How to debug Alipay (iOS)

preface

Recently, I have analyzed the startup performance of various small programs (wechat, Toutiao, Alipay and Baidu) from the code level, and explored the implementation details and differences of various small programs. The specific steps are as follows:

1. Jailbreak the shell to obtain IPA
2. Build debugging shell project
Inject callTrace analysis code
4. Hook applets start call entry and render completion entry, add callTrace logic, count the main thread and JS thread method call stack and method time
5. Add callTrace visual interface entry

The current progress is as follows

1, WeChat, baidu has been completed, analysis engineering has been uploaded to the making of WeChat CallTraceForWeChat.
2. As I am engaged in the work related to small programs in Baidu, the analysis project of Baidu cannot be provided, but the principle is the same.
3. Currently, Alipay has completed steps 1, 2, 3 and 5, and only the main thread has been done in step 4. The code is uploaded to Github :AliPayForDebug
4. The headlines haven’t started.
5. For callTrace, see CallTraceForWeChatreadme.

The reason why Alipay only completed half of the work is that Alipay has done a lot of complicated anti-debugging protection, which added many obstacles to my analysis work. So far has not been a good completion of alipay counter-debugging work. Therefore, I will write an article to record the pit I stepped on in the process of reverse debugging Alipay and share it with you, hoping to help my friends who encounter the same problem.

About reverse debugging & reverse debugging

Anti – debugging and bypass strange techniques
Reverse debugging: Go to iOS to reverse debugging
Reverse debugging: Go to AloneMonkey- about reverse debugging & reverse debugging those things
LLDB debugging principle and pTrace undebugging and assembly call system methods: iOS security protection series ptrace undebugging and assembly call system methods in detail

Reverse debugging alipay detailed process

Jailbreak & Shell smashing

Prison break

1, download and install checkra1n
2, checkra1n can not be opened, “you should move it to the wastebasket”, terminal execute the following command

    codesign -f -s - --deep /Applications/checkra1n.app
    sudo xattr -r -d com.apple.quarantine 
    sudo xattr -r -d com.apple.quarantine /Applications/checkra1n.app
Copy the code

Can also refer to Mac version ace assistant can not open, prompt “you should move it to the wastebasket” how to solve?

3. Jailbreak as prompted

Hit a shell

1. Frida-ios-dump is used in dump. For details, see githubfrida-ios-dump, the problems encountered are as follows
- Updating fria keeps getting stuck
  - The terminal sets up the proxy before executing the command

       exportHttps_proxy = Your proxy such as http://xxx.xxx.com:9999exportHttp_proxy = your proxy sudo PIP install -r requirees.txt --upgradeCopy the code

SSH connection to mobile phone failed. Procedure
- Make sure it’s on a LAN
- Install OpenSSL and OpenSSH again

Debugging shell engineering construction

I am using MonkeyDev, please go to github of the original author for installation
Important note 1: if the following error is reported on an iOS13 mobile phone, you need to delete the error by following the steps described in the author’s documentAlipayWallet.appbagcom.apple.WatchPlaceholderFolder, and then deleteDerivedDataThe run again.

Reverse debugging detailed steps

iOS12

MONKEYDEV_DEFAUTL_BUNDLEID=YES

1. When the run starts, the APP blinks and the console log is as follows

2020-03-28 19:06:15.395011+0800 AlipayWallet[12252:1974005] [AntiAntiDebug] - dlsym get ptrace symbol
2020-03-28 19:06:15.395125+0800 AlipayWallet[12252:1974005] [AntiAntiDebug] - ptrace request is PT_DENY_ATTACH
2020-03-28 19:06:15.701070+0800 AlipayWallet[12252:1974265] [NetworkInfo] Signal strength query returned
Copy the code

MonkeyDev is already integratedAntiAntiDebugSysctl is not replaced by default

3, open the comment, still killed, log as follows

<CTServiceDescriptor 0x10ca47a20, domain=1, Instance =2> 2020-03-29 00:44:38.089052+0800 AlipayWallet[13454:2074728] [NetworkInfo] Signal Strength Query returned error: Error Domain=NSPOSIXErrorDomain Code=13"Permission denied", descriptor: <CTServiceDescriptor 0x10c9dad30, domain=1, Instance =1> 2020-03-29 00:44:38.089937+0800 AlipayWallet[13454:2074728] [NetworkInfo] Signal Strength Query returned error: Error Domain=NSPOSIXErrorDomain Code=13"Permission denied", descriptor: <CTServiceDescriptor 0x10c9d9860, domain=1, Instance =2> 2020-03-29 00:44:52.923884+0800 AlipayWallet[13454:2074898] [NetworkInfo] Signal Strength Query returned error: Error Domain=NSPOSIXErrorDomain Code=13"Permission denied", descriptor: <CTServiceDescriptor 0x10ce07310, domain=1, Instance =1> 2020-03-29 00:44:52.925006+0800 AlipayWallet[13454:2074898] [NetworkInfo] Signal Strength Query returned error: Error Domain=NSPOSIXErrorDomain Code=13"Permission denied", descriptor: <CTServiceDescriptor 0x10ce07380, domain=1, instance=2>
Message from debugger: Terminated due to signal 5

Copy the code

Add a symbolic breakpoint exit, module:libsystem_c.dylib
- No broken lives
Sysctl is called by +[AAAPBootStartPoint load]

What does +[AAAPBootStartPoint load] do? C function enable_crash_reporter_service is used to enable the crash reporting service.
- [AAAPBootStartPoint load]

void __cdecl +[AAAPBootStartPoint load](AAAPBootStartPoint_meta *self, SEL a2)
{
  __int64 v2; // x0
  __int64 v3; // x0

  v2 = MPStartupTimeMarkAppStartPoint((__int64)self);
  CACurrentMediaTime(v2);
  v3 = enable_crash_reporter_service();
  CACurrentMediaTime(v3);
  MPStartupTimeSetRangeCost("crashinit");
}
Copy the code

enable_crash_reporter_service

Pseudocode – Expand to view


  __int64 enable_crash_reporter_service()
{
  __int64 v0; // x0
  void *v1; // x0
  void *v2; // x20
  void *v3; // x0
  void *v4; // x19
  void *v5; // x0
  __int64 v6; // x20
  void *v7; // x0
  void *v8; // x21
  int v9; // w0
  __int64 v10; // x0
  __int64 v11; // x19
  __int64 v12; // x0
  __int64 v13; // x20
  __int64 v14; // x0
  void *v15; // x20
  int v16; // w0
  void *v17; // x0
  void *v18; // x21
  __int64 v19; // x22
  __int64 v20; // x0
  __int64 v21; // x23
  const __CFString *v22; // x2
  signed __int64 v23; // x1
  char v24; // w21
  __int64 v25; // x20
  __int64 v27; // [xsp+0h] [xbp-300h]
  __int64 v28; // [xsp+0h] [xbp-300h]
  __int64 v29; // [xsp+10h] [xbp-2F0h]
  size_t v30; // [xsp+18h] [xbp-2E8h]
  int v31[2]; // [xsp+20h] [xbp-2E0h]
  int v32; // [xsp+28h] [xbp-2D8h]
  pid_t v33; // [xsp+2Ch] [xbp-2D4h]
  __int128 v34; // [xsp+30h] [xbp-2D0h]
  __int64 (__fastcall *v35)(); // [xsp+40h] [xbp-2C0h]
  int v36; // [xsp+50h] [xbp-2B0h]
v0 = NSSearchPathForDirectoriesInDomains(5LL, 1LL, 1LL); v1 = (void *)objc_retainAutoreleasedReturnValue(v0); v2 = v1; v3 = objc_msgSend(v1, "objectAtIndexedSubscript:", 0LL); v4 = (void *)objc_retainAutoreleasedReturnValue(v3); objc_release(v2); v5 = objc_msgSend(v4, "stringByAppendingPathComponent:", CFSTR("crash")); v6 = objc_retainAutoreleasedReturnValue(v5); v7 = objc_msgSend(&OBJC_CLASS___NSFileManager, "defaultManager"); v8 = (void *)objc_retainAutoreleasedReturnValue(v7); LOBYTE(v34) = 0; v9 = (unsigned __int64)objc_msgSend(v8, "fileExistsAtPath:isDirectory:", v6, &v34); if ( ! (_BYTE)v34 || ! v9 )
objc_msgSend(v8, "createDirectoryAtPath:withIntermediateDirectories:attributes:error:", v6, 1LL, 0LL, 0LL);
Copy the code
objc_release(v8); objc_release(v6); v10 = objc_release(v4); v11 = objc_autoreleasePoolPush(v10); v30 = 648LL; *(_QWORD *)v31 = 60129542145LL; v32 = 1; v33 = getpid(); if ( sysctl(v31, 4u, &v34, &v30, 0LL, 0LL) == -1 || ! (v36 & 0x800) ) {
v12 = configure_crash_reporter(); v13 = objc_retainAutoreleasedReturnValue(v12); v14 = qword_10701BD88; qword_10701BD88 = v13; objc_release(v14); v15 = (void *)objc_retain(v13); v16 = (unsigned __int64)objc_msgSend(v15, "hasPendingCrashReport"); if ( v15 && v16 ) { *(_QWORD *)&v34 = 0LL; v17 = objc_msgSend(v15, "loadPendingCrashReportDataAndReturnError:", &v34); v18 = (void *)objc_retainAutoreleasedReturnValue(v17); v19 = objc_retain(v34); if ( v18 ) { v20 = sub_1008E8934(CFSTR("portal.plcrash")); v21 = objc_retainAutoreleasedReturnValue(v20); if ( (unsigned __int64)objc_msgSend(v18, "writeToFile:atomically:", v21, 1LL) & 1 ) { v28 = v21; v22 = CFSTR("Copy crash report to: %@"); v23 = 20000LL; } else { v28 = v21; v22 = CFSTR("Failed to copy crash report to: %@"); v23 = 40000LL; } APLogToFile(CFSTR("[APCrashReporter] "), v23, v22); objc_msgSend(v15, "purgePendingCrashReport", v28); objc_release(v21); } else { v27 = v19; APLogToFile(CFSTR("[APCrashReporter] "), 40000LL, CFSTR("Failed to load crash report data: %@")); } objc_release(v18); objc_release(v19); } objc_release(v15); v35 = sub_1008E76CC; v34 = xmmword_105689F18; objc_msgSend((void *)qword_10701BD88, "setCrashCallbacks:", &v34, v27); v29 = 0LL; v24 = (unsigned __int64)objc_msgSend((void *)qword_10701BD88, "enableCrashReporterAndReturnError:", &v29); v25 = objc_retain(v29); if ( ! (v24 & 1) ) APLogToFile(CFSTR("[APCrashReporter] "), 40000LL, CFSTR("Could not enable crash reporter: %@")); objc_release(v25);Copy the code
Copy the code
}

return objc_autoreleasePoolPop(v11);

}

7, look at the pseudo code and no anti-debugging logic, replace first+[AAAPBootStartPoint load]loadMethod for empty implementation, smoothly enter the home page. why?
8. The AntiDebugBypass attempt also does not take effect.
9. Then I added my business logic. The main thread was implemented and the effect was as follows

summary

For iOS12 devices, complete the following 3 steps to debug normally
- 1. Set MONKEYDEV_DEFAUTL_BUNDLEID=YES
- 2, open therebind_symbols((struct rebinding[1]){{"sysctl", my_sysctl, (void*)&orig_sysctl}},1);annotation
- 3, replace,[AAAPBootStartPoint load]Empty implementation

iOS13

MONKEYDEV_DEFAUTL_BUNDLEID=YES

The following error is reported in iOS13An unknown error has occurred. Domain: com.apple.dt.MobileDeviceErrorDomain Code: -402620415

This road is blocked?

