能力值:
( LV2,RANK:10 )
|
-
-
2 楼
感谢分享 下载支持
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
感谢干货!!
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
测试下,希望不要介意
|
能力值:
( LV2,RANK:10 )
|
-
-
5 楼
帖子内容呢??
|
能力值:
( LV2,RANK:10 )
|
-
-
6 楼
被删了吗
|
能力值:
( LV4,RANK:40 )
|
-
-
7 楼
貌似升级被吞了?
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
好可惜,希望内容可以恢复
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
为啥看不到?
|
能力值:
( LV3,RANK:20 )
|
-
-
10 楼
来晚喽。干货没有喽
|
能力值:
( LV3,RANK:20 )
|
-
-
11 楼
https://blog.chichou.me/某软件防篡改分析-2e8d891bacb2
|
能力值:
( LV3,RANK:20 )
|
-
-
12 楼
看不到文章。
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
#!/usr/bin/env python3
# requires XCode
import subprocess, sys, os, hashlib, plistlib
package = '/Applications/Thunder.app/Contents'
executable = os.path.join(package, 'MacOS/Thunder')
plugins_dir = os.path.join(package, 'BrowserPlugins')
def backup():
from shutil import copyfile
backup = executable + '.bak'
if os.path.isfile(backup):
print('Backup found, maybe the file has already been patched.')
sys.exit(-1)
copyfile(executable, backup)
def patch_exec():
try:
output = subprocess.check_output(['nm', executable])
except:
print('Failed to execute nm, please install XCode.')
sys.exit(-1)
ret_1 = b'\x48\xc7\xc0\x01\x00\x00\x00\xc3'
ret_0 = b'\x48\x31\xc0\xc3'
ret = b'\xc3'
patches = {
ret_1: [
'-[LocalTask isValidLixianTask]',
'-[UserController isVip]',
'-[UserController isPlatinum]',
'-[UserController isDiamond]',
'-[UserController isLogined]'
],
ret_0: [
'-[AutoLiveUpdateController _shouldCheckUpdate:]',
],
ret: [
'-[MainWndCtrl checkUpdate:]'
]
}
lookup = {}
for code, symbols in patches.items():
for symbol in symbols:
lookup[symbol] = code
base = None
output = output.decode('utf8')
with open(executable, 'r+b') as f:
for line in output.splitlines():
if '__mh_execute_header' in line:
base, *_ = line.split()
base = int(base, 16)
if not base:
print('Failed to retrive base address')
sys.exit(-1)
for line in output.splitlines():
if not len(lookup):
break
for symbol, code in lookup.items():
if symbol in line:
addr, *_ = line.split()
addr = int(addr, 16)
offset = addr - base
f.seek(offset, 0)
f.write(code) # patch function
print('%s has been patched.' % symbol)
lookup.pop(symbol)
break
print('remove signature')
args = ['codesign', executable, '--remove-signature']
try:
subprocess.check_output(args)
except:
print('failed to remove signature, try run following command manually:')
print(' '.join(args))
print('Successfully patched %s' % executable)
def patch_self_check():
m = hashlib.md5()
with open(executable, 'rb+') as f:
while True:
buf = f.read(1)
if not buf:
break
m.update(buf)
f.seek(1023, 1)
digest = m.digest()
lookup = (15, 4, 6, 3, 1, 0, 7, 8, 2, 11, 10, 13, 12, 14, 9, 5)
hexdigest = ''.join(['%0.2X' % digest[index] for index in lookup])
dirname = os.path.join(plugins_dir, hexdigest)
if not os.path.isdir(dirname):
os.mkdir(dirname)
def clear_quit_flag():
plist_path = os.path.join(os.environ.get(
'HOME'), 'Library/Preferences/com.xunlei.Thunder.plist')
with open(plist_path, 'rb+') as f:
pref = plistlib.load(f)
force_quit = pref.get('ForceQuit')
if force_quit:
pref.update({'ForceQuit': True})
plistlib.dump(pref, f)
print('Clear quit flag')
if __name__ == '__main__':
backup()
patch_exec()
patch_self_check()
clear_quit_flag()
顺带去除检查更新。解析符号和偏移使用了 nm,需要安装 Xcode
|
能力值:
( LV2,RANK:10 )
|
-
-
14 楼
膜拜
|
