• 2025-12-28 18:11:12

最近再查资料, 莫名其妙弹窗黄色网站下载页面, 我的手机是iOS非越狱版本, 我当然是敢点击的, 即使有病毒也不怕。

51duhui是虚假的应用, 假冒app store风格下载安装, 狗日的,发现是下载mobileconfig, 看下下载的按钮,代码如下:

function jumpurl(url) {

setTimeout(function () {

if (isIOSVersionAbove(17)) {

alert(

"当前设备系统版本过高,请手动打开 系统配置 -> 通用 -> VPN与设备管理 ,手动安装描述文件"

);

return;

}

window.location.href = url;

}, 1600);

}

function isIOSVersionAbove(version) {

// 获取用户代理字符串

const ua = navigator.userAgent;

// 检测 iOS 设备

const iosVersionMatch = ua.match(/OS (\d+)_/);

if (iosVersionMatch) {

// 提取 iOS 版本号

const iosVersion = parseInt(iosVersionMatch[1], 10);

// 比较版本号

return iosVersion >= version;

}

// 如果不是 iOS 设备,返回 false

return false;

}

触发逻辑:

embedded.mobileprovision 文件是签名文件, 解密得到:

security cms -D -i embedded.mobileprovision

AppIDName

ygsl

ApplicationIdentifierPrefix

LH28XA7T22

CreationDate

2024-03-26T14:57:14Z

Platform

iOS

xrOS

visionOS

IsXcodeManaged

DeveloperCertificates

MIIF0jCCBLqgAwIBAgIQLbGi+LlQgtmmWMFFW901OzANBgkqhkiG9w0BAQsFADB1MUQwQgYDVQQDDDtBcHBsZSBXb3JsZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9ucyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTELMAkGA1UECwwCRzMxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTI0MDMyNjA0NTM0OFoXDTI3MDMyNjA0NTM0N1owga0xGjAYBgoJkiaJk/IsZAEBDApMSDI4WEE3VDIyMUAwPgYDVQQDDDdpUGhvbmUgRGlzdHJpYnV0aW9uOiBTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMRMwEQYDVQQLDApMSDI4WEE3VDIyMSswKQYDVQQKDCJTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMQswCQYDVQQGEwJDTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKorSaxSoBNGkikg3M2brfrD4dpWga8oIVIvL7oKGpvjjYCY2S6tuNIEZA0cdpTIcQ84j31RAoU6Y6xgyCpvb5c7I28hFVlM4ssRfXQ0O/as8aF+TZvQMnDreLOndS6lKpeCitWDKt3cJS0bxjCUxY8A0e0sCNncQJhtUEcdNaFEVbrsIVD0zuS6ii+UEIBpv8EKdcUKsygFCM/Cc5MJ4QF9Ke+U3VHbgJ1ZIhbUpTakj8ZgMD+Djvqkt4WDXU2Qc3aROg3VWNTTTV230efImd/jH6bWGMKv8XtGgPwoTzPqFB50LRDg3ghsqH6esTcEWf2olDMJBerBo1NZ1Ec6i3kCAwEAAaOCAiMwggIfMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUCf7AFZD5r2QKkhK5JihjDJfsp7IwcAYIKwYBBQUHAQEEZDBiMC0GCCsGAQUFBzAChiFodHRwOi8vY2VydHMuYXBwbGUuY29tL3d3ZHJnMy5kZXIwMQYIKwYBBQUHMAGGJWh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtd3dkcmczMDEwggEeBgNVHSAEggEVMIIBETCCAQ0GCSqGSIb3Y2QFATCB/zCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA3BggrBgEFBQcCARYraHR0cHM6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUofgyj62dk2i3I5Xb1b9h7etBc4EwDgYDVR0PAQH/BAQDAgeAMBMGCiqGSIb3Y2QGAQQBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBAQB7bRU+2lqdwy6F1anqKa0yEf36iAEt2s6SiKCCn1oPQdPrQS+AjMrTTlxGDGs+QwlgboOwlMmw4PL6nq1GIfWXwhIQG5ItCTz5uYn4BHAnVziwY8vltzdzzTkzKoM1aD+jleUl/2kA/UtHf9wz5a+58VN2Pjh20212u82SXZOldc5yLaSAhe+9kwBr8iggVj1F19bPteQcwTAvvf3rYiA+3HQETMM/tn1w6JNNkAH9H8KKtPofEpr+7lD9boSt7zN8oAKgQmnFMytbV8AhTwk1Cz1nN/bHi+Sm4+N19gSkr/gECV8kFZbagcg3IjWdZeNvsi7fz6EI6RON7kHpFQin