MONKEYDEV_DEFAUTL_BUNDLEID=NO

1, can be installed to the mobile phone, but start flash back
- The console log is as follows

Replacing load with iOS13 does not take effect

2. Is it caused by PLcrashReporter? To replace the first enableCrashReporterAndReturnError is empty
3. [APDataCenterInterface setDefaultCryptKey:] will call exit() to exit

Pseudocode – Expand to view


bool __cdecl -[APDataCenterInterface setDefaultCryptKey:](APDataCenterInterface *self, SEL a2, void *a3)
{
int v3; // w25
void *v4; // x27
struct objc_object *v5; // x0
void *v6; // x0
void *v7; // x19
void *v8; // x0
void *v9; // x28
void *v10; // x0
__int64 v11; // x19
void *v12; // x0
void *v13; // x20
void (__fastcall *v15)(void *); // [xsp+8h] [xbp-68h]
v3 = 0;
v4 = 0LL;
v15 = (void (__fastcall *)(void *))a3;
while ( 1 )
{
v5 = +[SecurityGuardManager getInstance](&OBJC_CLASS___SecurityGuardManager, "getInstance");
v6 = (void *)objc_retainAutoreleasedReturnValue(v5);
v7 = v6;
v8 = objc_msgSend(v6, "getStaticDataStoreComp");
v9 = (void *)objc_retainAutoreleasedReturnValue(v8);
objc_release(v7);
if ( v9 )
  break;
Copy the code
LABEL_6:
usleep(0x12Cu);
objc_release(v9);
if ( (unsigned int)++v3 >= 3 )
  goto LABEL_9;
Copy the code
} v10 = objc_msgSend(v9, "getExtraData:", CFSTR("datacenter-default")); v11 = objc_retainAutoreleasedReturnValue(v10); if ( ! v11
|| (v12 = objc_msgSend(&OBJC_CLASS___NSData, "alloc"), v13 = objc_msgSend(v12, "initWithBase64EncodedString:options:", v11, 0LL), objc_release(v4), v4 = v13, objc_msgSend(v13, "length") ! = (void *)32) )Copy the code
{
objc_release(v11);
goto LABEL_6;
Copy the code
} objc_release(v11); objc_release(v9); v4 = v13; LABEL_9: if ( objc_msgSend(v4, "length") ! = (void *)32 )
exit(0);
Copy the code
Copy the code
v15(v4);

objc_release(v4);

return 1;

}

As you can see from the pseudocode, getExtraData is not a string length of 32, so it’s not a string length of 32. The reason is that I changed the BundleID. The datacenter default value should be bound to the BundleID.

  (lldb) po [SecurityGuardManager getInstance]
  <SecurityGuardManager: 0x10d365fb0>

  (lldb) po [[SecurityGuardManager getInstance]   getStaticDataStoreComp]
  <SecurityGuardStaticDataStore: 0x11440a9d0>

  (lldb) po [[[SecurityGuardManager getInstance]   getStaticDataStoreComp] getExtraData:@"datacenter-default"]
 nil
(lldb) 
Copy the code

5, my purpose is to debug small program related functions, do not log in also has no relationship, so as long as the hook tune forced log in logic can enter the home page.
- View debuger to find the VC of the landing page
```
 Printing description of $16:
<ALULoginNewcomerViewController: 0x10e0f0a00>
Copy the code
```
- Using the Memory graph to find the vC-created call stack, you can see that the logon logic is triggered below
```
-[DFMicroApplicationManager doStartApplication:params:launchMode:]
Copy the code
```

– [DFMicroApplicationManager doStartApplication: params: launchMode:] pseudo code, more than 1700 lines, can imagine how the business is complicated.

