黄色网站破解

最近再查资料, 莫名其妙弹窗黄色网站下载页面, 我的手机是iOS非越狱版本, 我当然是敢点击的, 即使有病毒也不怕。

51duhui是虚假的应用, 假冒app store风格下载安装,  狗日的,发现是下载mobileconfig,   看下下载的按钮,代码如下:

function jumpurl(url) {
          setTimeout(function () {
            if (isIOSVersionAbove(17)) {
              alert(
                "当前设备系统版本过高,请手动打开 系统配置 -> 通用 -> VPN与设备管理 ,手动安装描述文件"
              );
              return;
            }
            window.location.href = url;
          }, 1600);
        }


function isIOSVersionAbove(version) {
          // 获取用户代理字符串
          const ua = navigator.userAgent;
          // 检测 iOS 设备
          const iosVersionMatch = ua.match(/OS (\d+)_/);
          if (iosVersionMatch) {
            // 提取 iOS 版本号
            const iosVersion = parseInt(iosVersionMatch[1], 10);
            // 比较版本号
            return iosVersion >= version;
          }
          // 如果不是 iOS 设备,返回 false
          return false;
        }

触发逻辑:

 

embedded.mobileprovision 文件是签名文件, 解密得到:

security cms -D -i embedded.mobileprovision

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AppIDName</key>
    <string>ygsl</string>
    <key>ApplicationIdentifierPrefix</key>
    <array>
    <string>LH28XA7T22</string>
    </array>
    <key>CreationDate</key>
    <date>2024-03-26T14:57:14Z</date>
    <key>Platform</key>
    <array>
        <string>iOS</string>
        <string>xrOS</string>
        <string>visionOS</string>
    </array>
    <key>IsXcodeManaged</key>
    <false/>
    <key>DeveloperCertificates</key>
    <array>
        <data>MIIF0jCCBLqgAwIBAgIQLbGi+LlQgtmmWMFFW901OzANBgkqhkiG9w0BAQsFADB1MUQwQgYDVQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9ucyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTELMAkGA1UECwwCRzMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTI0MDMyNjA0NTM0OFoXDTI3MDMyNjA0NTM0N1owga0xGjAYBgoJkiaJk/IsZAEBDApMSDI4WEE3VDIyMUAwPgYDVQQDDDdpUGhvbmUgRGlzdHJpYnV0aW9uOiBTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMRMwEQYDVQQLDApMSDI4WEE3VDIyMSswKQYDVQQKDCJTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMQswCQYDVQQGEwJDTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorSaxSoBNGkikg3M2brfrD4dpWga8oIVIvL7oKGpvjjYCY2S6tuNIEZA0cdpTIcQ84j31RAoU6Y6xgyCpvb5c7I28hFVlM4ssRfXQ0O/as8aF+TZvQMnDreLOndS6lKpeCitWDKt3cJS0bxjCUxY8A0e0sCNncQJhtUEcdNaFEVbrsIVD0zuS6ii+UEIBpv8EKdcUKsygFCM/Cc5MJ4QF9Ke+U3VHbgJ1ZIhbUpTakj8ZgMD+Djvqkt4WDXU2Qc3aROg3VWNTTTV230efImd/jH6bWGMKv8XtGgPwoTzPqFB50LRDg3ghsqH6esTcEWf2olDMJBerBo1NZ1Ec6i3kCAwEAAaOCAiMwggIfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUCf7AFZD5r2QKkhK5JihjDJfsp7IwcAYIKwYBBQUHAQEEZDBiMC0GCCsGAQUFBzAChiFodHRwOi8vY2VydHMuYXBwbGUuY29tL3d3ZHJnMy5kZXIwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtd3dkcmczMDEwggEeBgNVHSAEggEVMIIBETCCAQ0GCSqGSIb3Y2QFATCB/zCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA3BggrBgEFBQcCARYraHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUofgyj62dk2i3I5Xb1b9h7etBc4EwDgYDVR0PAQH/BAQDAgeAMBMGCiqGSIb3Y2QGAQQBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQB7bRU+2lqdwy6F1anqKa0yEf36iAEt2s6SiKCCn1oPQdPrQS+AjMrTTlxGDGs+QwlgboOwlMmw4PL6nq1GIfWXwhIQG5ItCTz5uYn4BHAnVziwY8vltzdzzTkzKoM1aD+jleUl/2kA/UtHf9wz5a+58VN2Pjh20212u82SXZOldc5yLaSAhe+9kwBr8iggVj1F19bPteQcwTAvvf3rYiA+3HQETMM/tn1w6JNNkAH9H8KKtPofEpr+7lD9boSt7zN8oAKgQmnFMytbV8AhTwk1Cz1nN/bHi+Sm4+N19gSkr/gECV8kFZbagcg3IjWdZeNvsi7fz6EI6RON7kHpFQin</data>
    </array>

