So the argument of [[self chat] sendMessage:] is exactly the first argument of [self
sendMessage:onService:newComposition:]. Well, what’re the types and values of [self chat] and
the argument? We’ve gone out of clue in IDA, so it’s time to bring out LLDB.
First compose an iMessage, then set a breakpoint on the objc_msgSend right under
“sendMessage:” in figure 10-74, which is at the end of [CKConversation
sendMessage:onService:newComposition:]. After that, press “Send” button to trigger the
breakpoint:
Process 233590 stopped
* thread #1: tid = 0x39076, 0x30ad1846 ChatKit`-[CKConversation
sendMessage:onService:newComposition:] + 686, queue = 'com.apple.main-thread, stop
reason = breakpoint 1.1
frame #0: 0x30ad1846 ChatKit`-[CKConversation sendMessage:onService:newComposition:]
+ 686
ChatKit`-[CKConversation sendMessage:onService:newComposition:] + 686:
0x30ad1846: blx 0x30b3bf44 ; symbol stub for:
MarcoShouldLogMadridLevel$shim
0x30ad184a: movw r0, #49322
0x30ad184e: movt r0, #2541
0x30ad1852: add r0, pc
(lldb) p (char )$r1
(char ) $0 = 0x32b26146 "sendMessage:"
(lldb) po $r0
<IMChat 0x5ef2ce0> [Identifier: [email protected] GUID:
iMessage;-;[email protected] Persistent ID: [email protected] Account:
26B3EC90-783B-4DEC-82CF-F58FBBB22363 Style: - State: 3 Participants: 1 Room Name:
(null) Display Name: (null) Last Addressed: (null) Group ID: F399B0B5-800F-47A4-A66C-
72C43ACC0428 Unread Count: 0 Failure Count: 0]
(lldb) po $r2
IMMessage[from=(null); msg-subject=(null); account:(null); flags=100005; subject='<<
Message Not Loggable >>' text='<< Message Not Loggable >>' messageID: 0 GUID:'966C2CD6-
3710 - 4D0F-BCEF-BCFEE8E60FE9' date:'437730968.559627' date-delivered:'0.000000' date-
read:'0.000000' date-played:'0.000000' empty: NO finished: YES sent: NO read: NO
delivered: NO audio: NO played: NO from-me: YES emote: NO dd-results: NO dd-scanned: YES
error: (null)]
(lldb) ni
The output contains exactly what we want: [IMChat sendMessage:IMMessage]. There’s one
thing to mention: after printing out all necessary information, I’ve executed an extra “ni”
command and heard a familiar “message sent” text tone. This phenomenon indicates that the
operation of “send iMessage” is indeed performed inside [IMChat sendMessage:IMMessage].
Because the prefixes of IMChat and IMMessage are both IM, they come from a library other
than ChatKit; the lowest level “send iMessage” function in ChatKit stops at [CKConversation
sendMessage:onService:newComposition:]. We can confirm for now that if we’re able to
construct an IMChat object and an IMMessage object, we can successfully send an iMessage.
Old problems solved, new problems occur: how do we compose these 2 objects? Let’s see if