Inspired by the

Before I saw an article to make your wechat no longer be withdrawn, so I was inspired, let QQ also not be withdrawn.

Please note: This practice only works on jailbroken devices

start

The preparatory work

Environment: macOS 10.12 / Hooper/class-dump/cracked Q.IPA

Yes, it’s that simple. Among them, the QQ. Ipa has been smashed shell can be downloaded directly to a variety of jailbreak software.

The experiment began

According to the convention, otool first to see if it is decrypted, but in jailbreak software is definitely decrypted.

otool -l /Users/TsuiYuenHong/Downloads/PP\ \\ \Download/Apply /QQ-6.5.8\ \\ \(Jailbreak app\ \\ \)/Payload/QQ.app/QQ | grep cryptCopy the code




otool

Then, use class-dump to see what information is available

class-dump -H /Users/TsuiYuenHong/Downloads/PP \ \ \ \ download/ / applicationQQ-6.5.8\\\\(Jailbreak app \\\\)/Payload/QQ.app -o qqCopy the code




class-dump

This is where visual estimation comes in, haha, simple and crude. Revoke/recall/withdraw, (⊙ V ⊙) Better luck this time, though, and trying Recall yielded potentially useful information.





recallmodule

A class named QQMessageRecallModule was found in the header file.

I also found a way to handle withdrawal notices

- (void)handleRecallNotify:(struct RecallModel *)arg1 isOnline:(BOOL)arg2;Copy the code

So let’s go straight to that.

Drop the QQ executable into hooper and search for handleRecallNotify.





hooper

The return value is void, so I’m just going to be blunt again and just return at the beginning of the function. Then use Hooper to regenerate the executable file, replacing the original QQ executable file.

Then, put qq. app in the payload folder, compress and rename it qq. ipa, and install it on the jailbroken device.

I didn’t have an iPhone jailbreak, so I left it on my iPad.

The message was sent from an iPhone and was withdrawn one minute later.





iphone

This is my modified version running on iPad, you can see the information that was withdrawn before is still there.





iPad

Afterword.

In fact, this process is not as simple as this article. During this period, I also tried to make mistakes, such as trying to find a way to withdraw the iPad so that I can not withdraw, HHHHH.

As for why it can’t run on non-jailbroken devices, I also tried, but QQ will detect the signature problem, so when I re-sign, it will prompt me that the signature has been modified, and it can’t run normally. Still trying…