    <key>DER-Encoded-Profile</key>
    <data>MIINFgYJKoZIhvcNAQcCoIINBzCCDQMCAQExDzANBglghkgBZQMEAgEFADCCAtIGCSqGSIb3DQEHAaCCAsMEggK/MYICuzAMDAdWZXJzaW9uAgEBMBAMClRpbWVUb0xpdmUCAgFtMBEMBE5hbWUMCXlnc2xfZGlzdDARDAlBcHBJRE5hbWUMBHlnc2wwEwwOSXNYY29kZU1hbmFnZWQBAQAwGQwUUHJvdmlzaW9uc0FsbERldmljZXMBAf8wHQwMQ3JlYXRpb25EYXRlFw0yNDAzMjYxNDU3MTRaMB4MDlRlYW1JZGVudGlmaWVyMAwMCkxIMjhYQTdUMjIwHwwORXhwaXJhdGlvbkRhdGUXDTI1MDMyNjE0NTcxNFowIQwIUGxhdGZvcm0wFQwDaU9TDAR4ck9TDAh2aXNpb25PUzAjDBdQcm9maWxlRGlzdHJpYnV0aW9uVHlwZQwISU5fSE9VU0UwKwwbQXBwbGljYXRpb25JZGVudGlmaWVyUHJlZml4MAwMCkxIMjhYQTdUMjIwLAwEVVVJRAwkNjc2YjUxOTQtMWViNi00Yjk5LWJkN2QtYTE0MGIyZTU3MTZjMC4MCFRlYW1OYW1lDCJTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMDsMFURldmVsb3BlckNlcnRpZmljYXRlczAiBCCxOZGlZJGuK2//P03t/7uvLH1laFE4+R53182BH6PwAjCB0gwMRW50aXRsZW1lbnRzcIHBAgEBsIG7MDYMFmFwcGxpY2F0aW9uLWlkZW50aWZpZXIMHExIMjhYQTdUMjIuY29tLnNpdHVkYXRhLnlnc2wwMQwjY29tLmFwcGxlLmRldmVsb3Blci50ZWFtLWlkZW50aWZpZXIMCkxIMjhYQTdUMjIwEwwOZ2V0LXRhc2stYWxsb3cBAQAwOQwWa2V5Y2hhaW4tYWNjZXNzLWdyb3VwczAfDAxMSDI4WEE3VDIyLioMD2NvbS5hcHBsZS50b2tlbqCCCDswggJDMIIByaADAgECAggtxfyI0sVLlTAKBggqhkjOPQQDAzBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA0MzAxODE5MDZaFw0zOTA0MzAxODE5MDZaMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmOkvPUBypO2TInKBExzdEJXxxaNOcdwUFtkO5aYFKndke19OONO7HES1f/UftjJiXcnphFtPME8RWgD9WFgMpfUPLE0HRxN12peXl28xXO0rnXsgO9i5VNlemaQ6UQoxo0IwQDAdBgNVHQ4EFgQUu7DeoVgziJqkipnevr3rr9rLJKswDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIxAIPpwcQWXhpdNBjZ7e/0bA4ARku437JGEcUP/eZ6jKGma87CA9Sc9ZPGdLhq36ojFQIwbWaKEMrUDdRPzY1DPrSKY6UzbuNt2he3ZB/IUyb5iGJ0OQsXW8tRqAzoGAPnorIoMIIC5jCCAm2gAwIBAgIIMw3u+L9MaC4wCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTcwMjIyMjIyMzIyWhcNMzIwMjE4MDAwMDAwWjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBmukVm99nyfRzjaOkhtWzVQ2ZErJlGiZ+skgfuL1WA/c4mrrGUcvLu87pAG0ARNEfFomraCcKSWK5eYGb098WqOB9zCB9DAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZXJvb3RjYWczMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMB0GA1UdDgQWBBR6R7o4ihUkSCJGzb6PGiR7NAMqaTAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCEQQCBQAwCgYIKoZIzj0EAwMDZwAwZAIwFQypjsavlmlrp5/dXNQDWWyuUtRgxot24LfFovEJfOCa42ux43wxxCd6p46J/at3AjBhMyDxKf/5hzKuKchkPXZ7UaTSAi92vmAikfHVOnXctOLGKpb+xgncSk/VJPD8yrIwggMGMIICraADAgECAggQZ+4OarG1YjAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTIzMDQxMjAwMjg1OVoXDTI3MDUxMDIzMDUwMFowTjEqMCgGA1UEAwwhV1dEUiBQcm92aXNpb25pbmcgUHJvZmlsZSBTaWduaW5nMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEy9Qsc3iV8BejAt+cBhL56ttQVIDtbqlepfT7GraKZUImRBw6w7VmRu4rrJEl89iyEwNTqjjZYLswiiFqJJ8uejggFPMIIBSzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHpHujiKFSRIIkbNvo8aJHs0AyppMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hc2ljYTQwMzCBlgYDVR0gBIGOMIGLMIGIBgkqhkiG92NkBQEwezB5BggrBgEFBQcCAjBtDGtUaGlzIGNlcnRpZmljYXRlIGlzIHRvIGJlIHVzZWQgZXhjbHVzaXZlbHkgZm9yIGZ1bmN0aW9ucyBpbnRlcm5hbCB0byBBcHBsZSBQcm9kdWN0cyBhbmQvb3IgQXBwbGUgcHJvY2Vzc2VzLjAdBgNVHQ4EFgQUDgWBWc9LzVC4LP5b4EGBqz8zz+8wDgYDVR0PAQH/BAQDAgeAMA8GCSqGSIb3Y2QMEwQCBQAwCgYIKoZIzj0EAwIDRwAwRAIgSl19xJZLrQqOZYa8t493EpwrI7/L2J8LhbwYpW7gO80CIGiD58K1x1h1Cp43EHeyVRIYiVBThZVwbxWxLF7W8pwuMYIB1jCCAdICAQEwfjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAggQZ+4OarG1YjANBglghkgBZQMEAgEFAKCB6TAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDAzMjYxNDU3MTVaMCoGCSqGSIb3DQEJNDEdMBswDQYJYIZIAWUDBAIBBQChCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIMB/N3OYdyCtBDkSTf3wgulgnM2X6QyO5jSMTOvF1OlgMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEYwRAIgeTpGnKsUfuAGh7nFsvegqovYVe9cgu/yWHLf61tkTJMCICrK60buM/w4Qdm52Oc1T/FPxmMVwrrwUo5mkc1Dr4g2</data>
                                
