5vUp1E3V%2FIIBq14s9Kyg%3D
|
|---|
Request
|
NULL
|
Response
|
image/jpeg; 60.78 kb 
|
https://mssdk-bu.bytedance.com/sdi/get_token_tob ↓
URL: https://mssdk-bu.bytedance.com/sdi/get_token_tob?lc_id=754698424&platform=iOS&device_platform=ios&sdk_ver=v04.03.06-ml-iOS&sdk_ver_code=67307009&app_ver=1.0&version_code=1&aid=&sdkid=1371&subaid=5279637&iid=&did=71221817439&bd_did=&client_type=business®ion_type=ml&mode=2
|
|---|
Request
|
application/octet-stream; 516 bytes
|
Response
|
application/octet-stream; 76 bytes
|
https://sf3-fe-tos.pglstatp-toutiao.com/obj/goofy/ad/light-playable-component/pixijs/reward-qaa-game-vetrical/images/314274434457cb2d679a0e7f31144202.png ↓
URL: https://sf3-fe-tos.pglstatp-toutiao.com/obj/goofy/ad/light-playable-component/pixijs/reward-qaa-game-vetrical/images/314274434457cb2d679a0e7f31144202.png
|
|---|
Request
|
NULL
|
Response
|
image/png; 661 bytes 
|
https://api-access.pangolin-sdk-toutiao.com/api/ad/union/sdk/stats/batch ↓
URL: https://api-access.pangolin-sdk-toutiao.com/api/ad/union/sdk/stats/batch/?aid=5000546&version_code=4.3.0.3&device_platform=iphone
|
|---|
Request
|
{ "message" : "3XzOp1OYjwhOI4y5N7q30mCBNfgKozABRZSCbvWOBdxsDnn2cK\/uHXXZqkOvuOiIg6rheV3bw5wAFSu3fHme6RK8oBTuC\/FdMjg4dPEZfY9nwVhw3k5wT1+lGLK9MNTRBHH9uPYDA0tYZHZ6JVd50cFfTckv9A1l5EDiDSd6n0nMfm\/\/2zxvM6EE+jMhFNmSp3lx4hA304Yiy5nFsAeb3ezyE5RaoNo6MviuTUiLOSs\/C+MC\/so\/ki94x0JuW8hwhCt62h7k9B3H1cdUtz7bNcu0F5\/1xM5GKlGu9AMMaxK+r85CJogLC9BZ1ORdLdFatI361iLTLi+8EpzDs\/9s4hlAWRr+VLcHkEmkW5tIxs1DutHNtG5YzlErlQn8Rp0Smh6IpAniwfAbC95+MlKyNfQ6zfnpvL3TShrkNuRAq5XthfsV5ciYWkpnhxEo8n3JvNWSth4CVXPV2JaO6ZD5HKCtl3CPvAUFdVSFbwxLRS4EMTBBNMTea3a3HbZczm3ddwscoJyFwk1W\/WJBkta0T47gme6jBTwBrkLOeCFAhXPlYWQWBe++1cjvZZsQR504VIbkkIJEqHhoUb62FiIzvqmQlRtPFDRG4x5VE2xGGym9cm5+CshwILGfG0soQGNgcDMuhnigaRH5mLVpcBOfBqAXrWNbnREl3UTN8bhS5tW6yCgbOMlkAcDnjaaaj42YAfN7C8lnP47D6JiA673rF7ue+m15zCvy9udLKUNjomsvrr7EDkKXcPZO7LhO\/Sf1bM+tumgmM44EcegMh6h\/v0wtfwj48u7JMGrgfV58hK7IVDmgmhLEjzsnofu3h8dLZ64aOyeeJeswCPVEaql4GvCwE7\/4=", "cypher" : 3 } |
Response
|
{ "data" : "", "code" : "20000" } |
UIWebView (API_DEPRECATED)
about:blank
WKWebView
http://127.0.0.1:13048/index.html
https://ether-pack.pangolin-sdk-toutiao.com/union/endcard/1728990985512040/?rit=948124792&req_id=B11F3A74-5DC0-4162-BEF9-05C02DADB020u5321&ad_sdk_version=4.3.0.3&os=ios&lang=zh&union_imei=c502e0640737c1cd721d45d8879b8dee&app_version=%E8%A1%A5%E5%85%85%E4%B8%AD&app_name=&developer_name=%E8%A1%A5%E5%85%85%E4%B8%AD%EF%BC%8C%E5%8F%AF%E4%BA%8E%E5%BA%94%E7%94%A8%E5%AE%98%E7%BD%91%E6%9F%A5%E7%9C%8B&is_dsp=False&style_id=2245962&enable_click_ext=1&enable_imageX=1&comment_num=96&like_num=107&share_num=92&customer_id=81814&orientation=portrait&height=736&width=414
机审-代码
代码量审查
● 属性方法数量超过 App Store 平均值过多代码会被进一步审核,同时大概率导致调查
| demo | App Store 平均值 | |
|---|---|---|
| 每个类平均方法数量 | 7.1 | 7.5 |
| 每个类平均属性数量 | 3.7 | 4.7 |
支付方式
● 同时包含内购和三方支付可能会被拒 2.3.1 或 3.1.1
| 苹果内购 | 微信支付 | 支付宝支付 |
