GithubHelp home page GithubHelp logo

mac_wxapkg_decrypt's Introduction

TinyNiko

Hi there 👋

  • 🌱 QAQ

My github stats

Visitor Count

mac_wxapkg_decrypt's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

635547251 seeflowerx bb33bb kingking888 xianyucoder ioxuy dontian122 yongbaowang lyy0755 geary0124 littlexiang aevit wha000tif moobing pinetang yeshuibo gg-o1 jas502n crackercat jadepeakpoet gh0stz1 lpe234 saycold77 nobita0522 lys623 kyochou diandengs piz-liu halewhh cary929 zhouxinfei lhcn xiaowenhuman bdingtech bopo kkiinnggwweenn maxwellzy sssnto newpurr redeembynight bluepeople1 c2en xenlata witchan lzxorz sunchen009 crosslee xrxsh btlyon hiyaai rainmanzzz iq9891 jslwq

mac_wxapkg_decrypt's Issues

使用way1没有出现报错也没有出现key

macos 13.3.1 Intel 关闭了SIP
frida 15.2.2
微信 3.7.0

查看PID

~/Downloads/mac_wxapkg_decrypt-main » ps -ef | grep Mini                                      130 ↵
  501  2598     1   0  3:03下午 ??         0:04.59 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3474     1   0  3:32下午 ??         0:01.11 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3589   979   0  3:39下午 ttys002    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox Mini

启动frida

~/Downloads/mac_wxapkg_decrypt-main » sudo frida 3474 -l _agent.js
Password:
     ____
    / _  |   Frida 15.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

[Local::PID::3474 ]->
[Local::PID::3474 ]-> exit

Thank you for using Frida!

没有出现Attaching,也没有报错

工具使用问题

师傅你好 能否给个联系方式 请教一下工具用法 从blog的联系方式解密没查到wechat

微信最新版操作失败,用第二种方法

TypeError: cannot read property 'bytes' of null
at (src/mac_wx/main.ts:22)
at call (native)
at o (node_modules/browser-pack/_prelude.js:1)
at r (node_modules/browser-pack/_prelude.js:1)
at (/Users/xxx/tools/xiaochegnxu/mac_wxapkg_decrypt/_agent.js:27)
at evaluate (native)
at (/frida/repl-2.js:1)

AES Key可以确定是dbEncryptKey

hook得到的aes key来自-[AuthSectResp init]中的置入的SetCliDbencryptKey,提取对应目录下的聊天记录msg_*.db可以使用此key解开得到聊天记录。

Error: Operation not permitted

关闭了 SIP
Python 3
Node v18.x
Frida 16.0.11
用的第二种方式:

// way 1
// var account = ObjC.classes.AccountService['- GetEncryptKey'];
// Interceptor.attach(account.implementation, {
//   onLeave: function onLeave(ret) {
//     var keyobj = new ObjC.Object(ret);
//     var key = keyobj.bytes().readByteArray(keyobj.length());
//     console.log(hexdump(key)); // the first 16 bytes is aes key
//   }
// });

// way 2
var wadecrypt = ObjC.classes.WAPkgEncryptUtil['+ pkgDecrypt:'];
// // TODO fix path
var path = "/Users/bluemiaomiao/Library/Group Containers/5A4RE8SF68.com.tencent.xinWeChat/Library/Caches/xinWeChat/a0e1cb1856364ecce1b4f5a49bdf55e8/WeApp/LocalCache/release/wx16b266d88f279965/15.wxapkg";
var wxpath = ObjC.classes.NSString.stringWithUTF8String_(Memory.allocUtf8String(path));
var decryptdata = ObjC.classes.WAPkgEncryptUtil.pkgDecrypt_(wxpath);
var filedata = decryptdata.bytes().readByteArray(decryptdata.length());
// // TODO fix path
var file = new File("/Users/bluemiaomiao/Developer/15c.wxapkg", "wb");
file.write(filedata);
file.close();
console.log("write file done");

},{}]},{},[1])

报错了:

➜  mac_wxapkg_decrypt git:(main) ✗ sudo frida 1093 -l _agent.js
Password:
     ____
    / _  |   Frida 16.0.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

Error: Operation not permitted
    at <anonymous> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:22)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:27)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)
[Local::PID::1093 ]-> quit

Thank you for using Frida!

微信版本 Version. 3.6.1 (24205) 操作失败

❯ sudo frida 84348 -l agent.js
Password:
____
/ _ | Frida 16.0.8 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// || help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Local System (id=local)
Failed to attach: unable to access process with pid 84348 from the current user account

"Magic number is not correct!");

Error: Magic number is not correct!
at header (/Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js:21:54)
at /Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js:186:44
at /Users/mac/Documents/github/WxAppUnpacker1/wuLib.js:95:14
at agent (/Users/mac/Documents/github/WxAppUnpacker1/wuLib.js:64:23)
at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/fs/read_file_context:68:3)

Node.js v20.3.1
node /Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js temp/h.wxapkg
Unpack file temp/h.wxapkg...

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.