Pseudocode – Expand to view

  
bool __cdecl -[DFMicroApplicationManager doStartApplication:params:launchMode:](DFMicroApplicationManager *self, SEL a2, id a3, id a4, signed __int64 a5){
signed __int64 v5; // x25
id v6; // x20
DFMicroApplicationManager *v7; // x21
void *v8; // x19
__int64 v9; // x28
void *v10; // x0
void *v11; // x0
__int64 v12; // x0
__int64 v13; // x21
void *v14; // x0
void *v15; // x23
int v16; // w24
void *v17; // x0
void *v18; // x21
int v19; // w20
__int64 v20; // x2
const __CFString *v21; // x3
bool v22; // w20
void *v23; // x0
void *v24; // x0
void *v25; // x21
void *v26; // x0
__int64 v27; // x25
void *v28; // x0
void *v29; // x0
void *v30; // x23
void *v31; // x0
__int64 v32; // x0
const __CFString *v33; // x20
void *v34; // x0
__int64 v35; // x21
void *v36; // x0
__int64 v37; // x0
const __CFString *v38; // x27
void *v39; // x0
__int64 v40; // x21
void *v41; // x0
__int64 v42; // x0
const __CFString *v43; // x28
__int64 v44; // x0
__int64 v45; // x0
void *v46; // x0
void *v47; // x21
void *v48; // x0
void *v49; // x0
void *v50; // x23
void *v51; // x0
const __CFString *v52; // x0
const __CFString *v53; // x26
__int64 v54; // x25
void *v55; // x0
__int64 v56; // x0
__CFString *v57; // x21
void *v58; // x0
void *v59; // x0
void *v60; // x23
void *v61; // x0
__int64 v62; // x0
void *v63; // x0
void *v64; // x0
__int64 v65; // x22
void *v66; // x0
void *v67; // x23
void *v68; // x22
void *v69; // x0
__int64 v70; // x24
void *v71; // x0
__int64 v72; // x23
void *v73; // x23
dispatch_queue_t v74; // x0
__int64 v75; // x22
__int64 v76; // x0
__int64 v77; // x0
__int64 v78; // x0
__int64 v79; // x0
__int64 v80; // x0
void *v81; // x0
__int64 v82; // x0
__int64 v83; // x21
void *v84; // x0
void *v85; // x22
int v86; // w23
char *v87; // x25
void *v88; // x0
void *v89; // x21
void *v90; // x0
DFMicroApplicationManager *v91; // x21
void *v92; // x0
void *v93; // x0
void *v94; // x20
void *v95; // x0
void *v96; // x21
int v97; // w22
void *v98; // x0
DFStartApplicationOperation *v99; // x20
void *v100; // x0
void *v101; // x0
void *v102; // x20
void *v103; // x0
__int64 v104; // x21
DFStartApplicationOperation *v105; // x0
void *v106; // x23
DFStartApplicationOperation *v107; // x0
void *v108; // x20
DFStartApplicationOperation *v109; // x0
void *v110; // x20
__int64 v111; // x27
signed int v112; // w22
__int64 v113; // x21
void *v114; // x0
void *v115; // x0
__int64 v116; // x20
void *v117; // x0
void *v118; // x21
struct objc_object *v119; // x0
char *v120; // x20
void *v121; // x0
void *v122; // x21
void *v123; // x0
void *v124; // x23
int v125; // w22
const __CFString *v126; // x0
__int64 v127; // x21
void *v128; // x0
const __CFString *v129; // x0
const __CFString *v130; // x22
char *v131; // x26
__int64 v132; // x25
void *v133; // x0
void *v134; // x0
void *v135; // x22
void *v136; // x0
void *v137; // x0
void *v138; // x23
void *v139; // x0
const __CFString *v140; // x0
const __CFString *v141; // x24
__int64 v142; // x28
__int64 v143; // x0
__int64 v144; // x0
void *v145; // x22
__int128 v146; // q0
void *v147; // x0
__int64 v148; // x23
void *v149; // x0
__int64 v150; // x24
__int64 v151; // x0
__int64 v152; // x0
DFMicroApplicationManager *v153; // x21
struct objc_object *v154; // x0
DFStartApplicationOperation *v155; // x0
DFStartApplicationOperation *v156; // x20
void *v157; // x0
void *v158; // x0
void *v159; // x21
void *v160; // x0
__int64 v161; // x22
void *v162; // x0
__int64 v163; // x21
void *v164; // x0
__int64 v165; // x21
void *v166; // x0
NSMutableArray *v167; // x0
void *v168; // x21
void *v169; // x0
__int64 v170; // x21
void *v171; // x0
__int64 v172; // x22
void *v173; // x0
void *v174; // x21
void *v175; // x0
NSMutableArray *v176; // x0
void *v177; // x21
char *v178; // x22
void *v179; // x0
__int64 v180; // x0
__int64 v181; // x21
void *v182; // x0
__int64 v183; // x22
void *v184; // x0
__int64 v185; // x0
__int64 v186; // x26
void *v187; // x0
void *v188; // x27
int v189; // w28
void *v190; // x0
void *v191; // x26
void *v192; // x0
void *v193; // x0
__int64 v194; // x0
__int64 v195; // x26
void *v196; // x0
void *v197; // x27
int v198; // w28
void *v199; // x0
void *v200; // x26
void *v201; // x0
NSMutableArray *v202; // x0
void *v203; // x26
char *v204; // x21
signed __int64 v205; // x27
NSMutableArray *v206; // x0
void *v207; // x26
char *v208; // x25
signed __int64 v209; // x26
signed __int64 v210; // x21
NSMutableArray *v211; // x0
void *v212; // x0
void *v213; // x23
signed __int64 v214; // x20
void *v215; // x0
__int64 v216; // x25
void *v217; // x0
__int64 v218; // x23
OS_dispatch_queue *v219; // x21
DFStartApplicationOperation *v220; // x0
NSMutableArray *v221; // x0
__int64 v222; // x20
NSMutableArray *v223; // x0
void *v224; // x21
signed int v225; // w22
__int64 v226; // x21
void *v227; // x0
void *v228; // x0
__int64 v229; // x20
void *v230; // x0
void *v231; // x21
int v232; // w21
void *v233; // x0
__int64 v234; // x0
__int64 v235; // x20
void *v236; // x0
void *v237; // x22
int v238; // w23
void *v239; // x0
void *v240; // x20
void *v241; // x0
__int64 v242; // x20
const __CFString *v243; // x2
void *v244; // x0
void *v245; // x22
int v246; // w23
void *v247; // x0
void *v248; // x20
void *v249; // x0
void *v250; // x0
__int64 v251; // x0
__int64 v252; // x21
void *v253; // x0
void *v254; // x22
int v255; // w23
void *v256; // x0
void *v257; // x21
void *v258; // x0
void *v259; // x0
void *v260; // x20
void *v261; // x21
void *v262; // x0
void *v263; // x21
void *v264; // x0
__int64 v265; // x0
__int64 v266; // x24
void *v267; // x0
void *v268; // x23
int v269; // w25
void *v270; // x0
void *v271; // x23
void *v272; // x0
void *v273; // x25
void *v274; // x0
__int64 v275; // x0
__int64 v276; // x26
void *v277; // x0
__int64 v278; // x21
void *v279; // x0
void *v280; // x0
__int64 v281; // x20
void *v282; // x0
void *v283; // x0
void *v284; // x21
void *v285; // x0
void *v286; // x0
__int64 v287; // x0
__int64 v288; // x23
char *v289; // x22
void *v290; // x0
void *v291; // x24
int v292; // w25
void *v293; // x0
void *v294; // x24
signed int v295; // w23
void *v296; // x0
void *v297; // x0
__int64 v298; // x21
void *v299; // x0
void *v300; // x23
int v301; // w24
void *v302; // x0
__int64 v303; // x0
__int64 v304; // x24
void *v305; // x0
char *v306; // x22
char *v307; // x25
BOOL v308; // w22
DFNavigationController *v309; // x0
DFNavigationController *v310; // x21
void *v311; // x0
__int64 v312; // x0
__int64 v313; // x25
void *v314; // x0
void *v315; // x26
int v316; // w27
void *v317; // x0
void *v318; // x25
void *v319; // x0
__int64 v320; // x0
__int64 v321; // x25
void *v322; // x0
void *v323; // x26
int v324; // w27
void *v325; // x0
void *v326; // x25
char v327; // w24
void *v328; // x0
void *v329; // x21
void *v330; // x0
void *v331; // x23
void *v332; // x0
__int64 v333; // x0
__int64 v334; // x25
void *v335; // x0
__int64 v336; // x26
void *v337; // x0
void *v338; // x0
void *v339; // x0
void *v340; // x21
void *v341; // x0
void *v342; // x26
__int64 v343; // x20
unsigned __int64 v344; // x22
void *v345; // x23
void *v346; // x0
__int64 v347; // x24
void *v348; // x0
void *v349; // x21
struct objc_object *v350; // x0
void *v351; // x0
void *v352; // x22
void *v353; // x0
void *v354; // x23
void *v355; // x0
void *v356; // x0
void *v357; // x21
void *v358; // x0
DFNavigationController *v359; // x24
__int64 v360; // x0
DFNavigationController *v361; // x21
void *v362; // x0
__int64 v363; // x24
NSMutableArray *v364; // x0
void *v365; // x24
void *v366; // x0
__int64 v367; // x20
void *v368; // x0
__int64 v369; // x0
__int64 v370; // x24
void *v371; // x0
void *v372; // x26
int v373; // w27
void *v374; // x0
void *v375; // x24
void *v376; // x0
DFNavigationController *v377; // x0
void *v378; // x24
void *v379; // x0
__int64 v380; // x25
DFNavigationController *v381; // x24
void *v382; // x0
__int64 v383; // x20
void *v384; // x0
__int64 v385; // x0
__int64 v386; // x21
void *v387; // x0
void *v388; // x24
int v389; // w25
void *v390; // x0
void *v391; // x21
void *v392; // x0
void *v393; // x0
__int64 v394; // x0
__int64 v395; // x21
void *v396; // x0
void *v397; // x22
int v398; // w23
void *v399; // x0
void *v400; // x21
void *v401; // x0
NSMutableArray *v402; // x0
void *v403; // x0
__int64 v404; // x0
__int64 v405; // x24
void *v406; // x0
void *v407; // x25
int v408; // w26
void *v409; // x0
void *v410; // x0
void *v411; // x24
void *v412; // x0
void *v413; // x0
void *v414; // x26
int v415; // w27
void *v416; // x0
void *v417; // x26
void *v418; // x0
void *v419; // x25
int v420; // w21
void *v421; // x0
void *v422; // x0
void *v423; // x21
void *v424; // x0
NSMutableArray *v425; // x0
void *v426; // x23
char v427; // w24
NSMutableArray *v428; // x0
void *v429; // x24
void *v430; // x25
unsigned __int64 v431; // x24
NSMutableArray *v432; // x0
void *v433; // x0
void *v434; // x27
void *v435; // x0
__int64 v436; // x26
NSMutableArray *v437; // x0
void *v438; // x27
char v439; // w28
NSMutableArray *v440; // x0
void *v441; // x26
void *v442; // x27
NSMutableArray *v443; // x0
void *v444; // x21
NSMutableArray *v445; // x0
void *v446; // x21
bool result; // w0
__int64 v448; // [xsp+0h] [xbp-3D0h]
__int64 v449; // [xsp+0h] [xbp-3D0h]
char *v450; // [xsp+0h] [xbp-3D0h]
__int64 v451; // [xsp+0h] [xbp-3D0h]
__int64 v452; // [xsp+0h] [xbp-3D0h]
__int64 v453; // [xsp+0h] [xbp-3D0h]
__int64 v454; // [xsp+0h] [xbp-3D0h]
void *v455; // [xsp+0h] [xbp-3D0h]
__int64 v456; // [xsp+0h] [xbp-3D0h]
__int64 v457; // [xsp+0h] [xbp-3D0h]
__int64 v458; // [xsp+8h] [xbp-3C8h]
void *v459; // [xsp+8h] [xbp-3C8h]
void *v460; // [xsp+48h] [xbp-388h]
__int64 v461; // [xsp+60h] [xbp-370h]
__int64 v462; // [xsp+68h] [xbp-368h]
char *v463; // [xsp+70h] [xbp-360h]
char *v464; // [xsp+70h] [xbp-360h]
__int64 v465; // [xsp+80h] [xbp-350h]
__int64 v466; // [xsp+88h] [xbp-348h]
char *v467; // [xsp+90h] [xbp-340h]
char *v468; // [xsp+98h] [xbp-338h]
char *v469; // [xsp+98h] [xbp-338h]
char *v470; // [xsp+98h] [xbp-338h]
void *v471; // [xsp+A8h] [xbp-328h]
__int64 v472; // [xsp+B0h] [xbp-320h]
DFMicroApplicationManager *v473; // [xsp+B8h] [xbp-318h]
void **v474; // [xsp+C0h] [xbp-310h]
__int64 v475; // [xsp+C8h] [xbp-308h]
__int64 (__fastcall *v476)(); // [xsp+D0h] [xbp-300h]
void *v477; // [xsp+D8h] [xbp-2F8h]
__int64 v478; // [xsp+E0h] [xbp-2F0h]
__int64 v479; // [xsp+E8h] [xbp-2E8h]
__int64 v480; // [xsp+F0h] [xbp-2E0h]
char v481; // [xsp+F8h] [xbp-2D8h]
void **v482; // [xsp+100h] [xbp-2D0h]
__int64 v483; // [xsp+108h] [xbp-2C8h]
__int64 (__fastcall *v484)(); // [xsp+110h] [xbp-2C0h]
void *v485; // [xsp+118h] [xbp-2B8h]
__int64 v486; // [xsp+120h] [xbp-2B0h]
__int64 v487; // [xsp+128h] [xbp-2A8h]
void **v488; // [xsp+130h] [xbp-2A0h]
__int64 v489; // [xsp+138h] [xbp-298h]
__int64 (__fastcall *v490)(); // [xsp+140h] [xbp-290h]
void *v491; // [xsp+148h] [xbp-288h]
__int64 v492; // [xsp+150h] [xbp-280h]
__int64 v493; // [xsp+158h] [xbp-278h]
__int128 v494; // [xsp+160h] [xbp-270h]
__int128 v495; // [xsp+170h] [xbp-260h]
__int128 v496; // [xsp+180h] [xbp-250h]
__int128 v497; // [xsp+190h] [xbp-240h]
void **v498; // [xsp+1A0h] [xbp-230h]
__int64 v499; // [xsp+1A8h] [xbp-228h]
__int64 (__fastcall *v500)(); // [xsp+1B0h] [xbp-220h]
void *v501; // [xsp+1B8h] [xbp-218h]
__int64 v502; // [xsp+1C0h] [xbp-210h]
__int64 v503; // [xsp+1C8h] [xbp-208h]
__int64 v504; // [xsp+1D0h] [xbp-200h]
__int64 v505; // [xsp+1D8h] [xbp-1F8h]
__int64 v506; // [xsp+1E0h] [xbp-1F0h]
char v507; // [xsp+1E8h] [xbp-1E8h]
const __CFString *v508; // [xsp+1F0h] [xbp-1E0h]
__int64 v509; // [xsp+1F8h] [xbp-1D8h]
const __CFString *v510; // [xsp+200h] [xbp-1D0h]
const __CFString *v511; // [xsp+208h] [xbp-1C8h]
const __CFString *v512; // [xsp+210h] [xbp-1C0h]
__int64 v513; // [xsp+218h] [xbp-1B8h]
void *v514; // [xsp+220h] [xbp-1B0h]
__int64 v515; // [xsp+228h] [xbp-1A8h]
char v516; // [xsp+230h] [xbp-1A0h]
const __CFString *v517; // [xsp+2B0h] [xbp-120h]
const __CFString *v518; // [xsp+2B8h] [xbp-118h]
const __CFString *v519; // [xsp+2C0h] [xbp-110h]
__int64 v520; // [xsp+2C8h] [xbp-108h]
void *v521; // [xsp+2D0h] [xbp-100h]
__int64 v522; // [xsp+2D8h] [xbp-F8h]
__int128 v523; // [xsp+2E0h] [xbp-F0h]
const __CFString *v524; // [xsp+2F0h] [xbp-E0h]
__int64 v525; // [xsp+2F8h] [xbp-D8h]
__int64 v526; // [xsp+300h] [xbp-D0h]
__int64 v527; // [xsp+308h] [xbp-C8h]
__int64 v528; // [xsp+310h] [xbp-C0h]
__int64 v529; // [xsp+318h] [xbp-B8h]
__int64 v530; // [xsp+320h] [xbp-B0h]
__int64 v531; // [xsp+328h] [xbp-A8h]
const __CFString *v532; // [xsp+330h] [xbp-A0h]