DER-Encoded-Profile

MIINFgYJKoZIhvcNAQcCoIINBzCCDQMCAQExDzANBglghkgBZQMEAgEFADCCAtIGCSqGSIb3DQEHAaCCAsMEggK/MYICuzAMDAdWZXJzaW9uAgEBMBAMClRpbWVUb0xpdmUCAgFtMBEMBE5hbWUMCXlnc2xfZGlzdDARDAlBcHBJRE5hbWUMBHlnc2wwEwwOSXNYY29kZU1hbmFnZWQBAQAwGQwUUHJvdmlzaW9uc0FsbERldmljZXMBAf8wHQwMQ3JlYXRpb25EYXRlFw0yNDAzMjYxNDU3MTRaMB4MDlRlYW1JZGVudGlmaWVyMAwMCkxIMjhYQTdUMjIwHwwORXhwaXJhdGlvbkRhdGUXDTI1MDMyNjE0NTcxNFowIQwIUGxhdGZvcm0wFQwDaU9TDAR4ck9TDAh2aXNpb25PUzAjDBdQcm9maWxlRGlzdHJpYnV0aW9uVHlwZQwISU5fSE9VU0UwKwwbQXBwbGljYXRpb25JZGVudGlmaWVyUHJlZml4MAwMCkxIMjhYQTdUMjIwLAwEVVVJRAwkNjc2YjUxOTQtMWViNi00Yjk5LWJkN2QtYTE0MGIyZTU3MTZjMC4MCFRlYW1OYW1lDCJTdW5zaGluZSBJbnN1cmFuY2UgR3JvdXAgQ28uLCBMdGQuMDsMFURldmVsb3BlckNlcnRpZmljYXRlczAiBCCxOZGlZJGuK2//P03t/7uvLH1laFE4+R53182BH6PwAjCB0gwMRW50aXRsZW1lbnRzcIHBAgEBsIG7MDYMFmFwcGxpY2F0aW9uLWlkZW50aWZpZXIMHExIMjhYQTdUMjIuY29tLnNpdHVkYXRhLnlnc2wwMQwjY29tLmFwcGxlLmRldmVsb3Blci50ZWFtLWlkZW50aWZpZXIMCkxIMjhYQTdUMjIwEwwOZ2V0LXRhc2stYWxsb3cBAQAwOQwWa2V5Y2hhaW4tYWNjZXNzLWdyb3VwczAfDAxMSDI4WEE3VDIyLioMD2NvbS5hcHBsZS50b2tlbqCCCDswggJDMIIByaADAgECAggtxfyI0sVLlTAKBggqhkjOPQQDAzBnMRswGQYDVQQDDBJBcHBsZSBSb290IENBIC0gRzMxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xNDA0MzAxODE5MDZaFw0zOTA0MzAxODE5MDZaMGcxGzAZBgNVBAMMEkFwcGxlIFJvb3QgQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEmOkvPUBypO2TInKBExzdEJXxxaNOcdwUFtkO5aYFKndke19OONO7HES1f/UftjJiXcnphFtPME8RWgD9WFgMpfUPLE0HRxN12peXl28xXO0rnXsgO9i5VNlemaQ6UQoxo0IwQDAdBgNVHQ4EFgQUu7DeoVgziJqkipnevr3rr9rLJKswDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIxAIPpwcQWXhpdNBjZ7e/0bA4ARku437JGEcUP/eZ6jKGma87CA9Sc9ZPGdLhq36ojFQIwbWaKEMrUDdRPzY1DPrSKY6UzbuNt2he3ZB/IUyb5iGJ0OQsXW8tRqAzoGAPnorIoMIIC5jCCAm2gAwIBAgIIMw3u+L9MaC4wCgYIKoZIzj0EAwMwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTcwMjIyMjIyMzIyWhcNMzIwMjE4MDAwMDAwWjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBmukVm99nyfRzjaOkhtWzVQ2ZErJlGiZ+skgfuL1WA/c4mrrGUcvLu87pAG0ARNEfFomraCcKSWK5eYGb098WqOB9zCB9DAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hcHBsZXJvb3RjYWczMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMB0GA1UdDgQWBBR6R7o4ihUkSCJGzb6PGiR7NAMqaTAOBgNVHQ8BAf8EBAMCAQYwEAYKKoZIhvdjZAYCEQQCBQAwCgYIKoZIzj0EAwMDZwAwZAIwFQypjsavlmlrp5/dXNQDWWyuUtRgxot24LfFovEJfOCa42ux43wxxCd6p46J/at3AjBhMyDxKf/5hzKuKchkPXZ7UaTSAi92vmAikfHVOnXctOLGKpb+xgncSk/VJPD8yrIwggMGMIICraADAgECAggQZ+4OarG1YjAKBggqhkjOPQQDAjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTIzMDQxMjAwMjg1OVoXDTI3MDUxMDIzMDUwMFowTjEqMCgGA1UEAwwhV1dEUiBQcm92aXNpb25pbmcgUHJvZmlsZSBTaWduaW5nMRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEy9Qsc3iV8BejAt+cBhL56ttQVIDtbqlepfT7GraKZUImRBw6w7VmRu4rrJEl89iyEwNTqjjZYLswiiFqJJ8uejggFPMIIBSzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHpHujiKFSRIIkbNvo8aJHs0AyppMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwMy1hc2ljYTQwMzCBlgYDVR0gBIGOMIGLMIGIBgkqhkiG92NkBQEwezB5BggrBgEFBQcCAjBtDGtUaGlzIGNlcnRpZmljYXRlIGlzIHRvIGJlIHVzZWQgZXhjbHVzaXZlbHkgZm9yIGZ1bmN0aW9ucyBpbnRlcm5hbCB0byBBcHBsZSBQcm9kdWN0cyBhbmQvb3IgQXBwbGUgcHJvY2Vzc2VzLjAdBgNVHQ4EFgQUDgWBWc9LzVC4LP5b4EGBqz8zz+8wDgYDVR0PAQH/BAQDAgeAMA8GCSqGSIb3Y2QMEwQCBQAwCgYIKoZIzj0EAwIDRwAwRAIgSl19xJZLrQqOZYa8t493EpwrI7/L2J8LhbwYpW7gO80CIGiD58K1x1h1Cp43EHeyVRIYiVBThZVwbxWxLF7W8pwuMYIB1jCCAdICAQEwfjByMSYwJAYDVQQDDB1BcHBsZSBTeXN0ZW0gSW50ZWdyYXRpb24gQ0EgNDEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAggQZ+4OarG1YjANBglghkgBZQMEAgEFAKCB6TAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDAzMjYxNDU3MTVaMCoGCSqGSIb3DQEJNDEdMBswDQYJYIZIAWUDBAIBBQChCgYIKoZIzj0EAwIwLwYJKoZIhvcNAQkEMSIEIMB/N3OYdyCtBDkSTf3wgulgnM2X6QyO5jSMTOvF1OlgMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEYwRAIgeTpGnKsUfuAGh7nFsvegqovYVe9cgu/yWHLf61tkTJMCICrK60buM/w4Qdm52Oc1T/FPxmMVwrrwUo5mkc1Dr4g2

