diff --git a/python/decrpt.py b/python/decrpt.py deleted file mode 100644 index d1802a2..0000000 --- a/python/decrpt.py +++ /dev/null @@ -1,51 +0,0 @@ -import ctypes -import hashlib -import hmac - -# pip install pycryptodome -from Crypto.Cipher import AES - - -def decrypt(password, input_file, out_file): - password = bytes.fromhex(password.replace(' ', '')) - with open(input_file, 'rb') as (f): - blist = f.read() - print(len(blist)) - salt = blist[:16] - key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE) - first = blist[16:DEFAULT_PAGESIZE] - mac_salt = bytes([x ^ 58 for x in salt]) - mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE) - hash_mac = hmac.new(mac_key, digestmod='sha1') - hash_mac.update(first[:-32]) - hash_mac.update(bytes(ctypes.c_int(1))) - if hash_mac.digest() == first[-32:-12]: - print('decrypt success') - else: - print('password error') - return - blist = [blist[i:i + DEFAULT_PAGESIZE] for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)] - with open(out_file, 'wb') as (f): - f.write(SQLITE_FILE_HEADER) - t = AES.new(key, AES.MODE_CBC, first[-48:-32]) - f.write(t.decrypt(first[:-48])) - f.write(first[-48:]) - for i in blist: - t = AES.new(key, AES.MODE_CBC, i[-48:-32]) - f.write(t.decrypt(i[:-48])) - f.write(i[-48:]) - - -def main(): - password = '565735E30E474DA09250CB5AA047E3940FFA1C6F767C4263B13ABB512933DA49' - input_file = 'C:/var/Applet.db' - out_file = 'c:/var/out/Applet.db' - decrypt(password, input_file, out_file) - - -if __name__ == '__main__': - SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1) - KEY_SIZE = 32 - DEFAULT_PAGESIZE = 4096 - DEFAULT_ITER = 64000 - main() diff --git a/python/http_server.py b/python/http_server.py new file mode 100644 index 0000000..98c154c --- /dev/null +++ b/python/http_server.py @@ -0,0 +1,26 @@ +from fastapi import FastAPI, Request + + +app = FastAPI() + +# pip install fastapi +# run command :uvicorn test:app --reload +# 127.0.0.1:8000/api + +@app.post("/api") +def create_item(request: Request): + print("recv msg") + return {"code": 0, "msg": "success"} + + +@app.middleware("http") +async def TestCustomMiddleware(request: Request, call_next): + the_headers = request.headers + the_body = await request.json() + + print(the_headers) + print(the_body) + + response = await call_next(request) + + return response \ No newline at end of file diff --git a/python/readme.md b/python/readme.md new file mode 100644 index 0000000..bf344d2 --- /dev/null +++ b/python/readme.md @@ -0,0 +1,10 @@ +### 常用的一些工具 + + +client.py : 快速测试dll的http接口。 + +decrpt.py : 微信数据库解密工具。password 为dll个人信息里返回的dbkey。 + +http_server.py : 一个简单的http server,用来接收hook的消息。 + +tcpserver.py: 一个简单的tcp server,用来接收hook的消息。 \ No newline at end of file diff --git a/tool/injector/ConsoleApplication.exe b/tool/injector/ConsoleApplication.exe new file mode 100644 index 0000000..617f596 Binary files /dev/null and b/tool/injector/ConsoleApplication.exe differ diff --git a/tool/injector/readme.md b/tool/injector/readme.md index d2fe096..9d8e8d5 100644 --- a/tool/injector/readme.md +++ b/tool/injector/readme.md @@ -1 +1,14 @@ ## 可以使用对应分支下的注入工具,或者自己编译一下 source目录下的注入程序。 + +1.ConsoleApplication.exe +编译好的x64版本的注入器 +命令行注入工具,注入命令 +``` javascript + //-i 注入程序名 -p 注入dll路径 + // -u 卸载程序名 -d 卸载dll名称 + //注入 + ConsoleInject.exe -i demo.exe -p E:\wxhelper.dll + //卸载 + ConsoleInject.exe -u demo.exe -d wxhelper.dll + +``` \ No newline at end of file