const __CFString *v533; // [xsp+338h] [xbp-98h]
const __CFString *v534; // [xsp+340h] [xbp-90h]
__int64 v535; // [xsp+348h] [xbp-88h]
void *v536; // [xsp+350h] [xbp-80h]
__int64 v537; // [xsp+358h] [xbp-78h]
__int64 v538; // [xsp+360h] [xbp-70h]
Copy the codev5 = a5;
v6 = a4;
v7 = self;
v8 = (void *)objc_retain(a3);
v9 = objc_retain(v6);
if ( !v8 )
{
v20 = NSInvalidArgumentException;
v21 = CFSTR("The parameter 'app' MUST NOT be nil.");
LABEL_9:
objc_msgSend(&OBJC_CLASS___NSException, "raise:format:", v20, v21);
goto LABEL_10;
}
v10 = objc_msgSend(&OBJC_CLASS___DTMicroApplication, "class");
if ( !((unsigned __int64)objc_msgSend(v8, "isKindOfClass:", v10) & 1) )
{
v20 = NSGenericException;
v21 = CFSTR("The parameter 'app' MUST be a subclass of DFMicroApplication");
goto LABEL_9;
}
v473 = v7;
v11 = objc_msgSend(v8, "delegate");
v12 = objc_retainAutoreleasedReturnValue(v11);
if ( v12 )
{
v13 = v12;
v14 = objc_msgSend(v8, "delegate");
v15 = (void *)objc_retainAutoreleasedReturnValue(v14);
v16 = (unsigned __int64)objc_msgSend(v15, "respondsToSelector:", "applicationInterruptStart:params:aunchMode:");
objc_release(v15);
objc_release(v13);
if ( v16 )
{
v17 = objc_msgSend(v8, "delegate");
v18 = (void *)objc_retainAutoreleasedReturnValue(v17);
v19 = (unsigned __int64)objc_msgSend(v18, "applicationInterruptStart:params:aunchMode:", v8, v9, v5);
objc_release(v18);
if ( v19 )
{
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("doStartApplication interrupt %@"));
LABEL_10:
v22 = 0;
goto LABEL_178;
}
}
}
v463 = (char *)v5;
v23 = objc_msgSend(v8, "descriptor");
v24 = (void *)objc_retainAutoreleasedReturnValue(v23);
v25 = v24;
v26 = objc_msgSend(v24, "name");
v27 = objc_retainAutoreleasedReturnValue(v26);
if ( v27 )
{
v28 = objc_msgSend(v8, "descriptor");
v29 = (void *)objc_retainAutoreleasedReturnValue(v28);
v30 = v29;
v31 = objc_msgSend(v29, "name");
v32 = objc_retainAutoreleasedReturnValue(v31);
v33 = (const __CFString *)objc_retain(v32);
objc_release(v33);
objc_release(v30);
}
else
{
v33 = &stru_1057F4708;
objc_retain(&stru_1057F4708);
}
objc_release(v27);
objc_release(v25);
v34 = objc_msgSend(v8, "type");
v35 = objc_retainAutoreleasedReturnValue(v34);
if ( v35 )
{
v36 = objc_msgSend(v8, "type");
v37 = objc_retainAutoreleasedReturnValue(v36);
v38 = (const __CFString *)objc_retain(v37);
objc_release(v38);
}
else
{
v38 = &stru_1057F4708;
objc_retain(&stru_1057F4708);
}
v471 = (void *)v9;
objc_release(v35);
v39 = objc_msgSend(v8, "sourceId");
v40 = objc_retainAutoreleasedReturnValue(v39);
if ( v40 )
{
v41 = objc_msgSend(v8, "sourceId");
v42 = objc_retainAutoreleasedReturnValue(v41);
v43 = (const __CFString *)objc_retain(v42);
objc_release(v43);
}
else
{
v43 = &stru_1057F4708;
objc_retain(&stru_1057F4708);
}
v44 = objc_release(v40);
v45 = DTMicroApplicationGetCurrent(v44);
v46 = (void *)objc_retainAutoreleasedReturnValue(v45);
v47 = v46;
v48 = objc_msgSend(v46, "descriptor");
v49 = (void *)objc_retainAutoreleasedReturnValue(v48);
v50 = v49;
v51 = objc_msgSend(v49, "name");
v52 = (const __CFString *)objc_retainAutoreleasedReturnValue(v51);
v53 = v52;
if ( !v52 )
v52 = &stru_1057F4708;
v54 = objc_retain(v52);
objc_release(v53);
objc_release(v50);
objc_release(v47);
v55 = objc_msgSend(v471, "objectForKeyedSubscript:", CFSTR("chInfo"));
v56 = objc_retainAutoreleasedReturnValue(v55);
if ( v56 )
{
v57 = (__CFString *)objc_retain(v56);
objc_release(v57);
goto LABEL_25;
}
v58 = objc_msgSend(v8, "sceneParams");
v59 = (void *)objc_retainAutoreleasedReturnValue(v58);
v60 = v59;
v61 = objc_msgSend(v59, "objectForKeyedSubscript:", CFSTR("chInfo"));
v62 = objc_retainAutoreleasedReturnValue(v61);
v57 = (__CFString *)objc_retain(v62);
objc_release(v57);
objc_release(v60);
if ( v57 )
{
LABEL_25:
v63 = objc_msgSend(&OBJC_CLASS___NSString, "class");
if ( (unsigned __int64)objc_msgSend(v57, "isKindOfClass:", v63) & 1 )
goto LABEL_27;
}
objc_retain(&stru_1057F4708);
objc_release(v57);
v57 = &stru_1057F4708;
LABEL_27:
v64 = objc_msgSend(v8, "sceneParams");
v65 = objc_retainAutoreleasedReturnValue(v64);
objc_release(v65);
if ( v65 )
{
v66 = objc_msgSend(v8, "sceneParams");
v67 = (void *)objc_retainAutoreleasedReturnValue(v66);
v68 = objc_msgSend(v67, "mutableCopy");
objc_release(v67);
v69 = objc_msgSend(v68, "valueForKey:", CFSTR("kSceneParamsIsNotRequireAuth"));
v70 = objc_retainAutoreleasedReturnValue(v69);
objc_release(v70);
if ( v70 )
objc_msgSend(v68, "removeObjectForKey:", CFSTR("kSceneParamsIsNotRequireAuth"));
v71 = objc_msgSend(v68, "valueForKey:", CFSTR("fltFullLinkId"));
v72 = objc_retainAutoreleasedReturnValue(v71);
objc_release(v72);
if ( v72 )
objc_msgSend(v68, "removeObjectForKey:", CFSTR("fltFullLinkId"));
v73 = objc_msgSend(v68, "copy");
objc_msgSend(v8, "setSceneParams:", v73);
objc_release(v73);
objc_release(v68);
}
v74 = dispatch_get_global_queue(-2LL, 0LL);
v75 = objc_retainAutoreleasedReturnValue(v74);
v498 = _NSConcreteStackBlock;
v499 = 3254779904LL;
v500 = sub_100CD3BFC;
v501 = &unk_105689228;
v76 = objc_retain(v33);
v472 = v76;
v502 = v76;
v77 = objc_retain(v43);
v466 = v77;
v503 = v77;
v78 = objc_retain(v38);
v465 = v78;
v504 = v78;
v79 = objc_retain(v54);
v462 = v79;
v505 = v79;
v80 = objc_retain(v57);
v461 = v80;
v506 = v80;
aispatch_async(v75, &v498);
objc_release(v75);
v81 = objc_msgSend(v8, "delegate");
v82 = objc_retainAutoreleasedReturnValue(v81);
if ( v82 )
{
v83 = v82;
v84 = objc_msgSend(v8, "delegate");
v85 = (void *)objc_retainAutoreleasedReturnValue(v84);
v86 = (unsigned __int64)objc_msgSend(v85, "respondsToSelector:", "applicationLaunchMode:params:");
objc_release(v85);
objc_release(v83);
v9 = (__int64)v471;
v87 = v463;
if ( v86 )
{
v88 = objc_msgSend(v8, "delegate");
v89 = (void *)objc_retainAutoreleasedReturnValue(v88);
v87 = (char *)objc_msgSend(v89, "applicationLaunchMode:params:", v8, v471);
objc_release(v89);
v90 = objc_msgSend(v8, "delegate");
v448 = objc_retainAutoreleasedReturnValue(v90);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationLaunchMode : %@"));
objc_release(v448);
}
}
else
{
v9 = (__int64)v471;
v87 = v463;
}
objc_msgSend(v8, "setLaunchMode:", v87, v448);
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("doStartApplication %@"));
APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("doStartApplication"));
v91 = v473;
if ( !(unsigned int)-[DFMicroApplicationManager shouldHoldLoginApp](v473, "shouldHoldLoginApp", v8) )
{
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("self.shouldHoldLoginApp = NO"));
-[DFMicroApplicationManager setShouldHoldLoginApp:](v473, "setShouldHoldLoginApp:", 1LL);
LABEL_41:
if ( v472 )
{
v532 = CFSTR("appId");
v535 = v472;
v536 = v8;
v533 = CFSTR("DTMicroApplicationKey");
v534 = CFSTR("DTMicroApplicationParamsKey");
if ( v9 )
{
v112 = 0;
v113 = v9;
}
else
{
v114 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v507, &v507, 0LL);
v113 = objc_retainAutoreleasedReturnValue(v114);
v112 = 1;
}
v537 = v113;
v115 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v535, &v532, 3LL);
v116 = objc_retainAutoreleasedReturnValue(v115);
if ( v112 )
objc_release(v113);
v117 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter");
v118 = (void *)objc_retainAutoreleasedReturnValue(v117);
objc_msgSend(
v118,
"postNotificationName:object:userInfo:",
CFSTR("DTMicroApplicationWillStartNotification"),
0LL,
v116);
objc_release(v118);
objc_release(v116);
v91 = v473;
}
v119 = +DFContext sharedContext;
v460 = (void *)objc_retainAutoreleasedReturnValue(v119);
v120 = -[DFMicroApplicationManager findApp:](v91, "findApp:", v8);
v121 = objc_msgSend(v8, "sourceId");
v122 = (void *)objc_retainAutoreleasedReturnValue(v121);
if ( (unsigned int)objc_msgSend(v122, "isEqualToString:", CFSTR("outerUrl")) )
{
objc_release(v122);
}
else
{
v123 = objc_msgSend(v8, "sourceId");
v124 = (void *)objc_retainAutoreleasedReturnValue(v123);
v125 = (unsigned __int64)objc_msgSend(v124, "isEqualToString:", CFSTR("push"));
objc_release(v124);
objc_release(v122);
if ( !v125 )
goto LABEL_59;
}
if ( v120 == (char *)0x7FFFFFFFFFFFFFFFLL )
v126 = CFSTR("false");
else
v126 = CFSTR("true");
v127 = objc_retain(v126);
v128 = objc_msgSend(v8, "sourceAppBundleId");
v129 = (const __CFString *)objc_retainAutoreleasedReturnValue(v128);
v130 = v129;
if ( !v129 )
v129 = &stru_1057F4708;
v131 = v87;
v132 = objc_retain(v129);
objc_release(v130);
v133 = objc_msgSend(&OBJC_CLASS___UIApplication, "sharedApplication");
v134 = (void *)objc_retainAutoreleasedReturnValue(v133);
v135 = v134;
v136 = objc_msgSend(v134, "lastOpenedURL");
v137 = (void *)objc_retainAutoreleasedReturnValue(v136);
v138 = v137;
v139 = objc_msgSend(v137, "absoluteString");
v140 = (const __CFString *)objc_retainAutoreleasedReturnValue(v139);
v141 = v140;
if ( !v140 )
v140 = &stru_1057F4708;
v142 = objc_retain(v140);
objc_release(v141);
objc_release(v138);
v143 = objc_release(v135);
v144 = getAPRemoteLogger(v143);
v145 = (void *)objc_retainAutoreleasedReturnValue(v144);
v527 = v127;
v528 = v472;
v530 = v465;
v529 = v466;
v525 = v132;
v526 = v142;
*(_QWORD *)&v146 = CFSTR("bundleId");
*((_QWORD *)&v146 + 1) = CFSTR("url");
v523 = v146;
v524 = CFSTR("resumeApp");
v147 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v525, &v523, 3LL);
v148 = objc_retainAutoreleasedReturnValue(v147);
v531 = v148;
v149 = objc_msgSend(&OBJC_CLASS___NSArray, "arrayWithObjects:count:", &v528, 4LL);
v150 = objc_retainAutoreleasedReturnValue(v149);
objc_msgSend(
v145,
"writeLogWithActionId:extParams:appId:seed:ucId:bizType:",
CFSTR("event"),
v150,
&stru_1057F4708,
CFSTR("ext_s_phase_s_entry_call_doStartApp"),
&stru_1057F4708,
CFSTR("OutLaunch"));
objc_release(v150);
objc_release(v148);
objc_release(v145);
v151 = v142;
v9 = (__int64)v471;
objc_release(v151);
v152 = v132;
v87 = v131;
objc_release(v152);
objc_release(v127);
LABEL_59:
v153 = v473;
v154 = -DFMicroApplicationManager currentApplication;
v467 = (char *)objc_retainAutoreleasedReturnValue(v154);
if ( v120 != (char *)0x7FFFFFFFFFFFFFFFLL )
{
v468 = (char *)((unsigned __int64)v87 | 2);
v450 = v120;
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("app already in stack, index = %ld"));
if ( v472 )
{
v510 = CFSTR("appId");
v514 = v8;
v513 = v472;
v512 = CFSTR("resumeApp");
v511 = CFSTR("DTMicroApplicationKey");
v169 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithInt:", 1LL, v120);
v170 = objc_retainAutoreleasedReturnValue(v169);
v515 = v170;
v171 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v513, &v510, 3LL);
v172 = objc_retainAutoreleasedReturnValue(v171);
objc_release(v170);
v173 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter");
v174 = (void *)objc_retainAutoreleasedReturnValue(v173);
objc_msgSend(
v174,
"postNotificationName:object:userInfo:",
CFSTR("DTMicroApplicationDidStartNotification"),
0LL,
v172);
v175 = v174;
v153 = v473;
objc_release(v175);
objc_release(v172);
}
v176 = -[DFMicroApplicationManager applicationStack](v153, "applicationStack", v450);
v177 = (void *)objc_retainAutoreleasedReturnValue(v176);
v178 = (char *)objc_msgSend(v177, "count") - 1;
objc_release(v177);
if ( v120 < v178 )
-[DFMicroApplicationManager setExistingAppFlag:](v473, "setExistingAppFlag:", 1LL);
v508 = CFSTR("NoLifecycleCallback");
v179 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithBool:", 1LL);
v180 = objc_retainAutoreleasedReturnValue(v179);
v181 = v180;
v509 = v180;
v182 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v509, &v508, 1LL);
v183 = objc_retainAutoreleasedReturnValue(v182);
objc_release(v181);
v184 = objc_msgSend(v8, "delegate");
v185 = objc_retainAutoreleasedReturnValue(v184);
if ( v185 )
{
v186 = v185;
v187 = objc_msgSend(v8, "delegate");
v188 = (void *)objc_retainAutoreleasedReturnValue(v187);
v189 = (unsigned __int64)objc_msgSend(v188, "respondsToSelector:", "application:willResumeWithOptions:");
objc_release(v188);
objc_release(v186);
if ( v189 )
{
v190 = objc_msgSend(v8, "delegate");
v191 = (void *)objc_retainAutoreleasedReturnValue(v190);
objc_msgSend(v191, "application:willResumeWithOptions:", v8, v471);
objc_release(v191);
v192 = objc_msgSend(v8, "delegate");
v451 = objc_retainAutoreleasedReturnValue(v192);
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("willResumeWithOptions delegate = %@"));
objc_release(v451);
}
}
v193 = objc_msgSend(v8, "delegate", v451);
v194 = objc_retainAutoreleasedReturnValue(v193);
if ( v194 )
{
v195 = v194;
v196 = objc_msgSend(v8, "delegate");
v197 = (void *)objc_retainAutoreleasedReturnValue(v196);
v198 = (unsigned __int64)objc_msgSend(
v197,
"respondsToSelector:",
"application:willResumeWithOptions:isStartApp:");
objc_release(v197);
objc_release(v195);