|---|---|---|
| ✖︎ | ✖︎ | ✖︎ |
项目关键词
● 项目代码基于驼峰规则拆分出来的所有单词,标红部分为线上包极少出现的单词,如果被拒 2.3.1(obfuscated code)可以尝试修改红色部分单词,如果出现单词过多建议重新混淆处理
demo.app/demo (19)↓
GlasswareEdify
|
|---|
Ripen_fitpolo701Parser
|
proponentpoliceurl
|
disadvantagemccmncsim
|
pedagogueWritetypeString
|
+sendAnonymousStatus:nimkit_rejuvenateInteger:
|
+sendAnonymousStatus:winceswappableinteger:
|
-phenomenologyFixtures:
|
-isProfuseOrientation:
|
+sendAnonymousStatus:numericFromCorpuscleString:
|
-discontentmentStatusCode:data:mimeType:
|
-kFerventFix
|
-wholesomeUrl:isImperceptibleLoaded:
|
-didSpecterResource:
|
-yy_relativityBorderAtIndex:withDefault:manneredClass:
|
+defileDidChange:
|
-pruderyUrl
|
-isCheckerWindfallActive:
|
+perniciousCoordinate:key:
|
代码重复率
demo1: 43.6%
|
|---|
对比 App Store 线上应用 平均重复率: 19.4% 最高重复率: 39.5% 点击查看(纸嫁衣2奘铃村) 39.2% 点击查看(Bellport TA) 39.0% 点击查看(Dark Space) |
demo.app/demo
类
PantryViewController ↓
class PantryViewController : UIViewController : UIResponder : NSObject
|
|---|
Property :
|
abjectMap carpenterName chequeTemplateParser connotationAgent dashboardCompetitiveNames expiateEngine overwhelmingFile prevAccuracyAgent rudimentsTimer twistDelegate verdigrisObjects |
Ivar :
|
abjectMap carpenterName chequeTemplateParser connotationAgent dashboardCompetitiveNames rudimentsTimer verdigrisObjects |
Method :
|
-behooveNextFrame: -cabalBackground: -choreographyEnterForeground: -cloudSkepticismUrl -compactInstance: -drunkardWarning -fraudIsEmpty: -hideUtilizeSettings -insigniaPlugin:encomiumName: -insigniaPlugin:predispositionCoreDataName: -isCheckerWindfallActive: -isOffstageActive: -microphoneTaskInfo -offlineMeteorologyVersion -onHistoryWillTerminate: -packagingParser: -phenomenologyFixtures: -prismAssetAtURL -pruderyUrl -setExperimentalToken: -successivePlayerPath -wardenAsString: -withOrchestraTreeKeyView -wreatheScheme |
Protocol :
|
ConsistencyDelegate
|
CousinCDVWhitelist ↓
class CousinCDVWhitelist : NSObject
|
|---|
Property :
|
helloCardId pedagogueWritetypeString |
Ivar :
|
helloCardId pedagogueWritetypeString |
Method :
|
-SinkholeSettings: -SinkholeSettings:defrayFailure: -intellectEntry: -rubbleAllowed: -ubiquityImbecileURL: -urbaneOrAddress: |
AQGridViewAmnestyInfo ↓
class AQGridViewAmnestyInfo : NSObject
|
|---|
Method :
|
-file:panoramaArrayWithFile: -find_first_burst_of_ -item:isStudyItem: -schoolingColor |
DissentLogger ↓
class DissentLogger : DepartmentCDVPlugin : NSObject
|
|---|
Method :
|
-getSalveLevel:
|
RemissionResult ↓
class RemissionResult : NSObject
|
|---|
Property :
|
dependabilityObjCObject instigatorCallback |
Ivar :
|
dependabilityObjCObject instigatorCallback |
Method :
|
+sendAnonymousStatus: +sendAnonymousStatus:carafeMultipart: +sendAnonymousStatus:childlikeCityModelArray: +sendAnonymousStatus:cosmos_jsonBool: +sendAnonymousStatus:errorSlaughterDictionary: +sendAnonymousStatus:keysUnambiguousBuffer: +sendAnonymousStatus:motivate_isPureInt: +sendAnonymousStatus:nimkit_rejuvenateInteger: +sendAnonymousStatus:numericFromCorpuscleString: +sendAnonymousStatus:popSteadyObject: +sendAnonymousStatus:sendStalemateNoDouble: +sendAnonymousStatus:winceswappableinteger: +strayVerbose -setDeleteriousBool: -xr_unmovedWithJSON |
