IOS微信逆向-免越狱抢红包防撤回等自定义功能实现

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

%hook NewSettingViewController

- (void)reloadTableData{

    %orig;

    WCTableViewManager *tableViewMgr = MSHookIvar<id>(self, "m_tableViewMgr");

    MMTableView *tableView = [tableViewMgr getTableView];

    WCTableViewNormalCellManager *newCell = [%c(WCTableViewNormalCellManager) normalCellForSel:@selector(setting) target:self title:@"你懂的"];

    [((WCTableViewSectionManager*)tableViewMgr.sections[0]) addCell: newCell];

    [tableView reloadData];

}

%new

- (void)setting {

    UIViewController *vc = [[HZWechatSettingController alloc] init];

    [((UIViewController *)self).navigationController PushViewController:vc animated:true];

}

%end

1

2

3

4

5

6

7

8

WCTableViewCellManager *autoEnvelopCell = [HZWechat switchCellWithSel:@selector(autoEnvelopSwitchChange:) target:self title:@"自动抢红包" switchOn:[HZWechatConfig autoRedEnvelop]];

[nidongde addCell:autoEnvelopCell];

WCTableViewCellManager *revokeIntercept = [HZWechat switchCellWithSel:@selector(revokeIntercept:) target:self title:@"消息防撤回" switchOn:[HZWechatConfig preventRevoke]];

[nidongde addCell:revokeIntercept];

WCTableViewCellManager *changeStepsCell = [HZWechat switchCellWithSel:@selector(changedSteps:) target:self title:@"修改微信步数" switchOn:[HZWechatConfig changeSteps]];

[nidongde addCell:changeStepsCell];

1

2

3

4

5

6

7

8

9

10

11

12

13

BOOL (^shouldReceiveRedEnvelop)() = ^BOOL() {

                    if (!HZWechatConfig.autoRedEnvelop) { return NO; }

                    if (isGroupInBlackList()) { return NO; }

                    if (isContaintKeyWords()) { return NO; }

                    return isGroupReceiver() ||

                           (isGroupSender() && isReceiveSelfRedEnvelop()) ||

                           (!isGroupReceiver() && HZWechatConfig.personalRedEnvelopEnable);

                };

                NSDictionary *(^parseNativeUrl)(NSString *nativeUrl) = ^(NSString *nativeUrl) {

                    nativeUrl = [nativeUrl substringFromIndex:[@"wxpay://c2cbizmessagehandler/hongbao/receivehongbao?" length]];

                    return [%c(WCBizUtil) dictionaryWithDecodedComponets:nativeUrl separator:@"&"];

                };

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

%hook CMessageMgr

  - (void)onRevokeMsg:(CMessageWrap *)arg1 {

    if (HZWechatConfig.preventRevoke) {

        NSString *msgContent = arg1.m_nsContent;

        NSString *(^parseParam)(NSString *, NSString *,NSString *) = ^NSString *(NSString *content, NSString *paramBegin,NSString *paramEnd) {

            NSUInteger startIndex = [content rangeOfString:paramBegin].location + paramBegin.length;

            NSUInteger endIndex = [content rangeOfString:paramEnd].location;

            NSRange range = NSMakeRange(startIndex, endIndex - startIndex);

            return [content substringWithRange:range];

        };

        NSString *session = parseParam(msgContent, @"<session>", @"</session>");

        NSString *newmsgid = parseParam(msgContent, @"<newmsgid>", @"</newmsgid>");

        NSString *fromUsrName = parseParam(msgContent, @"<![CDATA[", @"撤回了一条消息");

        CMessageWrap *revokemsg = [self GetMsg:session n64SvrID:[newmsgid integerValue]];

        CContactMgr *contactMgr = [[objc_getClass("MMServiceCenter") defaultCenter] getService:objc_getClass("CContactMgr")];

        CContact *selfContact = [contactMgr getSelfContact];

        NSString *newMsgContent = @"";

        if ([revokemsg.m_nsFromUsr isEqualToString:selfContact.m_nsUsrName]) {

            if (revokemsg.m_uiMessageType == 1) {       // 判断是否为文本消息

                newMsgContent = [NSString stringWithFormat:@"拦截到你撤回了一条消息：\n %@",revokemsg.m_nsContent];

            } else {

                newMsgContent = @"拦截到你撤回一条消息";

            }

        } else {

            if (revokemsg.m_uiMessageType == 1) {

                newMsgContent = [NSString stringWithFormat:@"拦截到一条 %@撤回消息：\n %@",fromUsrName, revokemsg.m_nsContent];

            } else {

                newMsgContent = [NSString stringWithFormat:@"拦截到一条 %@撤回消息",fromUsrName];

            }

        }

        CMessageWrap *newWrap = ({

            CMessageWrap *msg = [[%c(CMessageWrap) alloc] initWithMsgType:0x2710];

            [msg setM_nsFromUsr:revokemsg.m_nsFromUsr];

            [msg setM_nsToUsr:revokemsg.m_nsToUsr];

            [msg setM_uiStatus:0x4];

            [msg setM_nsContent:newMsgContent];

            [msg setM_uiCreateTime:[arg1 m_uiCreateTime]];

            msg;

        });

        [self AddLocalMsg:session MsgWrap:newWrap fixTime:0x1 NewMsgArriveNotify:0x0];

        return;

    }

    %orig;

}

%end

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

%hook WCDeviceStepObject

-(NSInteger)m7StepCount {

    NSInteger stepCount = %orig;

    NSInteger newStepCount = HZWechatConfig.changedSteps;

    return HZWechatConfig.changeSteps ? newStepCount : stepCount;

}

-(NSInteger)hkStepCount {

    NSInteger stepCount = %orig;

    NSInteger newStepCount = HZWechatConfig.changedSteps;

    return HZWechatConfig.changeSteps ? newStepCount : stepCount;

}

%end