关于ios:iOS逆向之某多多App抓包

1.指标
因为某多多App现应用longlink进行数据传输，应用charles工具抓包只能抓到https://th.pinduoduo.com/t.gif链接。本文的目则是应用charles等抓包工具能失常抓包

2.操作环境

• 越狱iPhone一台
• frida

3.流程
下载最新某多多App。关键词longlink则是咱们的切入点，在终端执行frida-trace -U -f com.xunmeng.pinduoduo -m &＃8220;[ ongink]&＃8221; -M &＃8220;[UI ]&＃8221; -M &＃8220;[_ *]&＃8221;命令后获取到要害信息列表：

+[AMTitanHelper makesureLongLinkConnect:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanHelper/makesureLongLinkConnect_.js&＃8221;-[AMTitanLongLinkInfoManager updateLongLinkStatusInfoWithHost:longLinkStatus:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanLongLinkInfoManager/updateLongLinkStatusInfoWithHost_663278c1.js&＃8221;-[AMTitanLongLinkInfoManager longLinkStatusInfoDic]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanLongLinkInfoManager/longLinkStatusInfoDic.js&＃8221;-[AMTitanLongLinkInfoManager setLongLinkStatusInfoDic:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanLongLinkInfoManager/setLongLinkStatusInfoDic_.js&＃8221;-[PDDProbeRaceManager longLinkRaceResult:traceId:reportBlock:callback:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDProbeRaceManager/longLinkRaceResult_traceId_repor_9af8c15b.js&＃8221;-[AMTitanNetworkConfig setLonglinkHostConfig:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanNetworkConfig/setLonglinkHostConfig_.js&＃8221;-[AMTitanNetworkConfig longlinkHostConfig]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanNetworkConfig/longlinkHostConfig.js&＃8221;+[PDDNetworkHybrid longLinkErrorCodeMap]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDNetworkHybrid/longLinkErrorCodeMap.js&＃8221;-[PddRtc titan:didChangeToConnectionStatus:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PddRtc/titan_didChangeToConnectionStatu_745d0013.js&＃8221;-[PDDWebConfig htmlLongLinkWhiteListFromConfig]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDWebConfig/htmlLongLinkWhiteListFromConfig.js&＃8221;-[PDDWebConfig setHtmlLongLinkWhiteList:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDWebConfig/setHtmlLongLinkWhiteList_.js&＃8221;-[PDDWebConfig htmlLongLinkWhiteList]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDWebConfig/htmlLongLinkWhiteList.js&＃8221;-[PDDWebViewManager pdd_setProtocolLongLinkEnable:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDWebViewManager/pdd_setProtocolLongLinkEnable_.js&＃8221;-[PDDLiveRoomMicLinkManager registerLongLinkMsgCenter]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDLiveRoomMicLinkManager/registerLongLinkMsgCenter.js&＃8221;+[PDDTitanNetworkConfig mainLongLinkBackupIps]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDTitanNetworkConfig/mainLongLinkBackupIps.js&＃8221;+[PDDTitanNetworkConfig multicastLongLinkBackupIps]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDTitanNetworkConfig/multicastLongLinkBackupIps.js&＃8221;-[AMNetworkInfoManager longLinkInfo]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMNetworkInfoManager/longLinkInfo.js&＃8221;-[AMNetworkInfoManager setLongLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMNetworkInfoManager/setLongLinkInfo_.js&＃8221;+[AMNetworkInfo longLinkInfo]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMNetworkInfo/longLinkInfo.js&＃8221;+[AMNetworkInfo setLongLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMNetworkInfo/setLongLinkInfo_.js&＃8221;-[AMHTTPRequest longLinkDowngrade]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMHTTPRequest/longLinkDowngrade.js&＃8221;-[AMHTTPRequest setLongLinkDowngrade:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMHTTPRequest/setLongLinkDowngrade_.js&＃8221;-[PDDAntManager titan:didChangeToConnectionStatus:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDAntManager/titan_didChangeToConnectionStatu_745d0013.js&＃8221;-[PDDApiMetricsBaseInfo setIsLongLinkReceived:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/setIsLongLinkReceived_.js&＃8221;-[PDDApiMetricsBaseInfo setLongLinkVip:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/setLongLinkVip_.js&＃8221;-[PDDApiMetricsBaseInfo setLongLinkErrorCode:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/setLongLinkErrorCode_.js&＃8221;-[PDDApiMetricsBaseInfo setLongLinkType:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/setLongLinkType_.js&＃8221;-[PDDApiMetricsBaseInfo isLongLinkReceived]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/isLongLinkReceived.js&＃8221;-[PDDApiMetricsBaseInfo longLinkVip]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/longLinkVip.js&＃8221;-[PDDApiMetricsBaseInfo longLinkErrorCode]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/longLinkErrorCode.js&＃8221;-[PDDApiMetricsBaseInfo