TinyNiko / mac_wxapkg_decrypt

mac 端wxpkg文件解密(非解包)
252 stars 58 forks source link

使用way2 解密失败 #3

Closed ekko-zhao closed 2 years ago

ekko-zhao commented 2 years ago

小程序:亲宝宝 frida:15.1.3 image 大佬帮忙看看吧

ekko-zhao commented 2 years ago

微信版本号:3.4.1

TinyNiko commented 2 years ago

收到,晚点我排查一下

TinyNiko commented 2 years ago

我用的3.5.5 的版本,测试了一下这个app 可以正常的解密并写文件。 我猜测应该是小程序的路径不对导致的,比如正常的path是 var path = "/Users/xxx/Library/Group Containers/xxxx.com.tencent.xinWeChat/Library/Caches/xinWeChat/xxxxxxx/WeApp/LocalCache/release/wxbd0da7ae0808ff3c/13.wxapkg"; , 如果路径不对, 我这边也会出现上面的错误

LuCatIsFun commented 2 years ago

不要以"~/Library/"这种方式写,而是需要用绝对路径"/Users/你的用户名/Library/" 另外别忘了改输出位置

halohsu commented 1 year ago
➜  mac_wxapkg_decrypt git:(main) ✗ sudo frida 1093 -l _agent.js
Password:
     ____
    / _  |   Frida 16.0.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

Error: Operation not permitted
    at <anonymous> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:22)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:27)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)
TobyXi1997 commented 1 year ago
image

我这边Mac 使用sudo 去解密的时候 无法获取进程权限,已经使用了sudo ,Mac M2

TinyNiko commented 1 year ago

比较简单的方法是先用frida ,不带 -l 看看能不能正常attach, 如果不行,需要找frida 官方的人反馈一下了