LucubrationUtil ↓
class LucubrationUtil : NSObject
|
|---|
Method :
|
+adequatelyLock: +defileDidChange: +forgoAgent +issueLock: +setPrevAccuracyAgent:experimentalToken: |
ExhibitFactory ↓
class ExhibitFactory : NSObject
|
|---|
Property :
|
discussionPool
|
Method :
|
+preacherFactory -toadyProcessPool |
NonviolentDelegate ↓
class NonviolentDelegate : NSObject
|
|---|
FulfillmentViewController ↓
class FulfillmentViewController : PantryViewController : UIViewController : UIResponder : NSObject
|
|---|
Property :
|
disadvantagemccmncsim
|
Method :
|
-initEquivocationDelegate: -isProfuseOrientation: -promptAttrWith: -tasteTypePlural |
FluteChartDataItem ↓
class FluteChartDataItem : NSObject
|
|---|
InspectACMHTTPHandler ↓
class InspectACMHTTPHandler : DepartmentCDVPlugin : NSObject
|
|---|
Property :
|
ramshackleRateMbps
|
Method :
|
-dateOpineIndex: -kFerventFix |
Tools ↓
class Tools : NSObject
|
|---|
Method :
|
+initUnderstatementUI
|
CourtyardRESTEngine ↓
class CourtyardRESTEngine : DepartmentCDVPlugin : NSObject
|
|---|
Property :
|
decreaseDelegate denudeTextView endingOpenHandler |
Method :
|
-bannerSettings: -choreographyEnterForeground: -enqueueProofRequest: -setupSunlightView -setupSunlightView:title: -tightenClientSettings: -xerophyteAfter |
Protocol :
|
CatholicPTProtocol
|
DisinterestAddressFilter ↓
class DisinterestAddressFilter : DepartmentCDVPlugin : NSObject
|
|---|
Property :
|
earlyIntents gratifyTERSRP negligentNavigations proponentpoliceurl |
Method :
|
+classificationVerifyCodeRequest:navigationType:statisticalValue: +objectArmoryRequest:navigationType: +requestStatureUrl:jovialColor:callPaperSetter: -classificationVerifyCodeRequest:navigationType: -contest_size -requestStatureUrl: -updateWithInfo |
extentUtil ↓
class extentUtil : NSObject
|
|---|
Method :
|
+abolishTime +concatenate_version +conscienceTime +emotionGalleyWithString +impersonatorEmailInfo +jauntControlName: +perniciousCoordinate:key: +plinthTime +relocateWithHeaderString: +revealingRestBySec +selectedAdulateAsString: +yy_innocenceAtIndex +zm_theftIllegalString: |
PossessiveARTPattern ↓
class PossessiveARTPattern : NSObject
|
|---|
Method :
|
+teacupPattern:convertToDicEnraptureJson:
|
UpsetTimer ↓
class UpsetTimer : NSObject
|
|---|
Method :
|
+deEasilyAll -affectionateAll |
RecordImpl ↓
class RecordImpl : NSObject
|
|---|
Ivar :
|
_casualOfResponses _screwIdPattern |
Method :
|
-compactInstance: -disavowalHelper: -dittyBackground: -gifImpoliticData -initCorpulentViewController: -logElementalHelper: -nourishStep: -nourishStep:stopDistributeLoop: -pageInfoAlluringMenuId: -peasantResult:showpieceProductWithId: -prevAccuracyAgent |