if ( v198 )
{
v199 = objc_msgSend(v8, "delegate");
v200 = (void *)objc_retainAutoreleasedReturnValue(v199);
objc_msgSend(v200, "application:willResumeWithOptions:isStartApp:", v8, v471, 1LL);
objc_release(v200);
v201 = objc_msgSend(v8, "delegate");
v452 = objc_retainAutoreleasedReturnValue(v201);
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("willResumeWithOptions:isStartApp delegate = %@"));
objc_release(v452);
}
}
v202 = -[DFMicroApplicationManager applicationStack](v473, "applicationStack", v452);
v203 = (void *)objc_retainAutoreleasedReturnValue(v202);
v204 = (char *)objc_msgSend(v203, "count");
objc_release(v203);
v205 = (signed __int64)(v204 - 2);
if ( (signed __int64)v120 < (signed __int64)(v204 - 2) )
{
v206 = -DFMicroApplicationManager applicationStack;
v207 = (void *)objc_retainAutoreleasedReturnValue(v206);
v208 = (char *)objc_msgSend(v207, "count");
objc_release(v207);
v209 = (signed __int64)(v208 - 1);
if ( (signed __int64)(v208 - 1) > (signed __int64)(v120 + 1) )
{
v210 = (signed __int64)&v204[(_QWORD)v120 + 2];
do
-[DFMicroApplicationManager exitApplicationAtIndex:animated:options:](
v473,
"exitApplicationAtIndex:animated:options:",
v209--,
0LL,
v183);
while ( v209 > (signed __int64)(v120 + 1) );
v205 = v210 - (_QWORD)v208 - 2;
}
}
if ( v120 == (char *)v205 )
{
v211 = -DFMicroApplicationManager applicationStack;
v212 = (void *)objc_retainAutoreleasedReturnValue(v211);
v213 = v212;
v214 = (signed __int64)(v120 + 1);
v215 = objc_msgSend(v212, "objectAtIndex:", v214);
v216 = objc_retainAutoreleasedReturnValue(v215);
objc_release(v213);
v217 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithBool:", 1LL);
v218 = objc_retainAutoreleasedReturnValue(v217);
objc_setAssociatedObject(v216, &unk_107F15F90, v218, 0LL);
objc_release(v218);
-[DFMicroApplicationManager exitApplicationAtIndex:animated:options:](
v473,
"exitApplicationAtIndex:animated:options:",
v214,
v468 == (char *)3,
v183);
objc_release(v216);
}
objc_initWeak(&v481, v473);
v219 = v473->_queueForApp;
v474 = _NSConcreteStackBlock;
v475 = 3254779904LL;
v476 = sub_100CD3F40;
v477 = &unk_1056681C8;
v478 = objc_retain(v8);
v9 = (__int64)v471;
v479 = objc_retain(v471);
objc_copyWeak(&v480, &v481);
aispatch_async(v219, &v474);
objc_destroyWeak(&v480);
objc_release(v479);
objc_release(v478);
objc_destroyWeak(&v481);
v220 = (DFStartApplicationOperation *)v183;
goto LABEL_175;
}
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("app not in stack, normal start, %@"));
if ( (unsigned int)-[DFMicroApplicationManager existingAppFlag](v473, "existingAppFlag", v8) )
{
v155 = objc_msgSend(&OBJC_CLASS___DFStartApplicationOperation, "alloc");
v156 = objc_msgSend(v155, "init");
v157 = objc_msgSend(v8, "descriptor");
v158 = (void *)objc_retainAutoreleasedReturnValue(v157);
v159 = v158;
v160 = objc_msgSend(v158, "name");
v161 = objc_retainAutoreleasedReturnValue(v160);
-[DFStartApplicationOperation setAppName:](v156, "setAppName:", v161);
objc_release(v161);
objc_release(v159);
-[DFStartApplicationOperation setParams:](v156, "setParams:", v9);
-[DFStartApplicationOperation setLaunchMode:](v156, "setLaunchMode:", v87);
v162 = objc_msgSend(v8, "sceneParams");
v163 = objc_retainAutoreleasedReturnValue(v162);
-[DFStartApplicationOperation setSceneParams:](v156, "setSceneParams:", v163);
objc_release(v163);
v164 = objc_msgSend(v8, "sourceId");
v165 = objc_retainAutoreleasedReturnValue(v164);
-[DFStartApplicationOperation setSourceId:](v156, "setSourceId:", v165);
objc_release(v165);
v166 = objc_msgSend(v8, "appClearTop");
-[DFStartApplicationOperation setAppClearTop:](v156, "setAppClearTop:", v166);
v167 = -DFMicroApplicationManager pendingOperations;
v168 = (void *)objc_retainAutoreleasedReturnValue(v167);
objc_msgSend(v168, "addObject:", v156);
objc_release(v168);
-DFMicroApplicationManager resignLoginHoldingFlag;
LABEL_174:
v220 = v156;
LABEL_175:
objc_release(v220);
v111 = v472;
LABEL_176:
objc_release(v467);
objc_release(v460);
v22 = 1;
goto LABEL_177;
}
v221 = -DFMicroApplicationManager applicationStack;
v222 = objc_retainAutoreleasedReturnValue(v221);
objc_sync_enter();
v223 = -DFMicroApplicationManager applicationStack;
v224 = (void *)objc_retainAutoreleasedReturnValue(v223);
objc_msgSend(v224, "addObject:", v8);
objc_release(v224);
objc_sync_exit(v222);
objc_release(v222);
v111 = v472;
if ( v472 )
{
v517 = CFSTR("appId");
v521 = v8;
v520 = v472;
v519 = CFSTR("DTMicroApplicationParamsKey");
v518 = CFSTR("DTMicroApplicationKey");
if ( v9 )
{
v225 = 0;
v226 = v9;
}
else
{
v227 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v507, &v507, 0LL);
v226 = objc_retainAutoreleasedReturnValue(v227);
v225 = 1;
}
v522 = v226;
v228 = objc_msgSend(&OBJC_CLASS___NSDictionary, "dictionaryWithObjects:forKeys:count:", &v520, &v517, 3LL);
v229 = objc_retainAutoreleasedReturnValue(v228);
if ( v225 )
objc_release(v226);
v230 = objc_msgSend(&OBJC_CLASS___NSNotificationCenter, "defaultCenter");
v231 = (void *)objc_retainAutoreleasedReturnValue(v230);
objc_msgSend(
v231,
"postNotificationName:object:userInfo:",
CFSTR("DTMicroApplicationDidStartNotification"),
0LL,
v229);
objc_release(v231);
objc_release(v229);
}
v469 = (char *)((unsigned __int64)v87 | 2);
v232 = (unsigned __int64)objc_msgSend(v8, "createFromCache");
v233 = objc_msgSend(v8, "delegate");
v234 = objc_retainAutoreleasedReturnValue(v233);
v235 = v234;
if ( v232 )
{
if ( !v234 )
goto LABEL_95;
v236 = objc_msgSend(v8, "delegate");
v237 = (void *)objc_retainAutoreleasedReturnValue(v236);
v238 = (unsigned __int64)objc_msgSend(v237, "respondsToSelector:", "applicationWillShow:options:");
objc_release(v237);
objc_release(v235);
if ( !v238 )
goto LABEL_95;
v239 = objc_msgSend(v8, "delegate");
v240 = (void *)objc_retainAutoreleasedReturnValue(v239);
objc_msgSend(v240, "applicationWillShow:options:", v8, v9);
objc_release(v240);
v241 = objc_msgSend(v8, "delegate");
v242 = objc_retainAutoreleasedReturnValue(v241);
v449 = v242;
v243 = CFSTR("applicationWillShow : %@");
}
else
{
if ( !v234 )
goto LABEL_95;
v244 = objc_msgSend(v8, "delegate");
v245 = (void *)objc_retainAutoreleasedReturnValue(v244);
v246 = (unsigned __int64)objc_msgSend(v245, "respondsToSelector:", "application:willStartLaunchingWithOptions:");
objc_release(v245);
objc_release(v235);
if ( !v246 )
goto LABEL_95;
v247 = objc_msgSend(v8, "delegate");
v248 = (void *)objc_retainAutoreleasedReturnValue(v247);
objc_msgSend(v248, "application:willStartLaunchingWithOptions:", v8, v9);
objc_release(v248);
v249 = objc_msgSend(v8, "delegate");
v242 = objc_retainAutoreleasedReturnValue(v249);
v449 = v242;
v243 = CFSTR("willStartLaunchingWithOptions : %@");
}
APLogToFile(CFSTR("APMobileFramework"), 20000LL, v243);
objc_release(v242);
LABEL_95:
if ( v467 )
{
v250 = objc_msgSend(v467, "delegate", v449);
v251 = objc_retainAutoreleasedReturnValue(v250);
if ( v251 )
{
v252 = v251;
v253 = objc_msgSend(v467, "delegate");
v254 = (void *)objc_retainAutoreleasedReturnValue(v253);
v255 = (unsigned __int64)objc_msgSend(v254, "respondsToSelector:", "applicationWillPause:");
objc_release(v254);
objc_release(v252);
if ( v255 )
{
v256 = objc_msgSend(v467, "delegate");
v257 = (void *)objc_retainAutoreleasedReturnValue(v256);
objc_msgSend(v257, "applicationWillPause:", v467);
objc_release(v257);
v258 = objc_msgSend(v467, "delegate");
v449 = objc_retainAutoreleasedReturnValue(v258);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationWillPause : %@"));
objc_release(v449);
}
}
}
if ( (unsigned int)objc_msgSend(v8, "shouldDelayRelease", v449)
&& (v259 = objc_msgSend(v8, "cachedViewControllers"),
v260 = (void *)objc_retainAutoreleasedReturnValue(v259),
v261 = objc_msgSend(v260, "count"),
objc_release(v260),
v261) )
{
v464 = v87;
v262 = objc_msgSend(v8, "viewControllers");
v263 = (void *)objc_retainAutoreleasedReturnValue(v262);
objc_msgSend(v263, "removeAllObjects");
objc_release(v263);
v264 = objc_msgSend(v8, "delegate");
v265 = objc_retainAutoreleasedReturnValue(v264);
if ( v265
&& (v266 = v265,
v267 = objc_msgSend(v8, "delegate"),
v268 = (void *)objc_retainAutoreleasedReturnValue(v267),
v269 = (unsigned __int64)objc_msgSend(
v268,
"respondsToSelector:",
"delayReleaseApplicationControllers:params:"),
objc_release(v268),
objc_release(v266),
v269) )
{
v270 = objc_msgSend(v8, "viewControllers");
v271 = (void *)objc_retainAutoreleasedReturnValue(v270);
v272 = objc_msgSend(v8, "delegate");
v273 = (void *)objc_retainAutoreleasedReturnValue(v272);
v274 = objc_msgSend(v8, "cachedViewControllers");
v275 = objc_retainAutoreleasedReturnValue(v274);
v276 = v275;
v277 = objc_msgSend(v273, "delayReleaseApplicationControllers:params:", v275, v9);
v278 = objc_retainAutoreleasedReturnValue(v277);
objc_msgSend(v271, "addObjectsFromArray:", v278);
objc_release(v278);
objc_release(v276);
objc_release(v273);
v279 = v271;
}
else
{
v297 = objc_msgSend(v8, "delegate");
v298 = objc_retainAutoreleasedReturnValue(v297);
if ( v298 )
{
v299 = objc_msgSend(v8, "delegate");
v300 = (void *)objc_retainAutoreleasedReturnValue(v299);
v301 = (unsigned __int64)objc_msgSend(v300, "respondsToSelector:", "delayReleaseApplicationControllers:");
objc_release(v300);
}
else
{
v301 = 0;
}
objc_release(v298);
v328 = objc_msgSend(v8, "viewControllers");
v329 = (void *)objc_retainAutoreleasedReturnValue(v328);
if ( v301 )
{
v330 = objc_msgSend(v8, "delegate");
v331 = (void *)objc_retainAutoreleasedReturnValue(v330);
v332 = objc_msgSend(v8, "cachedViewControllers");
v333 = objc_retainAutoreleasedReturnValue(v332);
v334 = v333;
v335 = objc_msgSend(v331, "delayReleaseApplicationControllers:", v333);
v336 = objc_retainAutoreleasedReturnValue(v335);
objc_msgSend(v329, "addObjectsFromArray:", v336);
objc_release(v336);
objc_release(v334);
}
else
{
v337 = objc_msgSend(v8, "cachedViewControllers");
v331 = (void *)objc_retainAutoreleasedReturnValue(v337);
objc_msgSend(v329, "addObjectsFromArray:", v331);
}
objc_release(v331);
v279 = v329;
}
objc_release(v279);
v496 = 0u;
v497 = 0u;
v494 = 0u;
v495 = 0u;
v338 = objc_msgSend(v8, "viewControllers");
v339 = (void *)objc_retainAutoreleasedReturnValue(v338);
v340 = v339;
v341 = objc_msgSend(v339, "countByEnumeratingWithState:objects:count:", &v494, &v516, 16LL);
if ( v341 )
{
v342 = v341;
v343 = *(_QWORD *)v495;
do
{
v344 = 0LL;
do
{
if ( *(_QWORD )v495 != v343 )
objc_enumerationMutation(v340);
v345 = (void **)(((_QWORD )&v494 + 1) + 8 * v344);
v346 = objc_msgSend((void **)(((_QWORD *)&v494 + 1) + 8 * v344), "microApplication");
v347 = objc_retainAutoreleasedReturnValue(v346);
objc_release(v347);
if ( !v347 )
objc_msgSend(v345, "setMicroApplication:", v8);
++v344;
}
while ( v344 < (unsigned __int64)v342 );
v342 = objc_msgSend(v340, "countByEnumeratingWithState:objects:count:", &v494, &v516, 16LL);
}
while ( v342 );
}
objc_release(v340);
v348 = objc_msgSend(v8, "cachedViewControllers");
v349 = (void *)objc_retainAutoreleasedReturnValue(v348);
objc_msgSend(v349, "removeAllObjects");
objc_release(v349);
v350 = -[DFMicroApplicationManager findPreviousAppAndNavigationControllerForApp:](
v473,
"findPreviousAppAndNavigationControllerForApp:",
v8);
v351 = (void *)objc_retainAutoreleasedReturnValue(v350);
v352 = v351;
v353 = objc_msgSend(v351, "objectForKeyedSubscript:", CFSTR("navController"));
v354 = (void *)objc_retainAutoreleasedReturnValue(v353);
v455 = v8;
v459 = v354;
APLogToFile(
CFSTR("APMobileRuntime"),
20000LL,
CFSTR("delay release,findPreviousAppAndNavigationControllerForApp: %@, navi: %@"));
if ( !v354 )
{
v355 = objc_msgSend(v460, "window", v8, 0LL);
v356 = (void *)objc_retainAutoreleasedReturnValue(v355);
v357 = v356;
v358 = objc_msgSend(v356, "rootViewController");
v354 = (void *)objc_retainAutoreleasedReturnValue(v358);
objc_release(v357);
}
v9 = (__int64)v471;
if ( (unsigned __int64)(v464 - 3) > 1 )
{
v378 = objc_msgSend(&OBJC_CLASS___NSMutableArray, "alloc", v455, v459);
v379 = objc_msgSend(v354, "viewControllers");
v380 = objc_retainAutoreleasedReturnValue(v379);
v381 = (DFNavigationController *)objc_msgSend(v378, "initWithArray:", v380);
objc_release(v380);
v382 = objc_msgSend(v8, "viewControllers");
v383 = objc_retainAutoreleasedReturnValue(v382);
objc_msgSend(v381, "addObjectsFromArray:", v383);
objc_release(v383);
objc_msgSend(v354, "setViewControllers:animated:", v381, v469 == (char *)3);
v377 = v381;
}
else
{
v359 = objc_msgSend(&OBJC_CLASS___DFNavigationController, "alloc", v455, v459);
v360 = NSClassFromString(CFSTR("APNavigationBar"));
v361 = -[DFNavigationController initWithNavigationBarClass:toolbarClass:](
v359,
"initWithNavigationBarClass:toolbarClass:",
v360,
0LL);
v362 = objc_msgSend(v8, "viewControllers");
