iOS安全使用私有framework

  1. 云栖社区>
  2. 博客>
  3. 正文

iOS安全使用私有framework

蓝容蓝胖子 2016-11-03 10:49:52 浏览1331
展开阅读全文
获取私有framework中某subview对象

博客:using private iOS APIs safely
深度递归查找子view,修改其属性:
You are not prevented from modifying a view that is part of a UIKit object, you just need to do it publicly. The [UIView subviews]method is public, and you can use this to dig through the view hierarchy looking for a private view to change, no private method calls required

1. [UIView subviews]
NS_INLINE UIView *UIFindSubview(UIView *view, Class viewClass)
{
    for (UIView *subview in view.subviews)
    {
        if ([subview isKindOfClass:viewClass])
        {
            return subview;
        }
        else
        {
            UIView *rect = UIFindSubview(subview, viewClass);
            if (rect) {
                return rect;
            }
        }
    }
    return nil;
}

调用此方法获取一个subView

UIView *view = findSubview(picker.view, [NSClassFromString(@"CMKVideoPreviewView") class]);
2.[[subview class] description]

博客:Removing reorder cell shadows from a UITableView

我们无法直接使用私有类的声明,但是我们可以用[[subview class] description]来获取class的信息。
[[[subview class] description] isEqualToString:@”UIShadowView”]
You don’t have a class declaration for the private classes, but that’s fine, instead you can evaluate that it is correct based on class string description, [[[subview class] description] isEqualToString:@”UIShadowView”]

//    iOS7
    for(UIView* subview in wrapperView.subviews)
    {
        if([[[subview class] description] isEqualToString:@"UIShadowView"])
            [subview setHidden:YES];
    }
私有头文件

You can use a tool like class-dump or a private class reference to see every Objective-C method each class in iOS has – the truth is nothing in Objective-C is truly ‘private’, you can see any method compiled into the binary.

我们可以用class-dump o 或者 private class reference这些工具看到iOS中所有class的方法.但是私有头API会随时下掉,所以建议用
respondsToSelector:performSelector:来检查一下该方法是否可以用

访问实例变量

如何访问类中私有变量?
比如下面,[xxxx valueForKey:@”_internal”] 可以返回 private变量 _internal 。

NS_CLASS_AVAILABLE_IOS(2_0) @interface UIWebView : UIView  { 
 @private
    UIWebViewInternal *_internal;
}

但是如果,我们 请求的变量不存在(根据我们输入的key值没有找到相应的value),程序会 crash。为了防止这种情况,我们可以在 NSObject的categorise中或者 写一个子类继承该类,并重写valueForUndefinedKey方法。

- (id) valueForUndefinedKey:(NSString *)key
{
    //    No crashes please...
    return nil;
}

我们有时候改变只读属性的实例变量的值,就可以这样用。我之前试过
强制设置orientation属性值

Method Swizzling

Method Swizzling
Method Swizzling
Method Swizzling lets you inject code in the middle of two existing classes, which can be a lot more beneficial compared to a subclass that will only add your code on top of one class that must be subclassed.
example

访问私有枚举变量

私有枚举变量,本质上就是一些数字。比如下面的例子,返回的按钮UIButtonType的值是101, 私有不公开。我们可以直接设置:

UIButton* back = [UIButton buttonWithType:101];
[back sizeToFit];
[back setTitle:@"Back" forState:UIControlStateNormal];
Screen-Shot-2013-01-11-at-5.49.58-PM.png
image
C方法

One half of Objective-C is pure C, and with that all the tricks to incorporate private C APIs into your app, such as defining external functions。
例子:截屏并保存图片

CGImageRef screenshot = UIGetScreenImage();
UIImage* image = [UIImage imageWithCGImage:screenshot];

[UIImagePNGRepresentation(image) writeToFile:@"/maybe-change-this.png" atomically:NO];
重写私有方法和类

重写私有方法和类,并不会让app被App store拒绝,但是你的app会变的不稳定。每次版本更新,都需要去检查,你的方法或者类是否正常工作。我们可以重写public或者private 类的私有方法。如果是私有类,直接重写会导致编译错误,但是你可以为它添加一个fake interface,categorise.

例子:重写UIStatusBar类

@interface UIStatusBar : UIView
@end

@interface UIStatusBar (Override)
@end

@implementation UIStatusBar (Override)

- (void) drawRect:(CGRect)rect
{
    NSArray* subviews = self.subviews;

    if(subviews.count < 2)
        return;

    UIView* background = [subviews objectAtIndex:0];
    UIView* foreground = [subviews objectAtIndex:1];

    [UIView animateWithDuration:2 animations:^{

        [self setTransform:CGAffineTransformMakeTranslation(0, 100)];

        [background setTransform:CGAffineTransformMakeTranslation(-160, 0)];
        [foreground setTransform:CGAffineTransformMakeTranslation(160, 0)];
    }];
}

@end

private framework使用
dylib注射
获取私有api
ios逆向工程


网友评论

登录后评论
0/500
评论
蓝容蓝胖子
+ 关注