mirror of
https://github.com/ttttupup/wxhelper.git
synced 2024-11-05 09:59:23 +08:00
doc: 更新文档
This commit is contained in:
parent
e373b2f063
commit
23fc28d011
@ -1,51 +0,0 @@
|
|||||||
import ctypes
|
|
||||||
import hashlib
|
|
||||||
import hmac
|
|
||||||
|
|
||||||
# pip install pycryptodome
|
|
||||||
from Crypto.Cipher import AES
|
|
||||||
|
|
||||||
|
|
||||||
def decrypt(password, input_file, out_file):
|
|
||||||
password = bytes.fromhex(password.replace(' ', ''))
|
|
||||||
with open(input_file, 'rb') as (f):
|
|
||||||
blist = f.read()
|
|
||||||
print(len(blist))
|
|
||||||
salt = blist[:16]
|
|
||||||
key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
|
|
||||||
first = blist[16:DEFAULT_PAGESIZE]
|
|
||||||
mac_salt = bytes([x ^ 58 for x in salt])
|
|
||||||
mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
|
|
||||||
hash_mac = hmac.new(mac_key, digestmod='sha1')
|
|
||||||
hash_mac.update(first[:-32])
|
|
||||||
hash_mac.update(bytes(ctypes.c_int(1)))
|
|
||||||
if hash_mac.digest() == first[-32:-12]:
|
|
||||||
print('decrypt success')
|
|
||||||
else:
|
|
||||||
print('password error')
|
|
||||||
return
|
|
||||||
blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)]
|
|
||||||
with open(out_file, 'wb') as (f):
|
|
||||||
f.write(SQLITE_FILE_HEADER)
|
|
||||||
t = AES.new(key, AES.MODE_CBC, first[-48:-32])
|
|
||||||
f.write(t.decrypt(first[:-48]))
|
|
||||||
f.write(first[-48:])
|
|
||||||
for i in blist:
|
|
||||||
t = AES.new(key, AES.MODE_CBC, i[-48:-32])
|
|
||||||
f.write(t.decrypt(i[:-48]))
|
|
||||||
f.write(i[-48:])
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49'
|
|
||||||
input_file = 'C:/var/Applet.db'
|
|
||||||
out_file = 'c:/var/out/Applet.db'
|
|
||||||
decrypt(password, input_file, out_file)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
|
||||||
SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
|
|
||||||
KEY_SIZE = 32
|
|
||||||
DEFAULT_PAGESIZE = 4096
|
|
||||||
DEFAULT_ITER = 64000
|
|
||||||
main()
|
|
26
python/http_server.py
Normal file
26
python/http_server.py
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
from fastapi import FastAPI, Request
|
||||||
|
|
||||||
|
|
||||||
|
app = FastAPI()
|
||||||
|
|
||||||
|
# pip install fastapi
|
||||||
|
# run command :uvicorn test:app --reload
|
||||||
|
# 127.0.0.1:8000/api
|
||||||
|
|
||||||
|
@app.post("/api")
|
||||||
|
def create_item(request: Request):
|
||||||
|
print("recv msg")
|
||||||
|
return {"code": 0, "msg": "success"}
|
||||||
|
|
||||||
|
|
||||||
|
@app.middleware("http")
|
||||||
|
async def TestCustomMiddleware(request: Request, call_next):
|
||||||
|
the_headers = request.headers
|
||||||
|
the_body = await request.json()
|
||||||
|
|
||||||
|
print(the_headers)
|
||||||
|
print(the_body)
|
||||||
|
|
||||||
|
response = await call_next(request)
|
||||||
|
|
||||||
|
return response
|
10
python/readme.md
Normal file
10
python/readme.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
### 常用的一些工具
|
||||||
|
|
||||||
|
|
||||||
|
client.py : 快速测试dll的http接口。
|
||||||
|
|
||||||
|
decrpt.py : 微信数据库解密工具。password 为dll个人信息里返回的dbkey。
|
||||||
|
|
||||||
|
http_server.py : 一个简单的http server,用来接收hook的消息。
|
||||||
|
|
||||||
|
tcpserver.py: 一个简单的tcp server,用来接收hook的消息。
|
BIN
tool/injector/ConsoleApplication.exe
Normal file
BIN
tool/injector/ConsoleApplication.exe
Normal file
Binary file not shown.
@ -1 +1,14 @@
|
|||||||
## 可以使用对应分支下的注入工具,或者自己编译一下 source目录下的注入程序。
|
## 可以使用对应分支下的注入工具,或者自己编译一下 source目录下的注入程序。
|
||||||
|
|
||||||
|
1.ConsoleApplication.exe
|
||||||
|
编译好的x64版本的注入器
|
||||||
|
命令行注入工具,注入命令
|
||||||
|
``` javascript
|
||||||
|
//-i 注入程序名 -p 注入dll路径
|
||||||
|
// -u 卸载程序名 -d 卸载dll名称
|
||||||
|
//注入
|
||||||
|
ConsoleInject.exe -i demo.exe -p E:\wxhelper.dll
|
||||||
|
//卸载
|
||||||
|
ConsoleInject.exe -u demo.exe -d wxhelper.dll
|
||||||
|
|
||||||
|
```
|
Loading…
Reference in New Issue
Block a user