CN107391171B

CN107391171B - Method for solving iOS thermal repair problem and user terminal

Info

Publication number: CN107391171B
Application number: CN201710448247.3A
Authority: CN
Inventors: 陈强; 陈显财
Original assignee: Guangdong Wangjin Holdings Co ltd
Current assignee: Guangdong Wangjin Holdings Co ltd
Priority date: 2017-06-14
Filing date: 2017-06-14
Publication date: 2020-06-09
Anticipated expiration: 2037-06-14
Also published as: CN107391171A

Abstract

The invention discloses a method for solving the problem of iOS thermal repair and a user terminal, wherein on one hand, the method avoids a respondToSelector method and a performSelector method, and on the other hand, the method for inquiring whether the method of Objective-C class exists or not is also realized by using a class _ getInstancemethod and a class _ getClassMethod in a runtime Library, and the message redirection is realized by using NSinvocation and forwarddInvocation, so that the forwarding and calling of the message are also realized. The invention enables the product with the thermal repair function to smoothly pass the strict audit of apple companies by improving the problem of sensitive functions existing in the prior open source technology.

Description

Method for solving iOS thermal repair problem and user terminal

Technical Field

The invention relates to the field of IOS software development, in particular to the field of thermal restoration function development.

Background

Thermal remediation, as a technical means for rapidly solving the problem of the online abnormality of the IT product, is important for mobile applications, particularly on the iOS platform, because the auditing period of apple is generally long, if a new version is released to repair the abnormal problem of the previous version, a long period is needed, thereby causing abnormal diffusion, not only affecting the normal use of App functions, but also more seriously impairing the reputation of the product and the user experience, causing user loss, whereas in open-source solutions, there are also many open source technologies for iOS platforms to implement hot fix functionality, such as the popular JSPatch, Weex, RN, etc., however, in about 3/8/2017, apple companies provide strict warnings for products using the hot repair functions, and even more products using the hot repair functions are off-shelf, and thus, large companies such as Tencent have related product reviews and are rejected.

One in the industry is panic, each product stops the new product on shelf immediately to adopt the above named thermal restoration technology, and meanwhile, strict check is carried out on whether the third-party library is added with the thermal restoration capability. The main reason why these technologies are warned by apples and even rejected by audits is safety issues. On one hand, the method does not comply with the regulations of apple company, and calls several methods such as dlopen (), dlsym (), respondToSelector, performSelectors, method _ exchange implentifications () and the like which are sensitive functions forbidden by apple to use in an application store.

On the other hand, in the process of using the dynamic thermal restoration, no technical guarantee in the aspect of safety is provided, so that the hot restored codes are easily tampered by lawbreakers through a man-in-the-middle attack means, malicious codes are issued, a serious potential safety hazard is formed, and the apple ecosystem is damaged.

Disclosure of Invention

In order to overcome the defects of the prior art, one of the objectives of the present invention is to provide a method for solving the problem of iOS thermal restoration, which solves and improves the problem of sensitive function and the problem of thermal restoration safety existing in the current open source technology, so that the product with the thermal restoration function can smoothly pass the strict audit of apple corporation.

The second purpose of the present invention is to provide a user terminal, which solves and improves the problem of sensitive function and the problem of thermal restoration security existing in the existing open source technology, so that the product with the thermal restoration function can smoothly pass the strict audit of apple companies.

