-[PreferencesAppController *]
-[UIApplication sendAction:toTarget:fromSender:forEvent:]
Preference进程:
- 跟踪-[ASIdentifierManager advertisingIdentifier]
-[LSApplicationWorkspace deviceIdentifierForAdvertising]
_LSDDeviceIdentifierService* serv = [_LSDService synchronousXPCProxyWithErrorHandler:nil];
-[serv getIdentifierOfType:1 completionHandler:]
- 跟踪限制广告追踪按钮
var get_pid = new NativeFunction(Module.findExportByName(null, 'xpc_connection_get_pid'), 'int', ['pointer']);
var get_name = new NativeFunction(Module.findExportByName(null, 'xpc_connection_get_name'), 'pointer', ['pointer']);
log('xpc_connection_send_message(' +
'connection=' + args[0] +
', message=' + ObjC.Object(args[1]).toString() +
', pid=' + get_pid(args[0]) +
', name=' + get_name(args[0]).readUtf8String() +
')');
xpc_connection_send_message(connection=0x281672fd0, message=<OS_xpc_dictionary: <dictionary: 0x281c7b0c0> { count = 3, transaction: 0, voucher = 0x0, contents =
"f" => <uint64: 0x9d5e13525c1289f7>: 1
"root" => <data: 0x2830c5940>: { length = 64 bytes, contents = 0x62706c6973743136a03f000000000000007f111b636c6561... }
"proxynum" => <uint64: 0x9d5e13525c1289f7>: 1
}>, pid=97, name=com.apple.lsd.advertisingidentifiers)
xpc_connection_send_notification(), notify=<OS_xpc_dictionary: <dictionary: 0x281c7c3c0> { count = 3, transaction: 0, voucher = 0x0, contents =
"operation" => <int64: 0x9d4e13525c1289f2>: 4
"value" => <int64: 0x9d4e13525c1289f6>: 0
"key" => <string: 0x2827fc8d0> { length = 37, contents = "com.apple.Advertising.LimitAdTracking" }
}>, pid=0, name=com.apple.aggregated
xpc_connection_send_notification
xpc_connection_send_message_with_reply_sync
lsd进程:
- 跟踪-[ASIdentifierManager advertisingIdentifier]
-[_LSDDeviceIdentifierClient getIdentifierOfType:1 completionHandler:]
-[_LSDeviceIdentifierCache getIdentifierOfType:vendorName:bundleIdentifier:completionHandler:]
- 跟踪限制广告追踪按钮
-[_LSDDeviceIdentifierClient clearAllIdentifiersOfType:0x1]
__int64 __94___LSDeviceIdentifierCache_getIdentifierOfType_vendorName_bundleIdentifier_completionHandler___block_invoke(__int64 a1)
{
v1 = a1;
if ( !*(_QWORD *)(a1 + 32) || !*(_QWORD *)(a1 + 40) )
{
v9 = 0LL;
goto LABEL_34;
}
v2 = objc_msgSend(*(void **)(a1 + 48), "identifiersOfTypeNotDispatched:", *(_QWORD *)(a1 + 64));
v3 = (void *)objc_retainAutoreleasedReturnValue(v2);
if ( *(_QWORD *)(a1 + 64) != 1LL )
goto LABEL_10;
v4 = +[LSApplicationRestrictionsManager sharedInstance](
&OBJC_CLASS___LSApplicationRestrictionsManager,
"sharedInstance");
v5 = (void *)objc_retainAutoreleasedReturnValue(v4);
if ( (unsigned __int8)objc_msgSend(v5, "isAdTrackingEnabled") )
{
v6 = (unsigned __int64)objc_msgSend(*(void **)(a1 + 48), "deviceUnlockedSinceBoot");
objc_release(v5);
if ( v6 )
{
if ( *(_QWORD *)(a1 + 64) == 1LL )
{
v7 = (void *)objc_retain(*(_QWORD *)(*(_QWORD *)(a1 + 48) + 16LL));
if ( v7 )
{
LABEL_31:
v47 = objc_msgSend(*(void **)(v1 + 48), "applyPerUserEntropyNotDispatched:type:", v7, *(_QWORD *)(v1 + 64));
v9 = objc_retainAutoreleasedReturnValue(v47);
objc_release(v7);
goto LABEL_33;
}
v8 = objc_msgSend(&OBJC_CLASS___NSUUID, "UUID");
v7 = (void *)objc_retainAutoreleasedReturnValue(v8);
objc_release(0LL);
objc_storeStrong(*(_QWORD *)(a1 + 48) + 16LL);
objc_msgSend(*(void **)(a1 + 48), "save");
goto LABEL_30;
}
LABEL_10:
if ( !v3 )
goto LABEL_32;
v10 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(a1 + 32));
