网页资讯视频图片知道文库贴吧地图采购
进入贴吧全吧搜索
胡叔叔吧 关注:12贴子:210
  • 4回复贴,共1

高手教你扒下太极助手的伪装

只看楼主收藏回复


“iOS 7 越狱来了!咦?里面怎么还有一个太极助手?”
昨晚到今天,“太极”成为了国外越狱社区,以及国内社交网络上的热门话题。evasi0n 还特意针对这一情况发布了声明。正如王崇旭所说,“这一天,对以‘追求自由’‘打破桎梏’为核心价值观的越狱黑客们来说,注定是不光彩的。”
本文一步一步还原“太极”背后的支持者。由于是在 Linux 环境下用终端命令查询,因此如果打算亲自尝试,请先检查一下自己的操作系统是否 Linux。
IP属地:湖北1楼2013-12-23 13:02回复
    第一步,用 Whois 命令查询域名信息。
    $ whois taig.com
    Domain Name: TAIG.COM
    Registry Domain ID: 5070333_DOMAIN_COM-VRSN
    Registrar WHOIS Server: whois.godaddy.com
    Registrar URL: http://www.godaddy.com
    Update Date: 2013-11-05 18:27:16
    Creation Date: 1999-04-06 23:00:00
    Registrar Registration Expiration Date: 2015-04-06 23:00:00
    Registrar: GoDaddy.com, LLC
    Registrar IANA ID: 146
    Registrar Abuse Contact Email: abuse@godaddy.com
    Registrar Abuse Contact Phone: +1.480-624-2505
    Domain Status: clientTransferProhibited
    Domain Status: clientUpdateProhibited
    Domain Status: clientRenewProhibited
    Domain Status: clientDeleteProhibited
    Registry Registrant ID:
    Registrant Name: zhou shengjin
    Registrant Organization:
    Registrant Street: Beijing changping district changping road
    Registrant City: Beijing
    Registrant State/Province: beijing
    Registrant Postal Code: 100096
    Registrant Country: China
    Registrant Phone: +1.8811225068
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email: nomas.chow@gmail.com
    Registry Admin ID:
    Admin Name: zhou shengjin
    Admin Organization:
    Admin Street: Beijing changping district changping road
    Admin City: Beijing
    Admin State/Province: beijing
    Admin Postal Code: 100096
    Admin Country: China
    Admin Phone: +1.8811225068
    Admin Phone Ext:
    Admin Fax:
    Admin Fax Ext:
    Admin Email: nomas.chow@gmail.com
    Registry Tech ID:
    Tech Name: zhou shengjin
    Tech Organization:
    Tech Street: Beijing changping district changping road
    Tech City: Beijing
    Tech State/Province: beijing
    Tech Postal Code: 100096
    Tech Country: China
    Tech Phone: +1.8811225068
    Tech Phone Ext:
    Tech Fax:
    Tech Fax Ext:
    Tech Email: nomas.chow@gmail.com
    Name Server: NS3.DNSV4.COM
    Name Server: NS4.DNSV4.COM
    从以上信息可看出, taig.com 是一个 1999 年就注册的域名。这个域名里的联系电话, +1.8811225068 应为 +86-18811225068。这是我们的线索之一。地址“北京市昌平区昌平路”与手机号码归属地北京相匹配。 Email 地址则是另一个有效的线索。
    IP属地:湖北2楼2013-12-23 13:03
    回复
      第二步,用 host 命令解析 www.taig.com,得到与该命令相关联的 IP 地址和 DNS 地址。
      $ host www.taig.com
      www.taig.com has address 211.155.82.248
      www.taig.com has address 203.191.148.133
      www.taig.com has address 42.62.21.140
      www.taig.com has address 42.62.21.141
      www.taig.com has address 42.62.21.142
      www.taig.com has address 42.62.21.143
      www.taig.com has address 42.62.21.144
      www.taig.com has address 211.155.82.233
      这些 IP 地址告诉我们什么呢?www.taig.com 这家网站拥有好几个机房,启用了 CDN 加速,不像是小公司的基础设施。通过 whois 命令查询这些 IP 地址,得到的结果令人失望,因为结果均指向各个数据中心。然后再用查询 IP 以及域名信息的工具 bgp.he.net 查询,也同样没有给出更多的信息。
      不过,也不必气馁,以上所找到的信息已经布满疑点。现在,再尝试用 curl -s 将 www.taig.com 的页面源代码下载到本地,然后通过 grep -Eo “http://[^\"']+” 从源代码里找到特定的网址,结果很有意思:
      $ curl -s www.taig.com|grep -Eo "http://[^\"']+"
      http://www.taig.com/archives/548
      http://www.taig.com/archives/548
      http://www.taig.com/archives/253