Protocol :
|
DisuseDelegate
|
GlasswareEdify ↓
class GlasswareEdify : NSObject
|
|---|
Method :
|
+casteASEAN: +rapaciousVisual: +systematizeStorage: |
Ripen_fitpolo701Parser ↓
class Ripen_fitpolo701Parser : NSObject
|
|---|
Property :
|
dashboardCompetitiveNames explicableDict |
Ivar :
|
dashboardCompetitiveNames explicableDict |
RoadwayYYKVStorage ↓
class RoadwayYYKVStorage : DepartmentCDVPlugin : NSObject
|
|---|
Property :
|
correlateInfo
|
Ivar :
|
correlateInfo
|
Method :
|
+__GrumpyGetNSType: +__InheritMapType: +__SSChatMapDeliveranceId +__inconsequentialBounds:bundlePath:fileManager: +conceiveFrom:to:error: +diplomaticVolume: +effulgentDir:pretendDir:compensationDirNests:antiqueAsset:rename: +postCylinderURL:skip: -find_first_burst_of_ -schoolingColor -vcForbiddingActive |
SupervisionURL ↓
class SupervisionURL : DepartmentCDVPlugin : NSObject
|
|---|
Property :
|
isImperceptibleLoaded
|
Method :
|
-tetherLoad: -wholesomeUrl:isImperceptibleLoaded: -withUnfitPicUrl: |
PortentousGCDQueue ↓
class PortentousGCDQueue : NSObject
|
|---|
Ivar :
|
_someoneUpdatedTime _unnecessaryUserId |
Method :
|
-distractionPending -efficaciousApplicationId -groupStethoscopeBatch: -initCorpulentViewController: -supple_size |
AppDelegate ↓
class AppDelegate : UIResponder : NSObject
|
|---|
Property :
|
drolleryMask
|
Method :
|
+getImpracticalInfo:
|
VerifiedHandler ↓
class VerifiedHandler : NSObject
|
|---|
Method :
|
-initSpicyHandler:
|
协议
CatholicPTProtocol ↓
protocol CatholicPTProtocol
|
|---|
Required Method :
|
-denudeTextView -enqueueProofRequest: |
Property :
|
denudeTextView
|
DisuseDelegate ↓
protocol DisuseDelegate
|
|---|
Required Method :
|
-compactInstance: -dittyBackground: -nourishStep: -nourishStep:stopDistributeLoop: -peasantResult:showpieceProductWithId: -prevAccuracyAgent |
ConsistencyDelegate ↓
protocol ConsistencyDelegate
|
|---|
函数汇编
● 修改函数汇编会相对比较繁琐,建议优先处理其他特征,还是不过机审再处理该选项
● 对包内 Objective-C/Swift/C/C++ 的函数汇编进行分析匹配
● 使用说明: 下载 Hopper Disassembler 解析对应二进制文件的arm64,根据匹配出来的函数地址查看具体函数,修改函数内容
函数汇编总数量 ↓
demo.app/demo: 827
|
|---|
函数汇编重复率 ↓
demo1: 26.2%
|
|---|
对比 App Store 线上应用 平均重复率: 6.7% 最高重复率: 19.8% 点击查看(SV-Stuttgart) 19.5% 点击查看(Feedchat) 19.2% 点击查看(VLN Team Messenger) |
demo.app/demo (36)↓
0x10001c9d0
|
|---|
0x10001d240
|
0x10001d318
|
0x10001d3c4
|
0x10001d5e0
|
0x10001d5ec
|
0x10001d69c
|
0x10001d6e4
|
0x10001dce4
|
0x10001ddc8
|
0x10001df78
|
0x10001dfe4
|
0x10001e08c
|
0x10001e600
|
0x10001e6e8
|
0x10001e728
|
0x10001e740
|
0x10001ec00
|
0x10001ec40
|
0x10001ec80
|
0x10001f214
|
0x10001f250
|
0x10001f3ec
|
0x10001f5b4
|
0x10001f634
|
0x10001f66c
|
0x10001f770
|
0x10001f904
|
0x10001facc
|
0x100020094
|
0x1000202cc
|
0x1000204bc
|
0x100020830
|
0x100020a04
|
0x100020b9c
|
0x10001df28
|
机审-图像识别对比
demo - screenshot6.jpg ↓
demo - screenshot6.jpg
|
|---|
|
demo1 - screenshot6.jpg : 100%
|
|
|
demo - screenshot3.jpg ↓
demo - screenshot3.jpg
|
|---|
|
demo1 - screenshot3.jpg : 100%
|
|
|