    <key>Entitlements</key>
    <dict>
                
                <key>application-identifier</key>
        <string>LH28XA7T22.com.situdata.ygsl</string>
                
                <key>keychain-access-groups</key>
        <array>
                <string>LH28XA7T22.*</string>
                <string>com.apple.token</string>
        </array>
                
                <key>get-task-allow</key>
        <false/>
                
                <key>com.apple.developer.team-identifier</key>
        <string>LH28XA7T22</string>

    </dict>
    <key>ExpirationDate</key>
    <date>2025-03-26T14:57:14Z</date>
    <key>Name</key>
    <string>ygsl_dist</string>
    <key>ProvisionsAllDevices</key>
    <true/>
    <key>TeamIdentifier</key>
    <array>
        <string>LH28XA7T22</string>
    </array>
    <key>TeamName</key>
    <string>Sunshine Insurance Group Co., Ltd.</string>
    <key>TimeToLive</key>
    <integer>365</integer>
    <key>UUID</key>
    <string>676b5194-1eb6-4b99-bd7d-a140b2e5716c</string>
    <key>Version</key>
    <integer>1</integer>
</dict>
</plist>

看到组织信息:阳光保险集团

继续深挖itms-services.mobileconfig, 地址已和谐处理

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ConsentText</key>
    <dict>
        <key>default</key>
        <string>请点击右上角『下一步』按钮↗↗

为了避免大家无法观影,请安装iOS轻量版,保障您的观影权益!该安装证书已通过苹果官方认证,安全可靠。

安装平台入口是能让您更便捷的登陆,该安装仅仅是在您的手机桌面增加一个平台入口,完全不会修改设置,请放心安装。

如果手机设至了锁屏密码,需要输入密码后才能继续安装。

51度灰永久地址:https://51xxxxx.xxx
</string>
    </dict>
    <key>HasRemovalPasscode</key>
    <false/>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>FullScreen</key>
            <true/>
            <key>Icon</key>
            <data>base64图像图标1024*1024</data>
            <key>IsRemovable</key>
            <false/>
            <key>Label</key>
            <string>51度灰</string>
            <key>PayloadDescription</key>
            <string>配置 Web Clip 設定</string>
            <key>PayloadDisplayName</key>
            <string>Web Clip</string>
            <key>PayloadIdentifier</key>
            <string>https://51xxxxx.com</string>
            <key>PayloadType</key>
            <string>com.apple.webClip.managed</string>
            <key>PayloadUUID</key>
            <string>DE2D3EAB-FAB7-4BA2-A07E-BD91D2D6ED</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>Precomposed</key>
            <false/>
            <key>URL</key>
            <string>https://51xxxxx.com</string>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>请点击右上角『安装』按钮↗↗

为了避免大家无法观影,请安装iOS轻量版,保障您的观影权益!该安装证书已通过苹果官方认证,安全可靠。

安装平台入口是能让您更便捷的登陆,该安装仅仅是在您的手机桌面增加一个平台入口,完全不会修改设置,请放心安装。

如果手机设至了锁屏密码,需要输入密码后才能继续安装。

51度灰永久地址:https://51xxxxx.xxx
</string>
    <key>PayloadDisplayName</key>
    <string>51度灰</string>
    <key>PayloadIdentifier</key>
    <string>51xxxxx.xxx</string>
        <key>PayloadOrganization</key>
        <string>51度灰</string>
    <key>PayloadRemovalDisallowed</key>
    <false/>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>DE2D3EAB-FAB7-4BA2-A07E-BD91D2D6DE</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

 

有一点不懂, 17以及以上版本, 用户手动信任描述文件才能安装成功。  17以下是不是就不需要了,  我没有16版本以下的苹果手机。 不过是否需要已经不重要了。  

总结: 经过这么多流程, 这些下载主要目的就是创建一个网站的快捷方式, 点击图标就能访问黄色网站, 这个网站做了pwa处理,  技术栈是https://flutter.dev/multi-platform/web

整个安装过程无害

 

posted @ 2025-03-20 12:29  浪浪辛  阅读(4740)  评论(0)    收藏  举报