v363 = objc_retainAutoreleasedReturnValue(v362);
-[DFNavigationController setViewControllers:animated:](v361, "setViewControllers:animated:", v363, 0LL);
objc_release(v363);
v364 = -DFNavigationController items;
v365 = (void *)objc_retainAutoreleasedReturnValue(v364);
v366 = objc_msgSend(v8, "viewControllers");
v367 = objc_retainAutoreleasedReturnValue(v366);
objc_msgSend(v365, "addObjectsFromArray:", v367);
objc_release(v367);
objc_release(v365);
v368 = objc_msgSend(v8, "delegate");
v369 = objc_retainAutoreleasedReturnValue(v368);
if ( v369 )
{
v370 = v369;
v371 = objc_msgSend(v8, "delegate");
v372 = (void *)objc_retainAutoreleasedReturnValue(v371);
v373 = (unsigned __int64)objc_msgSend(v372, "respondsToSelector:");
objc_release(v372);
objc_release(v370);
if ( v373 )
{
v374 = objc_msgSend(v8, "delegate");
v375 = (void *)objc_retainAutoreleasedReturnValue(v374);
objc_msgSend(v375, "applicationShouldPresent:params:navigationController:", v8, v471, v361);
objc_release(v375);
v376 = objc_msgSend(v8, "delegate");
v456 = objc_retainAutoreleasedReturnValue(v376);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationShouldPresent : %@"));
objc_release(v456);
}
}
v488 = _NSConcreteStackBlock;
v489 = 3254779904LL;
v490 = sub_100CD3D50;
v491 = &unk_105667020;
v492 = objc_retain(v8);
v493 = objc_retain(v471);
objc_msgSend(
v354,
"presentViewController:animated:completion:",
v361,
(v464 == (char *)3) & (unsigned __int8)(v469 == (char *)3),
&v488,
v456);
objc_release(v493);
objc_release(v492);
v377 = v361;
}
objc_release(v377);
v111 = v472;
v384 = objc_msgSend(v8, "delegate");
v385 = objc_retainAutoreleasedReturnValue(v384);
if ( v385 )
{
v386 = v385;
v387 = objc_msgSend(v8, "delegate");
v388 = (void *)objc_retainAutoreleasedReturnValue(v387);
v389 = (unsigned __int64)objc_msgSend(v388, "respondsToSelector:", "applicationDidShow:");
objc_release(v388);
objc_release(v386);
if ( v389 )
{
v390 = objc_msgSend(v8, "delegate");
v391 = (void *)objc_retainAutoreleasedReturnValue(v390);
objc_msgSend(v391, "applicationDidShow:", v8);
objc_release(v391);
v392 = objc_msgSend(v8, "delegate");
v453 = objc_retainAutoreleasedReturnValue(v392);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationDidShow : %@"));
objc_release(v453);
}
}
objc_release(v354);
objc_release(v352);
}
else
{
APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("create rootController begin"));
v280 = objc_msgSend(v8, "rootController");
v281 = objc_retainAutoreleasedReturnValue(v280);
v453 = v281;
APLogToFile(CFSTR("##BOOTMONITOR##"), 20000LL, CFSTR("create rootController end %@"));
if ( v281 )
{
v282 = objc_msgSend(v460, "window", v281);
v283 = (void *)objc_retainAutoreleasedReturnValue(v282);
v284 = v283;
v285 = objc_msgSend(v283, "rootViewController");
v470 = (char *)objc_retainAutoreleasedReturnValue(v285);
objc_release(v284);
v286 = objc_msgSend(v8, "delegate");
v287 = objc_retainAutoreleasedReturnValue(v286);
if ( v287 )
{
v288 = v287;
v289 = v87;
v290 = objc_msgSend(v8, "delegate");
v291 = (void *)objc_retainAutoreleasedReturnValue(v290);
v292 = (unsigned __int64)objc_msgSend(
v291,
"respondsToSelector:",
"applicationStartRootControllerWithNoAnimation:");
objc_release(v291);
objc_release(v288);
if ( v292 )
{
v293 = objc_msgSend(v8, "delegate");
v294 = (void *)objc_retainAutoreleasedReturnValue(v293);
v295 = (unsigned __int64)objc_msgSend(v294, "applicationStartRootControllerWithNoAnimation:", v8) ^ 1;
objc_release(v294);
v296 = objc_msgSend(v8, "delegate");
v454 = objc_retainAutoreleasedReturnValue(v296);
APLogToFile(
CFSTR("APMobileFramework"),
20000LL,
CFSTR("applicationStartRootControllerWithNoAnimation : %@"));
objc_release(v454);
}
else
{
v295 = 1;
}
v87 = v289;
}
else
{
v295 = 1;
}
v302 = objc_msgSend(v470, "class", v454);
v303 = NSStringFromClass(v302);
v304 = objc_retainAutoreleasedReturnValue(v303);
v305 = objc_msgSend(&OBJC_CLASS___NSNumber, "numberWithInteger:", v87);
v306 = v87;
v453 = v304;
v458 = objc_retainAutoreleasedReturnValue(v305);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("navigationController is : %@, launchMode is : %@"));
objc_release(v458);
objc_release(v304);
if ( (unsigned __int64)(v87 - 1) <= 5 )
JUMPOUT(CS, (char *)&loc_100CD2BD4 + 4 * byte_107F15F78[(_QWORD)(v87 - 1)]);
v307 = v470;
if ( (unsigned __int64)(v306 - 3) <= 1 )
{
v308 = v306 == (char *)3;
v309 = objc_msgSend(&OBJC_CLASS___DFNavigationController, "alloc", v304, v458);
v310 = -[DFNavigationController initWithRootViewController:](v309, "initWithRootViewController:", v281);
v311 = objc_msgSend(v8, "delegate");
v312 = objc_retainAutoreleasedReturnValue(v311);
if ( v312 )
{
v313 = v312;
v314 = objc_msgSend(v8, "delegate");
v315 = (void *)objc_retainAutoreleasedReturnValue(v314);
v316 = (unsigned __int64)objc_msgSend(
v315,
"respondsToSelector:",
"applicationShouldPresent:params:navigationController:");
objc_release(v315);
objc_release(v313);
if ( v316 )
{
v317 = objc_msgSend(v8, "delegate");
v318 = (void *)objc_retainAutoreleasedReturnValue(v317);
objc_msgSend(v318, "applicationShouldPresent:params:navigationController:", v8, v471, v310);
objc_release(v318);
}
}
v319 = objc_msgSend(v8, "delegate");
v320 = objc_retainAutoreleasedReturnValue(v319);
if ( !v320 )
goto LABEL_182;
v321 = v320;
v322 = objc_msgSend(v8, "delegate");
v323 = (void *)objc_retainAutoreleasedReturnValue(v322);
v324 = (unsigned __int64)objc_msgSend(
v323,
"respondsToSelector:",
"applicationShouldStopPresent:params:navigationController:");
objc_release(v323);
objc_release(v321);
if ( !v324
|| (v325 = objc_msgSend(v8, "delegate"),
v326 = (void *)objc_retainAutoreleasedReturnValue(v325),
v327 = (unsigned __int64)objc_msgSend(
v326,
"applicationShouldStopPresent:params:navigationController:",
v8,
v471,
v310),
objc_release(v326),
!(v327 & 1)) )
{
LABEL_182:
v482 = _NSConcreteStackBlock;
v483 = 3254779904LL;
v484 = sub_100CD3E6C;
v485 = &unk_105667020;
v486 = objc_retain(v8);
v487 = objc_retain(v471);
objc_msgSend(v470, "presentViewController:animated:completion:", v310, v308 & (unsigned int)v295, &v482);
objc_release(v487);
objc_release(v486);
}
objc_release(v310);
v9 = (__int64)v471;
v111 = v472;
v307 = v470;
}
objc_release(v307);
}
objc_release(v281);
}
if ( !((unsigned __int64)objc_msgSend(v8, "createFromCache", v453, v458) & 1) )
{
v393 = objc_msgSend(v8, "delegate");
v394 = objc_retainAutoreleasedReturnValue(v393);
if ( v394 )
{
v395 = v394;
v396 = objc_msgSend(v8, "delegate");
v397 = (void *)objc_retainAutoreleasedReturnValue(v396);
v398 = (unsigned __int64)objc_msgSend(v397, "respondsToSelector:", "applicationDidFinishLaunching:");
objc_release(v397);
objc_release(v395);
if ( v398 )
{
v399 = objc_msgSend(v8, "delegate");
v400 = (void *)objc_retainAutoreleasedReturnValue(v399);
objc_msgSend(v400, "applicationDidFinishLaunching:", v8);
objc_release(v400);
v401 = objc_msgSend(v8, "delegate");
v457 = objc_retainAutoreleasedReturnValue(v401);
APLogToFile(CFSTR("APMobileFramework"), 20000LL, CFSTR("applicationDidFinishLaunching : %@"));
objc_release(v457);
}
}
}
-[DFMicroApplicationManager resignLoginHoldingFlag](v473, "resignLoginHoldingFlag", v457);
if ( (unsigned __int64)objc_msgSend(v8, "createFromCache") & 1 )
goto LABEL_176;
v402 = -DFMicroApplicationManager delayReleaseApplications;
v156 = (DFStartApplicationOperation *)objc_retainAutoreleasedReturnValue(v402);
objc_sync_enter();
v403 = objc_msgSend(v8, "delegate");
v404 = objc_retainAutoreleasedReturnValue(v403);
if ( v404 )
{
v405 = v404;
v406 = objc_msgSend(v8, "delegate");
v407 = (void *)objc_retainAutoreleasedReturnValue(v406);
v408 = (unsigned __int64)objc_msgSend(v407, "respondsToSelector:", "applicationShouldDelayRelease:");
objc_release(v407);
objc_release(v405);
if ( v408 )
{
v409 = objc_msgSend(v8, "delegate");
v410 = (void *)objc_retainAutoreleasedReturnValue(v409);
v411 = v410;
v412 = objc_msgSend(v410, "applicationShouldDelayRelease:", v8);
objc_msgSend(v8, "setShouldDelayRelease:", v412);
objc_release(v411);
if ( (unsigned int)objc_msgSend(v8, "shouldDelayRelease") )
{
objc_msgSend(v8, "setShouldReleaseWhenMemoryWarning:", 1LL);
objc_msgSend(v8, "setAppSurvivalTimeInterval:", 300.0);
v413 = objc_msgSend(v8, "delegate");
v414 = (void *)objc_retainAutoreleasedReturnValue(v413);
v415 = (unsigned __int64)objc_msgSend(v414, "respondsToSelector:", "survivalTimeIntervalOfApplication:");
objc_release(v414);
if ( v415 )
{
v416 = objc_msgSend(v8, "delegate");
v417 = (void *)objc_retainAutoreleasedReturnValue(v416);
objc_msgSend(v417, "survivalTimeIntervalOfApplication:", v8);
objc_msgSend(v8, "setAppSurvivalTimeInterval:");
objc_release(v417);
}
v418 = objc_msgSend(v8, "delegate");
v419 = (void *)objc_retainAutoreleasedReturnValue(v418);
v420 = (unsigned __int64)objc_msgSend(
v419,
"respondsToSelector:",
"applicationShouldReleaseWhenReceivedMemoryWarning:");
objc_release(v419);
if ( v420 )
{
v421 = objc_msgSend(v8, "delegate");
v422 = (void *)objc_retainAutoreleasedReturnValue(v421);
v423 = v422;
v424 = objc_msgSend(v422, "applicationShouldReleaseWhenReceivedMemoryWarning:", v8);
objc_msgSend(v8, "setShouldReleaseWhenMemoryWarning:", v424);
objc_release(v423);
}
v425 = -DFMicroApplicationManager delayReleaseApplications;
v426 = (void *)objc_retainAutoreleasedReturnValue(v425);
v427 = (unsigned __int64)objc_msgSend(v426, "containsObject:", v8);
objc_release(v426);
if ( !(v427 & 1) )
{
v428 = -DFMicroApplicationManager delayReleaseApplications;
v429 = (void *)objc_retainAutoreleasedReturnValue(v428);
v430 = objc_msgSend(v429, "count");
objc_release(v429);
if ( (unsigned __int64)v430 >= 5 )
{
v431 = 0LL;
while ( 1 )
{
v440 = -DFMicroApplicationManager delayReleaseApplications;
v441 = (void *)objc_retainAutoreleasedReturnValue(v440);
v442 = objc_msgSend(v441, "count");
objc_release(v441);
if ( (unsigned __int64)v442 <= v431 )
break;
v432 = -DFMicroApplicationManager delayReleaseApplications;
v433 = (void *)objc_retainAutoreleasedReturnValue(v432);
v434 = v433;
v435 = objc_msgSend(v433, "objectAtIndexedSubscript:", v431);
v436 = objc_retainAutoreleasedReturnValue(v435);
objc_release(v434);
v437 = -DFMicroApplicationManager applicationStack;
v438 = (void *)objc_retainAutoreleasedReturnValue(v437);
v439 = (unsigned __int64)objc_msgSend(v438, "containsObject:", v436);
objc_release(v438);
if ( !(v439 & 1) )
{
v443 = -DFMicroApplicationManager delayReleaseApplications;
v9 = (__int64)v471;
v444 = (void *)objc_retain(v443);
objc_msgSend(v444, "removeObjectAtIndex:", (unsigned int)v431);
objc_release(v444);
objc_release(v436);
break;
}
objc_release(v436);
++v431;
v9 = (__int64)v471;
}
}
v445 = -DFMicroApplicationManager delayReleaseApplications;
v446 = (void *)objc_retainAutoreleasedReturnValue(v445);
objc_msgSend(v446, "addObject:", v8);
objc_release(v446);
}
}
}
}
objc_sync_exit(v156);
goto LABEL_174;
}
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("self.shouldHoldLoginApp = YES"));
v92 = objc_msgSend(v8, "descriptor");
v93 = (void *)objc_retainAutoreleasedReturnValue(v92);
v94 = v93;
v95 = objc_msgSend(v93, "name");
v96 = (void *)objc_retainAutoreleasedReturnValue(v95);
v97 = (unsigned __int64)objc_msgSend(v96, "isEqualToString:", CFSTR("20000008"));
v98 = v96;
v91 = v473;
objc_release(v98);
objc_release(v94);
if ( !v97 )
goto LABEL_41;
APLogToFile(CFSTR("APMobileRuntime"), 20000LL, CFSTR("Record login operation"));
v99 = objc_msgSend(&OBJC_CLASS___DFStartApplicationOperation, "alloc");
-[DFMicroApplicationManager setLoginOperation:](v473, "setLoginOperation:", v99);
objc_release(v99);
v100 = objc_msgSend(v8, "descriptor");
v101 = (void *)objc_retainAutoreleasedReturnValue(v100);
v102 = v101;
v103 = objc_msgSend(v101, "name");
v104 = objc_retainAutoreleasedReturnValue(v103);
v105 = -DFMicroApplicationManager loginOperation;
v106 = (void *)objc_retainAutoreleasedReturnValue(v105);
objc_msgSend(v106, "setAppName:", v104);
objc_release(v106);
objc_release(v104);
objc_release(v102);
v107 = -DFMicroApplicationManager loginOperation;
v108 = (void *)objc_retainAutoreleasedReturnValue(v107);
objc_msgSend(v108, "setParams:", v9);
objc_release(v108);
v109 = -DFMicroApplicationManager loginOperation;
v110 = (void *)objc_retainAutoreleasedReturnValue(v109);
objc_msgSend(v110, "setLaunchMode:", v87);
objc_release(v110);
v22 = 0;
v111 = v472;
LABEL_177:
objc_release(v506);
objc_release(v505);
objc_release(v504);
objc_release(v503);
objc_release(v502);
objc_release(v461);
objc_release(v462);
objc_release(v466);
objc_release(v465);
objc_release(v111);
LABEL_178:
objc_release(v9);
result = objc_release(v8);
if ( __stack_chk_guard == v538 )
result = v22;
return result;
}