In order to achieve one of the above purposes, the technical scheme adopted by the invention is as follows:

a method of solving an iOS thermal remediation problem, comprising the steps of:

s101, analyzing a hot repair JavaScript in a memory to generate a hot repair analysis script;

s201, loading a hot repair analysis script through JavaScript core, and calling back the information of Objective-C quoted in the hot repair analysis script to the Objective-C by using a closure;

s301, judging whether the object-C has a class corresponding to the class name in the information by an NSClassFromString method, if so, executing a step S401, otherwise, dynamically creating a corresponding class in the object-C, and executing the step S401;

s401, replacing and caching a class in Objective-C corresponding to the class name in the information and a message redirection method forwardInvocation of a parent class of the class;

s501, judging whether a method corresponding to the method name in the information exists in Objective-C through a class _ getInstanceMethod method and a class _ getClassMethod method in a runtime Library, if so, executing the step S601, and if not, executing the step S701;

s601, replacing the implementation of the method in Objective-C corresponding to the method name in the information by the implementation of message forwarding through a class _ replaceMethod method in the runtime Library;

s701, adding message forwarding in an Objective-C method corresponding to the method name in the information through a class _ addMethod method in a runtime Library;

s801, executing a hot repair message forwarding process.

Preferably, in step S801, the message forwarding process of the hot fix includes two cases, and when the implementation of the method is in Objective-C, the first case is executed, and includes the following steps:

the information to be called is called back to Objective-C by the hot repair JavaScript through a closure;

acquiring an NSMethodSignature instance through runtime Library in an Objective-C, and combining information to be called returned by the closure to construct an NSInvitation instance;

executing an invoke method in the NSinvocation example in Objective-C to forward the message;

when the JavaScript script adds a new method to the class of Objective-C and executes to the new method, a second case is executed, which comprises the following steps:

calling a message redirection method forwardInvocation in Objective-C;

acquiring parameters corresponding to method calls in the JavaScript script through an NSinvocation instance in object-C;

calling callwithartuguerungs method and transmitting parameters through JSVValue instance provided by JavaScript core in Objective-C to realize calling corresponding method in JavaScript script and returning result.

Preferably, before step S101, the method further includes a step of issuing a hot repair file:

s001, acquiring an encrypted thermal restoration file from a server side;

s002, decrypting the encrypted MD5 digital signature in the encrypted thermal repair file to obtain an MD5 digital signature;

s003, comparing the value of the MD5 digital signature with the MD5 value obtained by calculating the obtained encrypted thermal repair file, if the value of the MD5 digital signature is the same as the MD5 value, executing the step S004, and if the value of the MD5 digital signature is not the same as the MD5 value, ending the process;

and S004, decrypting the encrypted hot repair file and loading the decrypted hot repair file into a memory to generate a hot repair JavaScript script.

Preferably, in the server, encrypting the hot repair file by using an XXTEA algorithm to generate the encrypted hot repair file, and encrypting an XXTEA decryption key by using an RSA private key;

in step S004, the XXTEA decryption key is decrypted by the RSA public key to obtain an XXTEA key, and the encrypted hot fix file is decrypted by the XXTEA key.

Preferably, in the server side, the MD5 digital signature is generated by calculating the MD5 value of the encrypted thermal repair file, and the MD5 digital signature is encrypted by an RSA private key to obtain the encrypted MD5 digital signature;

in step S002, the encrypted MD5 digital signature is decrypted by the RSA public key.

In order to achieve the second purpose, the technical scheme adopted by the invention is as follows:

a user terminal, comprising:

a memory for storing program instructions;

a processor for executing the program instructions to perform the steps of:

s801, executing a hot repair message forwarding process.

calling a message redirection method forwardInvocation in Objective-C;

s001, acquiring an encrypted thermal restoration file from a server side;

Compared with the prior art, the invention has the beneficial effects that:

the method is technically improved aiming at two problems in the existing iOS system thermal restoration technology, and firstly, the problem that auditing is rejected due to the fact that auditing provisions of apple companies are not complied with in the auditing process is solved by avoiding sensitive functions mentioned by apples and adopting a regular technical scheme. And secondly, the situation that the hot repair is likely to encounter man-in-the-middle attack in the use process is solved by adopting a more safe and complex encryption technology.

Drawings

FIG. 1 is a flowchart illustrating a method for solving the iOS thermal remediation problem according to a first embodiment of the present invention;

FIG. 2 is a schematic diagram of message forwarding for Objective-C according to a first embodiment of the present invention;

fig. 3 is a structural diagram of a user terminal according to a second embodiment of the present invention.