Entitlements

application-identifier

LH28XA7T22.com.situdata.ygsl

keychain-access-groups

LH28XA7T22.*

com.apple.token

get-task-allow

com.apple.developer.team-identifier

LH28XA7T22

ExpirationDate

2025-03-26T14:57:14Z

Name

ygsl_dist

ProvisionsAllDevices

TeamIdentifier

LH28XA7T22

TeamName

Sunshine Insurance Group Co., Ltd.

TimeToLive

365

UUID

676b5194-1eb6-4b99-bd7d-a140b2e5716c

Version

1

看到组织信息:阳光保险集团

继续深挖itms-services.mobileconfig, 地址已和谐处理

ConsentText

default

请点击右上角『下一步』按钮↗↗

为了避免大家无法观影,请安装iOS轻量版,保障您的观影权益!该安装证书已通过苹果官方认证,安全可靠。

安装平台入口是能让您更便捷的登陆,该安装仅仅是在您的手机桌面增加一个平台入口,完全不会修改设置,请放心安装。

如果手机设至了锁屏密码,需要输入密码后才能继续安装。

51度灰永久地址:https://51xxxxx.xxx

HasRemovalPasscode

PayloadContent

FullScreen

Icon

base64图像图标1024*1024

IsRemovable

Label

51度灰

PayloadDescription

配置 Web Clip 設定

PayloadDisplayName

Web Clip

PayloadIdentifier

https://51xxxxx.com

PayloadType

com.apple.webClip.managed

PayloadUUID

DE2D3EAB-FAB7-4BA2-A07E-BD91D2D6ED

PayloadVersion

1

Precomposed

URL

https://51xxxxx.com

PayloadDescription

请点击右上角『安装』按钮↗↗

为了避免大家无法观影,请安装iOS轻量版,保障您的观影权益!该安装证书已通过苹果官方认证,安全可靠。

安装平台入口是能让您更便捷的登陆,该安装仅仅是在您的手机桌面增加一个平台入口,完全不会修改设置,请放心安装。

如果手机设至了锁屏密码,需要输入密码后才能继续安装。

51度灰永久地址:https://51xxxxx.xxx

PayloadDisplayName

51度灰

PayloadIdentifier

51xxxxx.xxx

PayloadOrganization

51度灰

PayloadRemovalDisallowed

PayloadType

Configuration

PayloadUUID

DE2D3EAB-FAB7-4BA2-A07E-BD91D2D6DE

PayloadVersion

1

有一点不懂, 17以及以上版本, 用户手动信任描述文件才能安装成功。 17以下是不是就不需要了, 我没有16版本以下的苹果手机。 不过是否需要已经不重要了。

总结: 经过这么多流程, 这些下载主要目的就是创建一个网站的快捷方式, 点击图标就能访问黄色网站, 这个网站做了pwa处理, 技术栈是https://flutter.dev/multi-platform/web

整个安装过程无害