新版本 contact_user_by_net 获取的v3 v4 token与预期不符

ttttupup / wxhelper

Hook WeChat / 微信逆向

MIT License

2.17k stars 592 forks source link

新版本 contact_user_by_net 获取的v3 v4 token与预期不符 #97

Closed ha1c9on closed 1 year ago

ha1c9on commented 1 year ago

预期应该是下面的v3 v4 实际获取的v2 v3 v3是自己wxid v2的wxid不知道是谁

ha1c9on commented 1 year ago

打印了下 userinfo address 下的相关内存 1746151684 295055968 11 11 0 0 373567848 19 19 0 0 368792400 144 144 0 0 0 0 0 0 0 0 1745103548 0 137564230 0 373567560 19 19 0 0 295056672 11 11 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 375419696 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 373568328 19 19 0 0 373568376 19 19 0 0 0 0 0 0 0 0 0 0 0 0 368796456 144 144 0 0 368800512 146 146 0 0 0 0 0 0 0 15 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 295057184 11 11 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3774877184 268435625 0 0 0 0 似乎没发现有关偏移这里是结构体变了吗

ttttupup commented 1 year ago

哪个接口

ha1c9on commented 1 year ago

哪个接口

case WECHAT_CONTACT_SEARCH_BY_NET: {
  wstring keyword = GetWStringParam(j_param, "keyword");
  UserInfo *user = nullptr;
  int success = g_context.misc_mgr->SearchContactNetScene(WS2LPWS(keyword), &user);
  json ret_data = {{"code", success}, {"result", "OK"}};
  if (user) {
    json info = {
        {"bigImage",  Utils::WCharToUTF8(user->big_image)},
        {"smallImage",  Utils::WCharToUTF8(user->small_image)},
        {"city",  Utils::WCharToUTF8(user->city)},
        {"nation",  Utils::WCharToUTF8(user->nation)},
        {"nickname",  Utils::WCharToUTF8(user->nickname)},
        {"province",  Utils::WCharToUTF8(user->province)},
        {"sex", user->sex},
        {"signature",  Utils::WCharToUTF8(user->signature)},
        {"v2",  Utils::WCharToUTF8(user->v2)},
        {"v3",  Utils::WCharToUTF8(user->v3)},
    };
    ret_data["userInfo"] = info;
  }
  ret = ret_data.dump();
  break;
}

ttttupup commented 1 year ago

意思是返回的结果是错误的或者错乱了？

ha1c9on commented 1 year ago

应该是错误的我的v2 返回的不知道是哪位的wxid v3实际上应该是 "v3": "v3_020b3826fd030100000000003e3731b8e53d42000000501ea9a3dba12f95f6b60a0536a1adb6a5fe833159e36adbba153c1664c8893xxxxxxxx",

ttttupup commented 1 year ago

这个我也不知道，查好友的这2个都是明文，查陌生人才会出现v3

ttttupup commented 1 year ago

看了一下，如果是好友的话这个结构体会变，有时间了修复一下

ha1c9on commented 1 year ago

刚刚测试了一下非好友V3可以拿到 V4拿不到结构体里也没定义看内存里也没有长度长的像v4的 len(v4) = 254

ha1c9on commented 1 year ago

刚刚测试了一下非好友V3可以拿到 V4拿不到结构体里也没定义看内存里也没有长度长的像v4的 len(v4) = 254

在address后面打印了0x1000的内存长度没有 len(v4) = 254

ttttupup commented 1 year ago

有几个值和ui操作结果不一样，不稳定，已经屏蔽了