Detailed Description

The invention will be further described with reference to the accompanying drawings and the detailed description below:

the first embodiment is as follows:

referring to fig. 1, the present invention provides a method for solving the problem of iOS thermal remediation, comprising the steps of:

s001, acquiring an encrypted thermal restoration file from a server side;

s004, decrypting the encrypted hot repair file and loading the decrypted hot repair file into a memory to generate a hot repair JavaScript script;

s801, executing a hot repair message forwarding process.

In step S801, the message forwarding process of the hot fix includes two cases, and when the implementation of the method is in Objective-C, the first case is executed, which includes the following steps:

calling a message redirection method forwardInvocation in Objective-C;

Further, in the server side, encrypting the hot repair file through an XXTEA algorithm to generate the encrypted hot repair file, and encrypting an XXTEA decryption key through an RSA private key;

In a server side, generating the MD5 digital signature by calculating the MD5 value of the encrypted thermal repair file, and encrypting the MD5 digital signature by an RSA private key to obtain the encrypted MD5 digital signature;

The method of the present invention will be described in further detail below.

In one aspect, steps S001-S004 solve the thermal remediation safety issue. The hot repair function can not only repair the abnormal problem of the online App quickly, but also issue various codes, and if the hot repair function is utilized by lawless persons, serious safety problems can be caused to products and users.

After XXTEA encryption is carried out on the hot repair file codes, the server side calculates MD5 as a digital signature and issues the digital signature after the digital signature is encrypted by a private key, and the signature cannot be modified because the private key is secret; meanwhile, the hot repair file encrypted by the XXTEA is also kept secret, and an XXTEA encryption key is also encrypted by a private key and cannot be modified. Thus, man-in-the-middle attacks are avoided, because any one of the three contents is modified, which can cause the hot-fix file code to be incapable of being decrypted normally.

On the other hand, steps S101-S801 solve the problem that two sensitive methods result in failure to mount. One is a respondtoselect method, which is mainly used for judging whether a certain class responds to incoming calls or not when the iOS system is dynamically operated, and if YES, YES is returned, and if NO, NO is returned. Taking JSPatch as an example, the method is mainly used for judging whether a class method issued in a JS script of a hot repair file is a method in which an Objective-C class already exists or not, if yes, covering the method, and if not, adding the newly added method in the script to the class through a runtime mechanism of Objective-C, so that the apple shop cannot be normally put on shelf by using the sensitive method. The other method is a performSelector method, the method is mainly used for calling the message by the message initiating object when the iOS system is in dynamic operation, and if the message initiating object cannot respond to the message method, the system throws an abnormal condition. In the hot repair, the script can call the corresponding method of Objective-C in the dynamic loading process through the method. Similarly, apples put the method into a sensitive method on the aspect of heat repair technology, so that the method has great technical risks in the auditing process.

The details of steps S101-S801 are as follows:

the JavaScript script is analyzed, and formatting replacement of an object-C (OC, iOS development language for short) method is carried out, wherein the purpose of the formatting replacement is to enable OC method call in the JavaScript (JS, scripting language for short) script to be convenient to extract the class, method name and parameter of the function through analysis of the JS character string.

The JSCore provides for creating JS methods through context instances, and can return parameters to the OC environment when the JS methods are called through block closures (entities in the OC that are a combination of functions and their associated reference environments). By means of the preset JS method, the methods are called in the hot repair script, so that the process of returning information such as the class name, the method name and the parameter value of the OC quoted in the script to the OC can be achieved, and the process of calling back the OC environment by the JS script is achieved. Meanwhile, the method of closure also provides a way for JS to call OC method.

