Scribd Logo
Upload

Welcome to Scribd!

  • XCodeGhost详细分析报告 PDF

    Uploaded by

    owen000902
    16 views9 pages
    XCodeGhost详细分析报告

    Original Title

    XCodeGhost详细分析报告-.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    XCodeGhost详细分析报告

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views9 pages

    XCodeGhost详细分析报告 PDF

    Uploaded by

    owen000902
    XCodeGhost详细分析报告

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    XCodeGhost

    XCodeGhost
    gjden
    : CoreServices
    : 268020
    MD5: 4FA1B08FD7331CD36A8FC3302E85E2BC
    SHA1: F2961EDA0A224C955FE8040340AD76BA55909AD5
    C&C: init.icloud-analysis.com
    XCodeGhost
    IOS XCode
    APP
    APP AppStroe APP XCodeGhost
    IOS

    APP
    2
    APP
    XCodeGhost
    XCodeGhost APP
    APP
    url APP
    (openURL)
    XCodeGhost XCodeGhost
    XCode
    app

    APP openURL

    1 APP APP
    app

    2
    3
    URL ( openURL) APP

    4 APPStore APP
    5

    APP

    1 APP
    APP window makeKeyAndVisible

    APP 6.0
    APP APP ( SKStorePr
    oductViewController IOS6.0 )

    6.0 36000000 (417


    ) CheckNSNotificationCenter

    UIApplicationDidBecomeActiveNotification

    UIApplicationWillResignActiveNotification

    UIApplicationDidEnterBackgroundNotification

    UIApplicationWillTerminateNotification

    3
    1.
    APP

    standardUserDefaults "SystemReserved"

    APP Run Run

    Connection

    app
    app

    APP APP
    launchsuspendrunningterminateresignActiveAlertView

    APP

    JSON DES HTTP POST


    DES

    HTPP DES
    url
    4

    IDA Response

    APP
    DES JSON

    key

    sleep

    showDelay

    alertHeader

    alertBody

    appID

    appID

    cancelTitle

    confirmTitle

    configUrl

    URL

    scheme

    scheme canOpenURL

    APP
    APPID APP
    JSON
    1. alertHeaderalertBodyappIDcancelTitleconfirmTitle scheme
    canOpenURL scheme APP

    alertHeaderalertBodyappIDcancelTitle
    confirmTitle
    : launchsuspendrunningterminate
    resignActiveAlertView
    () APP.

    2. configUrl scheme secheme ( APP


    URL ) URL

    URL openURL URL APP


    APP

    3. APPID scheme
    AppStore

    SKStoreProductViewController APP APPID APP.

    XCodeGhost
    APP
    DES
    url

    You might also like