Coder Social home page Coder Social logo

mac_wxapkg_decrypt's Issues

"Magic number is not correct!");

Error: Magic number is not correct!
at header (/Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js:21:54)
at /Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js:186:44
at /Users/mac/Documents/github/WxAppUnpacker1/wuLib.js:95:14
at agent (/Users/mac/Documents/github/WxAppUnpacker1/wuLib.js:64:23)
at FSReqCallback.readFileAfterClose [as oncomplete] (node:internal/fs/read_file_context:68:3)

Node.js v20.3.1
node /Users/mac/Documents/github/WxAppUnpacker1/wuWxapkg.js temp/h.wxapkg
Unpack file temp/h.wxapkg...

微信最新版操作失败,用第二种方法

TypeError: cannot read property 'bytes' of null
at (src/mac_wx/main.ts:22)
at call (native)
at o (node_modules/browser-pack/_prelude.js:1)
at r (node_modules/browser-pack/_prelude.js:1)
at (/Users/xxx/tools/xiaochegnxu/mac_wxapkg_decrypt/_agent.js:27)
at evaluate (native)
at (/frida/repl-2.js:1)

Error: Operation not permitted

关闭了 SIP
Python 3
Node v18.x
Frida 16.0.11
用的第二种方式:

// way 1
// var account = ObjC.classes.AccountService['- GetEncryptKey'];
// Interceptor.attach(account.implementation, {
//   onLeave: function onLeave(ret) {
//     var keyobj = new ObjC.Object(ret);
//     var key = keyobj.bytes().readByteArray(keyobj.length());
//     console.log(hexdump(key)); // the first 16 bytes is aes key
//   }
// });

// way 2
var wadecrypt = ObjC.classes.WAPkgEncryptUtil['+ pkgDecrypt:'];
// // TODO fix path
var path = "/Users/bluemiaomiao/Library/Group Containers/5A4RE8SF68.com.tencent.xinWeChat/Library/Caches/xinWeChat/a0e1cb1856364ecce1b4f5a49bdf55e8/WeApp/LocalCache/release/wx16b266d88f279965/15.wxapkg";
var wxpath = ObjC.classes.NSString.stringWithUTF8String_(Memory.allocUtf8String(path));
var decryptdata = ObjC.classes.WAPkgEncryptUtil.pkgDecrypt_(wxpath);
var filedata = decryptdata.bytes().readByteArray(decryptdata.length());
// // TODO fix path
var file = new File("/Users/bluemiaomiao/Developer/15c.wxapkg", "wb");
file.write(filedata);
file.close();
console.log("write file done");

},{}]},{},[1])

报错了:

➜  mac_wxapkg_decrypt git:(main) ✗ sudo frida 1093 -l _agent.js
Password:
     ____
    / _  |   Frida 16.0.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

Error: Operation not permitted
    at <anonymous> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:22)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:27)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)
[Local::PID::1093 ]-> quit

Thank you for using Frida!

微信版本 Version. 3.6.1 (24205) 操作失败

❯ sudo frida 84348 -l agent.js
Password:
____
/ _ | Frida 16.0.8 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// || help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Local System (id=local)
Failed to attach: unable to access process with pid 84348 from the current user account

AES Key可以确定是dbEncryptKey

hook得到的aes key来自-[AuthSectResp init]中的置入的SetCliDbencryptKey,提取对应目录下的聊天记录msg_*.db可以使用此key解开得到聊天记录。

使用way1没有出现报错也没有出现key

macos 13.3.1 Intel 关闭了SIP
frida 15.2.2
微信 3.7.0

查看PID

~/Downloads/mac_wxapkg_decrypt-main » ps -ef | grep Mini                                      130 ↵
  501  2598     1   0  3:03下午 ??         0:04.59 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3474     1   0  3:32下午 ??         0:01.11 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3589   979   0  3:39下午 ttys002    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox Mini

启动frida

~/Downloads/mac_wxapkg_decrypt-main » sudo frida 3474 -l _agent.js
Password:
     ____
    / _  |   Frida 15.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

[Local::PID::3474 ]->
[Local::PID::3474 ]-> exit

Thank you for using Frida!

没有出现Attaching,也没有报错

工具使用问题

师傅你好 能否给个联系方式 请教一下工具用法 从blog的联系方式解密没查到wechat

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.