      http://www.taig.com/archives/251
      http://www.taig.com/archives/249
      http://www.taig.com/archives/247
      http://www.taig.com/archives/241
      http://www.taig.com/archives/239
      http://www.taig.com/archives/237
      http://www.taig.com/archives/233
      http://js.pingguoyingyong.com/taiji-home/js/build.js
      IP属地:湖北3楼2013-12-23 13:04
      回复
        以上结果说明,我们在 www.taig.com 的网页上,还找到了其它网站的域名。这些网站的域名必定不是无缘无故出现在这里的。我们再次使用 whois 命令,查询这些看上去可疑的域名,首先是 pingguoyingyong.com 这个域名:
        $ whois pingguoyingyong.com
        Domain Name: PINGGUOYINGYONG.COM
        Registry Domain ID: 1701302087_DOMAIN_COM-VRSN
        Registrar WHOIS Server: whois.godaddy.com
        Registrar URL: http://www.godaddy.com
        Update Date: 2013-02-04 05:56:33
        Creation Date: 2012-02-09 09:52:46
        Registrar Registration Expiration Date: 2015-02-09 09:52:46
        Registrar: GoDaddy.com, LLC
        Registrar IANA ID: 146
        Registrar Abuse Contact Email: abuse@godaddy.com
        Registrar Abuse Contact Phone: +1.480-624-2505
        Domain Status: clientTransferProhibited
        Domain Status: clientUpdateProhibited
        Domain Status: clientRenewProhibited
        Domain Status: clientDeleteProhibited
        Registry Registrant ID:
        Registrant Name: John Lennon
        Registrant Organization: Apple Application INC.
        Registrant Street: China
        Registrant City: guangdong
        Registrant State/Province: baiyun
        Registrant Postal Code: 000000
        Registrant Country: China
        Registrant Phone: +86.138000138000
        Registrant Phone Ext:
        Registrant Fax:
        Registrant Fax Ext:
        Registrant Email: fidate@gmail.com
        Registry Admin ID:
        Admin Name: John Lennon
        Admin Organization: Apple Application INC.
        Admin Street: China
        Admin City: guangdong
        Admin State/Province: baiyun
        Admin Postal Code: 000000
        Admin Country: China
        Admin Phone: +86.138000138000
        Admin Phone Ext:
        Admin Fax:
        Admin Fax Ext:
        Admin Email: fidate@gmail.com
        Registry Tech ID:
        Tech Name: John Lennon
        Tech Organization: Apple Application INC.
        Tech Street: China
        Tech City: guangdong
        Tech State/Province: baiyun
        Tech Postal Code: 000000
        Tech Country: China
        Tech Phone: +86.138000138000
        Tech Phone Ext:
        Tech Fax:
        Tech Fax Ext:
        Tech Email: fidate@gmail.com
        Name Server: F1G1NS1.DNSPOD.NET
        Name Server: F1G1NS2.DNSPOD.NET
        如果想知道一个域名的持有者,还持有什么其它的域名,那么持有此域名的邮箱是首要的调查对象。经过查询,此域名的邮箱 fidate@gmail.com 还拥有另一个域名,idestop.com。
        再用 whois 命令查询 iphonespirit.com 这个域名,发现它采用了保护手段,防止别人查询 whois 域名信息。
        $ whois iphonespirit.com
        Domain Name ..................... iphonespirit.com
        Sponsoring Registrar ............ HICHINA ZHICHENG TECHNOLOGY LTD.
        Name Server ..................... ns3.dnsv4.com
        ns4.dnsv4.com
        Registrant ID ................... whois-protect
        Registrant Name ................. WHOIS AGENT
        Registrant Organization ......... DOMAIN WHOIS PROTECTION SERVICE
        Registrant Address .............. 3/F.,HiChina Mansion,No.27 Gulouwai Avenue