Search through the pseudocodeloginKeyword, you can see the entry to log in-[DFMicroApplicationManager loginOperation]So instead of this method returning nil, it’s still forcing you to log in, it doesn’t work.
There’s another key wordshouldHoldLoginAppReplace returns YES, the screen is black
Replace login– This route is blocked
Go back to the login page, print the current VC, and you can see that there are two viewControllers, where the login aluNavigationController is presented, So just call the dismissViewControllerAnimated VC can be logged out


  (lldb) pvc
<DFNavigationController 0x10e841c00>, state: disappeared, view: <UILayoutContainerView 0x119f7ea40> not in the window
   | <ALPLauncherController 0x10e8d0400>, state: disappeared, view: <UILayoutContainerView 0x10d6566c0> not in the window
   |    | <HPHomeWidgetGroup 0x11101e800>, state: disappeared, view: <DTBaseView 0x1142f85b0> not in the window
   |    |    | <HomeCardMainController 0x10e9f5800>, state: disappeared, view: <DTBaseView 0x1219b9b80> not in the window
   |    | <FHRootViewController 0x10e8a6e00>, state: disappeared, view: (view not loaded)
   |    | <O2OIndexViewController 0x10e8efa00>, state: disappeared, view: (view not loaded)
   |    | <APContactRecentViewController 0x10e9b5200>, state: disappeared, view: <DTBaseView 0x121385680> not in the window
   |    | <WWAssetsViewController 0x10e107c00>, state: disappeared, view: (view not loaded)
   + <aluNavigationController 0x10e949e00>, state: appeared, view: <UILayoutContainerView 0x119fc21e0>, presented with: <_UIFullscreenPresentationController 0x114219210>
   |    | <ALULoginNewcomerViewController 0x10e05e800>, state: appeared, view: <UIView 0x110e28f00>
(lldb) 
Copy the code