After the information used by the script is transmitted back to the OC environment, how to call the corresponding class method of the OC environment through the class names, method names and parameters is processed next. Firstly, whether a class corresponding to a class name exists in an OC environment is judged by an NSClassFromString (class C language method), the class name is transmitted to the NSClassFromString, if the class name exists, the class is returned, and if the class name does not exist, the class is returned. If not, a new class is dynamically created and registered in an inherited manner by the name of the given parent class (also called superclass, generation of a new class requires inheritance of a superclass) (the name of the parent class in the script specifies that it must be a class already present in the OC environment).

In the case where a class has been dynamically created or exists, the message redirection method forwardlnlocation of the class and its parent class is replaced and cached. The purpose of the replacement redirection method is to make the OC to be replaced in the JS and the JS new method can forward the message through a message forwarding mechanism.

After the forwarddlnvocation is processed, the method of the OC and the newly added method used in the JS need to be judged, here, the methods class _ getInstanceMethod and class _ getclassmamethodd in the runtime Library are used to judge whether the method implementation exists, both the class _ getInstanceMethod and the class _ getclassmamethodd need to be introduced as parameters, if the method is implemented, the returned result is not empty, and if the method is not implemented, the returned result is empty. The two methods are different in that the former is an example method for judging the OC class, and the latter is a class method for judging the OC class.

It should be noted that the OC is executed by message forwarding, and in a normal case, the message forwarding mechanism performs the lookup of the method implementation IMP (the pointer for the specific implementation corresponding to the OC method) in the first step, and accesses the execution method once the method implementation IMP is found, without performing the next message forwarding. However, if the method implementation is directly changed into the implementation of message forwarding, which is an IMP type function pointer, and is used for message forwarding, when a message is sent to an object but it is not implemented, the' objc _ msgForward will try to do message forwarding, then when this method of this class is called, the method implementation of IMP query is not performed, but the message forwarding is directly performed, a message redirection method forwardInvocation is called, and an instance of type nsaction (which is a class of iOS message passing and method calling) is returned, and the object, method name, parameters and return values to which the method belongs are stored in the instance.

Through the judgment, whether a class method exists or not is known, then class method replacement and addition are carried out through a class _ replaceMethod method and a class _ addMethod, the original class method is replaced by unified message forwarding realization _ obj _ msgForward, and the added method is also realized as _ obj _ msgForward, so that the OC method and the newly added method for JS repair can not directly search a method to realize IMP, but uniformly jump to a message forwarding function forwardvolocation and return to an NSInvitation instance.

Steps S101-S701 complete the loading process of the thermal repair script, which is followed by the execution process of the thermal repair script, and perform message forwarding. The execution process of the hot fix script has two cases, one is that the JS is transmitted to the method of the instance or class of the OC calling OC through the closure, and the case is that the implementation code of the method is in the OC. And the other method is that the OC calls the newly added method in the JS, and the hot repair script adds a method of an OC class or adds a new class and method.

In the first case, JS calls back information such as an instance, a method, and parameters of a class to be called in an OC environment through a closure, then OC takes the information, constructs an information forwarding NSInvocation instance by acquiring a method signature NSMethodSignature (the class is a parameter of an algorithm, and the type is similar to encapsulation of a return and realizes information forwarding in cooperation with NSInvocation), combines the information returned by the closure to construct an information forwarding NSInvocation instance, then executes a method invoke of the instance, and the OC environment automatically forwards the information according to a message forwarding mechanism of a system, so as to realize the calling of the OC method.

The second case is the implementation of OC calling JS, and after a new method is added to the OC class by hot repair, the implementation is actually realized through JS codes, so when the new method is executed in the code calling in JS, since the implementation of the method in the previous step is replaced by the implementation of message forwarding, the forwardlnvo location method for message redirection is entered. At this time, the JS method can be analyzed by the nsancation instance, and then callwithartuguments (a function of the JS method is executed by the OC) provided by the JSCore is used, so that the JSValue instance of the JS method (a class encapsulating JS in the OC) calls the callwithartuments and transmits parameters, and then the OC callback JC method can be realized and a result is returned.

