Figure 10- 73 [CKConversation sendMessage:onService:newComposition:]
The execution flow of this method is more straightforward than the previous ones. Skim it
briefly, we can see phrases like “Sending message with guid: %@”, “ => Sending account: %@”
and “=> Recipients: [%@]”, most of which are arguments of _CKLogExternal. If MobileSMS
has already started recording these into syslog, doesn’t it prove that “send iMessage” is
happening? What’s more, we’ve seen the suspicious keyword “sendMessage:” again in figure 10-
74:
Figure 10- 74 loc_2691f836
What’s the receiver and arguments of “sendMessage:”? Let’s find them in IDA; the receiver,
R0, comes from R5. Where does R5 come from? Keep looking upwards until loc_2691F726, as
shown in figure 10-75.