Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages

[TOC]

I. Introduction

A while ago into the iOS reverse pit, the whole WeChat robot, but because it is packaged with their own certificate, so only 7 days, then have to re packaged, it is troublesome. Then take the macOS knife.

This article mainly produced a Mac version of the WeChat OS plug-in, realize the function of preventing withdrawal and auto reply message, and familiar with MAC OS plug-in, MAC OS (LAN AI) by reverse analysis similar to iOS, and unlike iOS there are so many tools, so spend more time here, not to explain. Then have time to sort out the iOS reverse analysis process.

  • Basic principles: similar to the iOS injection dynamic library, through the app boot when we call the library, so hook.
  • Plug in GitHub address: WeChatPlugin
  • Demo demo
Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
message anti withdrawal.Gif
Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
auto reply.Gif

Two, installation and use

  • Download WeChatPlugin, the first Build (Command + B), after Run (Command + R) can start WeChat, plug in the injection is completed. (if Error appears, please look down the 3.5 note section)
  • Log on to WeChat, in the menu bar – help to see the message to withdraw and automatic recovery.
Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
menu bar – help.Png
  • Anti withdrawal message: click on the message to prevent the withdrawal or shortcut keys Command + T, you can open, close.
  • Automatic reply: Click to open the automatic reply or shortcut key conmand + K, will automatically set up the window, in the window to enter the keyword and reply to the content, click save. If no key is saved, all messages will be automatically restored
Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
auto reply settings.Png
  • Uninstall the /Applications/WeChat.app/Contents/MacOS directory, delete WeChat and WeChatPlugin.framework, the WeChat_backup can be renamed to WeChat.

Three, plugin production

3.1 create Framework

Using Xcode to create macOS Cocoa Framework.

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
create Cocoa Framework.png

3.2 Edit Scheme…

Edit Scheme, start WeChat in Debug mode.

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
Edit Scheme.png
Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
choose executable.gif

3.3 add Run Script

Add Run Phases in Build Script

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
add run scripe.gif

Script content is as follows

Where app_name is the name of the app to be injected, framework_name` is the name of the plugin.

#! /bin/bash # injected app app_name= "WeChat" # this framework name framework_name= "WeChatPlugin" app_bundle_path= "/Applications/${app_name}.app/Contents/MacOS" app_executable_path= "${app_bundle_path}/${app_name}" app_executable_backup_path= "${app_executable_path}_backup" framework_path= "${app_bundle_path}/${framework_name}.framework" # backup WeChat original executable file if! -f "$app_executable_backup_path" then "CP" $app_executable_path "fi CP -r" $app_executable_backup_path "" ${BUILT_PRODUCTS_DIR}/${framework_name}.framework "${app_bundle_path}./insert_dylib --all-yes" # injection dynamic library ${framework_path}/${framework_name} "" $app_executable_backup_path "" $app_executable_path"

Where insert_dylib comes from GitHub (unlike iOS insert_dylib)

3.4 create main.mm

Create main.mm file, add construction method.

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
main.mm.png

At this point, a run, you can execute the initalize method, and start WeChat.

Therefore, we can be happy here hook!!!

3.5 note

  • If Error, indicating no permissions, please grant permissions to WeChat.
    sudo -R 777 /Applications/WeChat.app Chmod
  • If Error, prompt can not find Framework, first Build.

Four, pleasant hook (in the case of the withdrawal message)

4.1 create NSObject categories

Create a new NSObject class, add a class method + (void) hookWeChat; and execute the method in main.mm. After that, all the hook can be done in the.

#import "WeChat+hook.h" static void __attribute__ ((constructor)) initialize (void) {NSLog ("WeChatPlugin loaded @ mix mix"); [NSObject hook_WeChat];}

4.2 looking for injection points

First, the use of class-dump, dump out of the WeChat header file information. (how to use please turn left iOS reverse – WeChat helloWorld
) because in iOS, WeChat to withdraw function – (void) onRevokeMsg: (ID) arg1; therefore, we search the WeChat method in the first document, finally found in MessageService.h.

4.3 runtime debut

Here is the beginning of the hook, in + (void) hookWeChat; methodExchange.
will MessageService – (void) onRevokeMsg: (ID) arg1; the method is implemented by replacing the NSObject – (void) hook_onRevokeMsg: (ID) MSG method.

(void + hookWeChat) {/ / WeChat withdraw message Method originalMethod = class_getInstanceMethod (objc_getClass ("MessageService"), @selector (onRevokeMsg:)); Method swizzledMethod = class_getInstanceMethod ([self class], @selector (hook_onRevokeMsg:) if (originalMethod); & & swizzledMethod) {method_exchangeImplementations (originalMethod, swizzledMethod);}} - (void hook_onRevokeMsg: (ID) NSLog (MSG) {@ = = = TK-LOG-msg =%@=== ", MSG); self hook_onRevokeMsg:msg];}

4.4 validation

Because it is the use of Xcode, you do not have to reverse the iOS can only be used to debug lldb. Can make a breakpoint in – (void) hook_onRevokeMsg: (ID) MSG, and then withdraw the message to see if it will trigger. The results show that the method is indeed the processing method of WeChat message withdrawal.

4.5 using Hopper Disassembler

Then we in – (void) hook_onRevokeMsg: (ID) MSG can be directly return.
but at this time can not see in the end is the withdrawal of which information. We can change the contents of the user back to intercept a message to withdraw XX: xxxx”.

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
withdrawn.Png

This time we want to use artifact Hopper Disassembler. with hopper Disassembler analysis, analysis – (void) onRevokeMsg: (ID) arg1; implementation. The analysis process is similar to that of iOS, which is not discussed here)
finally gets the main code implementation. (complete code in Engineering)

MessageService *msgService = [[objc_getClass ("MMServiceCenter") defaultCenter] getService:objc_getClass ("MessageService"); MessageData *revokeMsgData = [msgService GetMsgData:session svrId:[newmsgid integerValue]]; MessageData * newMsgData = {MessageData (*msg = [[objc_getClass ("MessageData") alloc] initWithMsgType:0x2710]; [msg setFromUsrName:revokeMsgData.toUsrName]; [msg setToUsrName:revokeMsgData.fromUsrName]; [msg setMsgStatus:4]; [msg setMsgContent: newMsgContent]; [msg setMsgCreateTime:[revokeMsgData msgCreateTime]]; [msg setMesLocalID:[revokeMsgData mesLocalID]] MSG; [msgService AddLocalMsg:session msgData:newMsgData];});

Five, effect

Click on the menu bar – help – open the message to prevent the withdrawal, when a friend to withdraw the message is to be able to see the tips.

Shock! MacOS version of WeChat can actually prevent the withdrawal of such messages
message anti withdrawal.Gif

Six, summary

Finally we got the message with anti withdrawal and automatic reply macOS version of WeChat, although the process is quite simple, but the main goal is to be familiar with the process of how to make the macOS plugin, so you can give macOS app a little increase function.

Because I was just a novice, it is inevitable that there will be some omissions, but also please correct me.
this project is for reference only.

Seven, reference

How to brush the circle of friends on Mac