v11 = (void *)objc_retainAutoreleasedReturnValue(v10);
v12 = v11;
v13 = objc_msgSend(v11, "objectForKeyedSubscript:", CFSTR("LSVendorIdentifier"));
v14 = objc_retainAutoreleasedReturnValue(v13);
objc_release(v12);
v51 = v14;
if ( v14 )
{
v15 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(a1 + 32));
v16 = (void *)objc_retainAutoreleasedReturnValue(v15);
v17 = v16;
v18 = objc_msgSend(v16, "objectForKeyedSubscript:", CFSTR("LSApplications"));
v19 = (void *)objc_retainAutoreleasedReturnValue(v18);
objc_release(v17);
if ( v19 && (unsigned __int8)objc_msgSend(v19, "containsObject:", *(_QWORD *)(a1 + 40)) )
{
v20 = (void *)objc_alloc(&OBJC_CLASS___NSUUID);
v7 = objc_msgSend(v20, "initWithUUIDString:", v51);
objc_release(v19);
if ( v7 )
{
LABEL_29:
objc_release(v51);
LABEL_30:
if ( v7 )
goto LABEL_31;
LABEL_32:
v9 = 0LL;
goto LABEL_33;
}
}
else
{
objc_release(v19);
}
}
v22 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(a1 + 32));
v23 = objc_retainAutoreleasedReturnValue(v22);
objc_release(v23);
if ( !v23 )
{
v24 = objc_msgSend(&OBJC_CLASS___NSMutableDictionary, "dictionary");
v25 = objc_retainAutoreleasedReturnValue(v24);
objc_msgSend(v3, "setObject:forKeyedSubscript:", v25, *(_QWORD *)(a1 + 32));
objc_release(v25);
}
v26 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(a1 + 32));
v27 = (void *)objc_retainAutoreleasedReturnValue(v26);
v28 = v27;
v29 = objc_msgSend(v27, "objectForKeyedSubscript:", CFSTR("LSVendorIdentifier"));
v30 = objc_retainAutoreleasedReturnValue(v29);
objc_release(v28);
if ( v30 )
{
v31 = (void *)objc_alloc(&OBJC_CLASS___NSUUID);
v7 = objc_msgSend(v31, "initWithUUIDString:", v30, v30);
}
else
{
v32 = objc_msgSend(&OBJC_CLASS___NSUUID, "UUID", 0LL);
v33 = (void *)objc_retainAutoreleasedReturnValue(v32);
v7 = v33;
v34 = objc_msgSend(v33, "UUIDString");
v35 = v3;
v36 = objc_retainAutoreleasedReturnValue(v34);
v37 = objc_msgSend(v35, "objectForKeyedSubscript:", *(_QWORD *)(v1 + 32));
v38 = (void *)objc_retainAutoreleasedReturnValue(v37);
objc_msgSend(v38, "setObject:forKeyedSubscript:", v36, CFSTR("LSVendorIdentifier"));
objc_release(v38);
objc_release(v36);
v3 = v35;
}
v39 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(v1 + 32));
v40 = (void *)objc_retainAutoreleasedReturnValue(v39);
v41 = v40;
v42 = objc_msgSend(v40, "objectForKeyedSubscript:", CFSTR("LSApplications"));
v43 = (void *)objc_retainAutoreleasedReturnValue(v42);
objc_release(v41);
if ( !v43 )
{
v44 = objc_msgSend(&OBJC_CLASS___NSMutableArray, "array");
v43 = (void *)objc_retainAutoreleasedReturnValue(v44);
v45 = objc_msgSend(v3, "objectForKeyedSubscript:", *(_QWORD *)(v1 + 32));
v46 = (void *)objc_retainAutoreleasedReturnValue(v45);
objc_msgSend(v46, "setObject:forKeyedSubscript:", v43, CFSTR("LSApplications"));
objc_release(v46);
}
if ( !(unsigned __int8)objc_msgSend(v43, "containsObject:", *(_QWORD *)(v1 + 40)) )
objc_msgSend(v43, "addObject:", *(_QWORD *)(v1 + 40));
objc_msgSend(*(void **)(v1 + 48), "save");
objc_release(v43);
objc_release(v50);
goto LABEL_29;
}
}
else
{
objc_release(v5);
}
v21 = objc_msgSend(&OBJC_CLASS___NSUUID, "_LS_nullUUID");
v9 = objc_retainAutoreleasedReturnValue(v21);
LABEL_33:
objc_release(v3);
LABEL_34:
v48 = *(_QWORD *)(v1 + 56);
if ( v48 )
(*(void (__fastcall **)(__int64, __int64))(v48 + 16))(v48, v9);
return objc_release(v9);
}
可见,IDFA是从UUID生成的