When I clicked the login button, I dissMiss logged in VC and successfully entered the home page of Alipay
Although entered the home page, but the small program still can not open, network request to send failure

summary

Although I successfully entered the home page of Alipay, the function of small program was still unavailable. I decided to temporarily abandon iOS13. Alipay has made special protection logic for BundleID, and I will study it later.

conclusion

I also debug a lot of apps in my daily work. Basically, automatic anti-debugging tools can be broken. Compared with Alipay, their protection means are still routine operation.
By comparing the protection of wechat and Alipay, we can see that Alipay’s protection means is to cut off debugging from the entrance. Wechat did not protect the debugging entrance, but found that you will seal your login wechat account during debugging.
Both defenses consume a lot of time and energy for the debugger, and the impatient often give up.
There is a long way to go in the opposite direction. Keep up the good work.

preface

About reverse debugging & reverse debugging

Reverse debugging alipay detailed process

Jailbreak & Shell smashing

Prison break

Hit a shell

Debugging shell engineering construction

Reverse debugging detailed steps

iOS12

MONKEYDEV_DEFAUTL_BUNDLEID=YES

summary

iOS13

MONKEYDEV_DEFAUTL_BUNDLEID=YES

MONKEYDEV_DEFAUTL_BUNDLEID=NO

summary

conclusion

Related Posts

IOS – Encapsulate your own slider

Polymorphism in iOS

IOS solves the mystery of RunLoop