I did some research on Alipay today. Without saying a word, I will first build a tweak project. The IpA package of Alipay can be downloaded from PP assistant, and the header of alipay Mach-O file can be obtained by class-dump.

Analysis of the

Flex analysis to the collection of the qr code controller is PEMainCodeNoticeViewController I remember a month ago pay treasure payment or PEMainCodeViewController qr code controller, then suddenly changed, gnome male – “. Analyzed carefully, and now is PECollectSettingViewController generated the necessary parameters, that is to say, Generate payment code function of required parameters derived from PECollectSettingViewController PECollectCodeController generated, PECollectCodeController is an NSObject object, 😆

#if TARGET_OS_SIMULATOR
#error Do not support the simulator, please use the real iPhone Device.
#endif

#import <UIKit/UIKit.h>
#import <FLEX/FLEX.h>
#import <Foundation/Foundation.h>@interface PECollectCodeController : NSObject @property(retain, nonatomic) NSString *offlineQRCode; // @synthesize offlineQRCode=_offlineQRCode; @property(retain, nonatomic) NSString *onlineQRCode; // @synthesize onlineQRCode=_onlineQRCode; @property(retain, nonatomic) NSString *collectCodeId; // @synthesize collectCodeId=_collectCodeId; @property(retain, nonatomic) NSString *collectMemo; // @synthesize collectMemo=_collectMemo; @property(retain, nonatomic) NSString *collectAmount; // @synthesize collectAmount=_collectAmount; @property(retain, nonatomic) UIImageView *qrcodeImgView; // @synthesize qrcodeImgView=_qrcodeImgView; @end @interface PECollectSettingViewController @property(retain, nonatomic) UITextField *activeTextField; @property(nonatomic) _Bool needAddMemo; // @synthesize needAddMemo=_needAddMemo; @property(retain, nonatomic) NSString *sessionId; - (void)confirmSetAmount; @end @interface PEMainCodeNoticeViewController @end %hook AllAppDelegate - (void)applicationDidFinishLaunching:(id)arg1{  %orig; UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"Alipay reverse" message:@"Jailbreak system level injection into Alipay 😁😁😁😁🤣🤣😂😂😂😂😂😂😡😡🤠🤠" delegate:self cancelButtonTitle:@"Sure" otherButtonTitles:@"Cancel", nil];
    [alert show];
    
     [[FLEXManager sharedManager] showExplorer];
    
}

%end


%hook PEMainCodeNoticeViewController

- (void)collectCodeControllerDidFinishSetAmount:(id)arg1 isFromSetting:(_Bool)arg2{
    
        UIAlertView *alert = [[UIAlertView alloc]initWithTitle:@"Alipay reverse" message:[NSString stringWithFormat:@"%@-%@-%d----- online %@----- offline %@",arg1,((PECollectCodeController *)arg1).collectAmount,arg2,((PECollectCodeController *)arg1).onlineQRCode,((PECollectCodeController *)arg1).offlineQRCode] delegate:self cancelButtonTitle:@"Sure" otherButtonTitles:@"Cancel", nil]; [alert show]; UIView *view = [[UIView alloc]initWithFrame:CGRectMake(70, 70, 100, 100)]; view.backgroundColor = [UIColor redColor]; UIImageView *imagev = [[UIImageView alloc]initWithFrame:CGRectMake(5, 5, 90, 90)]; imagev.image = ((PECollectCodeController *)arg1).qrcodeImgView.image; [view addSubview:imagev]; [[UIApplication sharedApplication].keyWindow addSubview:view]; dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(20 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{ [view removeFromSuperview]; }); %orig; } - (void)viewDidLoad{ %orig; } - (void)collectCodeControllerDidStartSetAmount:(id)arg1{ %orig; } %end %hook PECollectSettingViewController - (void)viewDidAppear:(_Bool)arg1{ %orig; Dispatch_after (dispatch_time(DISPATCH_TIME_NOW, (int64_t)(0.5 * NSEC_PER_SEC)), dispatch_get_main_queue(), dispatch_get_main_queue() ^{ self.activeTextField.text = @"2";
    });
    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
        [self confirmSetAmount];
    });

}

%end
Copy the code