Through the above steps, a method of querying whether a method of an Objective-C class exists is also implemented by using a class _ getInstancemethod and a class _ getClassMethod in a runtime Library, without using a respondToSelector method. The method does not use performSelector, mainly uses NSInvitation and forwardInvocation to realize the redirection of the message, and also realizes the forwarding and calling of the message.

The message forwarding principle of the OC is shown in fig. 2, and the message forwarding process is described as follows:

1) dynamic method analysis

A message is sent to the current class, whether the method is dynamically added to the class is checked, if YES is returned, the system considers the method to be added and the message is sent again.

2) Fast message forwarding

And checking whether the current class realizes the forwardingTargetForSelector, if so, calling, and if the method returns an object with a value of non-nil or non-self, resending the message to the returned object.

3) Conventional message forwarding

The Runtime sends a method SignatureForSelector to obtain the signature of the method corresponding to the selector, if the method signature returns, the method signature creates NSInvitation describing the message according to the method signature, and sends a forwarddInvocation message to the current object, if no method signature returns, namely the return value is nil, then sends a dossNotrecogniteSelector to the current object, and the application crashes out.

Based on the principle of message forwarding, when a script is loaded, a message redirection method forwarddigest of a class referred in the script is hooked, and then a corresponding method of an Objective-C class referred in the script is replaced or added through a class _ replayed method and a class _ addMethod of a runtimeLibrary. When the script method is called, the method signature NSMethodSignature is acquired through the runtime Library, then the method signature is used for constructing an NSInvitation instance variable, the variable is used for executing message redirection, and the forwarding of the conventional message is completed. The entire message forwarding process avoids the direct use of the performSelector method.

Example two:

as shown in fig. 3, the present invention provides a user terminal, including:

a memory for storing program instructions;

a processor for executing the program instructions to perform the steps of:

s801, executing a hot repair message forwarding process.

calling a message redirection method forwardInvocation in Objective-C;

s001, acquiring an encrypted thermal restoration file from a server side;

Various other modifications and changes may be made by those skilled in the art based on the above-described technical solutions and concepts, and all such modifications and changes should fall within the scope of the claims of the present invention.

Claims

1. A method of solving an iOS thermal remediation problem, comprising the steps of:

s801, executing a message forwarding process of hot repair, wherein when the method is implemented in Objective-C, executing a first condition, and the method comprises the following steps:

calling a message redirection method forwardInvocation in Objective-C;

2. The method for solving the problem of iOS thermal remediation of claim 1 further comprising, prior to step S101, the step of issuing a thermal remediation file:

s001, acquiring an encrypted thermal restoration file from a server side;

3. The method for solving the problem of iOS hot repair as claimed in claim 2, characterized in that in the server side, the encrypted hot repair file is generated by encrypting the hot repair file by the XXTEA algorithm and encrypting the XXTEA decryption key by the RSA private key;

4. The method for solving the problem of iOS thermal repair according to claim 2, wherein in the server side, the MD5 digital signature is generated by calculating the MD5 value of the encrypted thermal repair file, and the MD5 digital signature is encrypted by RSA private key to obtain the encrypted MD5 digital signature;

5. A user terminal, comprising:

a memory for storing program instructions;

a processor for executing the program instructions to perform the steps of:

calling a message redirection method forwardInvocation in Objective-C;

6. The ue of claim 5, wherein before step S101, the ue further comprises a step of issuing a hot repair file:

s001, acquiring an encrypted thermal restoration file from a server side;

7. The user terminal according to claim 6, wherein in the server side, the hot repair file is encrypted by an XXTEA algorithm to generate the encrypted hot repair file, and an XXTEA decryption key is encrypted by an RSA private key;

8. The user terminal according to claim 6, wherein in the server side, the MD5 digital signature is generated by calculating the MD5 value of the encrypted thermal repair file, and the MD5 digital signature is encrypted by RSA private key to obtain the encrypted MD5 digital signature;