search

TinyNiko / mac_wxapkg_decrypt

mac 端wxpkg文件解密(非解包)
252 stars 58 forks source link

Error: Operation not permitted #7

Closed halohsu closed 1 year ago

halohsu commented 1 year ago

关闭了 SIP Python 3 Node v18.x Frida 16.0.11 用的第二种方式:

// way 1
// var account = ObjC.classes.AccountService['- GetEncryptKey'];
// Interceptor.attach(account.implementation, {
//   onLeave: function onLeave(ret) {
//     var keyobj = new ObjC.Object(ret);
//     var key = keyobj.bytes().readByteArray(keyobj.length());
//     console.log(hexdump(key)); // the first 16 bytes is aes key
//   }
// });

// way 2
var wadecrypt = ObjC.classes.WAPkgEncryptUtil['+ pkgDecrypt:'];
// // TODO fix path
var path = "/Users/bluemiaomiao/Library/Group Containers/5A4RE8SF68.com.tencent.xinWeChat/Library/Caches/xinWeChat/a0e1cb1856364ecce1b4f5a49bdf55e8/WeApp/LocalCache/release/wx16b266d88f279965/15.wxapkg";
var wxpath = ObjC.classes.NSString.stringWithUTF8String_(Memory.allocUtf8String(path));
var decryptdata = ObjC.classes.WAPkgEncryptUtil.pkgDecrypt_(wxpath);
var filedata = decryptdata.bytes().readByteArray(decryptdata.length());
// // TODO fix path
var file = new File("/Users/bluemiaomiao/Developer/15c.wxapkg", "wb");
file.write(filedata);
file.close();
console.log("write file done");

},{}]},{},[1])

报错了:

➜  mac_wxapkg_decrypt git:(main) ✗ sudo frida 1093 -l _agent.js
Password:
     ____
    / _  |   Frida 16.0.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

Error: Operation not permitted
    at <anonymous> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:22)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/Users/bluemiaomiao/Developer/mac_wxapkg_decrypt/_agent.js:27)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)
[Local::PID::1093 ]-> quit

Thank you for using Frida!
gzdlqq commented 1 year ago

node v14.20.0

Error: Operation not permitted
    at <anonymous> (/Volumes/work/neobio/test/mac_wxapkg_decrypt/_agent.js:22)
    at call (native)
    at o (node_modules/browser-pack/_prelude.js:1)
    at r (node_modules/browser-pack/_prelude.js:1)
    at <eval> (/Volumes/work/neobio/test/mac_wxapkg_decrypt/_agent.js:27)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)

同样的报错

TinyNiko commented 1 year ago

// // TODO fix path var file = new File("/Users/bluemiaomiao/Developer/15c.wxapkg", "wb");

这个路径得是/Users/bluemiaomiao/Library/Group Containers/5A4RE8SF68.com.tencent.xinWeChat/Library/Caches/xinWeChat/a0e1cb1856364ecce1b4f5a49bdf55e8/WeApp/LocalCache/release/wx16b266d88f279965/

主要还是读写权限问题