longLinkType]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsBaseInfo/longLinkType.js&＃8221;-[PDDApiMetricsCostInfo setLongLinkSendCost:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/setLongLinkSendCost_.js&＃8221;-[PDDApiMetricsCostInfo setLongLinkRecvCost:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/setLongLinkRecvCost_.js&＃8221;-[PDDApiMetricsCostInfo setLongLinkServerCost:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/setLongLinkServerCost_.js&＃8221;-[PDDApiMetricsCostInfo longLinkSendCost]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/longLinkSendCost.js&＃8221;-[PDDApiMetricsCostInfo longLinkRecvCost]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/longLinkRecvCost.js&＃8221;-[PDDApiMetricsCostInfo setLongLinkNetworkCost:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/setLongLinkNetworkCost_.js&＃8221;-[PDDApiMetricsCostInfo longLinkServerCost]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/longLinkServerCost.js&＃8221;-[PDDApiMetricsCostInfo longLinkNetworkCost]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsCostInfo/longLinkNetworkCost.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkReportCode:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkReportCode_.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkStatusCode:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkStatusCode_.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkTaskId:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkTaskId_.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkSendSize:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkSendSize_.js&＃8221;-[PDDApiMetricsExtraInfo setLonglinkReceiveSize:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLonglinkReceiveSize_.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkForeground:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkForeground_.js&＃8221;-[PDDApiMetricsExtraInfo setLongLinkUrl:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/setLongLinkUrl_.js&＃8221;-[PDDApiMetricsExtraInfo longLinkReportCode]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longLinkReportCode.js&＃8221;-[PDDApiMetricsExtraInfo longLinkStatusCode]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longLinkStatusCode.js&＃8221;-[PDDApiMetricsExtraInfo isLongLinkForeground]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/isLongLinkForeground.js&＃8221;-[PDDApiMetricsExtraInfo longLinkSendSize]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longLinkSendSize.js&＃8221;-[PDDApiMetricsExtraInfo longlinkReceiveSize]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longlinkReceiveSize.js&＃8221;-[PDDApiMetricsExtraInfo longLinkTaskId]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longLinkTaskId.js&＃8221;-[PDDApiMetricsExtraInfo longLinkUrl]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiMetricsExtraInfo/longLinkUrl.js&＃8221;-[PDDApiWaitLonglinkConfig isWaitLonglink:method:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/PDDApiWaitLonglinkConfig/isWaitLonglink_method_.js&＃8221;-[AMTitan updateLongLinkHostWhiteList:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/updateLongLinkHostWhiteList_.js&＃8221;-[AMTitan updateLongLinkUriBlackList:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/updateLongLinkUriBlackList_.js&＃8221;-[AMTitan isLongLinkConnected]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/isLongLinkConnected.js&＃8221;-[AMTitan makesureLongLinkConnect:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/makesureLongLinkConnect_.js&＃8221;-[AMTitan reportStatusChange:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/reportStatusChange_longLinkInfo_.js&＃8221;-[AMTitan onConnectStatusChange:longLinkStatus:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitan/onConnectStatusChange_longLinkSt_c4a1163e.js&＃8221;-[AMTitanBaseRequest setWaitLonglink:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanBaseRequest/setWaitLonglink_.js&＃8221;-[AMTitanBaseRequest waitLonglink]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanBaseRequest/waitLonglink.js&＃8221;-[AMTitanStnCallback reportConnectStatus:longLinkStatus:longLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanStnCallback/reportConnectStatus_longLinkStat_1d404d83.js&＃8221;-[AMTitanTask setWaitLonglink:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanTask/setWaitLonglink_.js&＃8221;-[AMTitanTask waitLonglink]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanTask/waitLonglink.js&＃8221;+[AMTitanTransferUtil transferToLongLinkInfo:]: Loaded handler at &＃8220;/Users/witchan/__handlers__/AMTitanTransferUtil/transferToLongLinkInfo_.js&＃8221;