        Dongcheng District,Beijing 100120,China
        Registrant City ................. Beijing
        Registrant Province/State ....... Beijing
        Registrant Postal Code .......... 100120
        Registrant Country Code ......... CN
        Registrant Phone Number ......... +8610.64242266
        Registrant Fax .................. +8610.84138796
        Registrant Email ................ domainadm@hichina.com
        Administrative ID ............... whois-protect
        Administrative Name ............. WHOIS AGENT
        Administrative Organization ..... DOMAIN WHOIS PROTECTION SERVICE
        Administrative Address .......... 3/F.,HiChina Mansion,No.27 Gulouwai Avenue
        Dongcheng District,Beijing 100120,China
        Administrative City ............. Beijing
        Administrative Province/State ... Beijing
        Administrative Postal Code ...... 100120
        Administrative Country Code ..... CN
        Administrative Phone Number ..... +8610.64242266
        Administrative Fax .............. +8610.84138796
        Administrative Email ............ domainadm@hichina.com
        Billing ID ...................... whois-protect
        Billing Name .................... WHOIS AGENT
        Billing Organization ............ DOMAIN WHOIS PROTECTION SERVICE
        Billing Address ................. 3/F.,HiChina Mansion,No.27 Gulouwai Avenue
        Dongcheng District,Beijing 100120,China
        Billing City .................... Beijing
        Billing Province/State .......... Beijing
        Billing Postal Code ............. 100120
        Billing Country Code ............ CN
        Billing Phone Number ............ +8610.64242266
        Billing Fax ..................... +8610.84138796
        Billing Email ................... domainadm@hichina.com
        Technical ID .................... whois-protect
        Technical Name .................. WHOIS AGENT
        Technical Organization .......... DOMAIN WHOIS PROTECTION SERVICE
        Technical Address ............... 3/F.,HiChina Mansion,No.27 Gulouwai Avenue
        Dongcheng District,Beijing 100120,China
        Technical City .................. Beijing
        Technical Province/State ........ Beijing
        Technical Postal Code ........... 100120
        Technical Country Code .......... CN
        Technical Phone Number .......... +8610.64242266
        Technical Fax ................... +8610.84138796
        Technical Email ................. domainadm@hichina.com
        Domain Create Date .............. 2013-03-29 19:54:24
        Expiration Date ................. 2014-03-29 19:54:24
        IP属地:湖北4楼2013-12-23 13:05
        回复
          结论
          由于太极的下载链接托管在了 iphonespirit.com 上,我们有理由相信太极和国内某公司或某公司投资的某些公司有某种联系。
          再由于太极的 JS 资源托管到了 pingguoyingyong.com 上,我们有理由相信太极和快用助手有某种深层次的合作。还有另外一种可能太极只是快用助手的马甲。
          IP属地:湖北6楼2013-12-23 13:05
          回复

            扫二维码下载贴吧客户端

            下载贴吧APP
            看高清直播、视频!
            • 4回复贴,共1
            发表回复
            发贴请遵守贴吧协议及“七条底线”贴吧投诉
            内  容:
              查看全部
            发 表
            保存至快速回贴

            发布成功
            去贴吧APP订阅抽奖结果通知
            扫码进入贴吧APP
            ···········
            开奖后第一时间站内信通知
            ···········
            中奖结果全员公示