通过一层层筛查打印以上办法的入参和返回值，当批改到[AMTitan updateLongLinkHostWhiteList:]办法时，输入的日志参数，引起了咱们的留神，updateLongLinkHostWhiteList_.js代码如下：

{ onEnter(log, args, state) {   log(-[AMTitan updateLongLinkHostWhiteList:${new ObjC.Object(args[2])}]); }, onLeave(log, retval, state) {   log(-[AMTitan updateLongLinkHostWhiteList:]=${new ObjC.Object(retval)}=); }}

日志输入如下：

-[AMTitan updateLongLinkHostWhiteList:(   &＃8220;apiv2.yangkeduo.com&＃8221;,   &＃8220;apiv3.yangkeduo.com&＃8221;,   &＃8220;apiv4.yangkeduo.com&＃8221;,   &＃8220;apiv2.hutaojie.com&＃8221;,   &＃8220;meta.yangkeduo.com&＃8221;,   &＃8220;api.pinduoduo.com&＃8221;,   &＃8220;api.yangkeduo.com&＃8221;,   &＃8220;apiv5.yangkeduo.com&＃8221;,   &＃8220;mobile.yangkeduo.com&＃8221;,   &＃8220;meta.pinduoduo.com&＃8221;,   &＃8220;m.pinduoduo.net&＃8221;,   &＃8220;api-cj.pinduoduo.com&＃8221;,   &＃8220;api-isp.pinduoduo.com&＃8221;,   &＃8220;risk-data-clean-api.risk.ft.srv.pdd.net&＃8221;)]-[AMTitan updateLongLinkHostWhiteList:]=(   &＃8220;apiv2.yangkeduo.com&＃8221;,   &＃8220;apiv3.yangkeduo.com&＃8221;,   &＃8220;apiv4.yangkeduo.com&＃8221;,   &＃8220;apiv2.hutaojie.com&＃8221;,   &＃8220;meta.yangkeduo.com&＃8221;,   &＃8220;api.pinduoduo.com&＃8221;,   &＃8220;api.yangkeduo.com&＃8221;,   &＃8220;apiv5.yangkeduo.com&＃8221;,   &＃8220;mobile.yangkeduo.com&＃8221;,   &＃8220;meta.pinduoduo.com&＃8221;,   &＃8220;m.pinduoduo.net&＃8221;,   &＃8220;api-cj.pinduoduo.com&＃8221;,   &＃8220;api-isp.pinduoduo.com&＃8221;,   &＃8220;risk-data-clean-api.risk.ft.srv.pdd.net&＃8221;)=

发现要害信息api*.yangkeduo.com，依据办法updateLongLinkHostWhiteList，发现这极有可能是LongLink的接口列表。批改刚的js代码为：

{ onEnter(log, args, state) {   args[2] = ObjC.classes.NSMutableArray.array(); // 批改入参为空数组   log(-[AMTitan updateLongLinkHostWhiteList:${new ObjC.Object(args[2])}]); }, onLeave(log, retval, state) {   log(-[AMTitan updateLongLinkHostWhiteList:]=${new ObjC.Object(retval)}=); }}

这时，抓包失常工作，后果如下：

End