将微信卸载重装,或者清空所有小程序后,重新加载要分析的小程序,
在/data/data/com.tencent.mm/MicroMsg/appbrand目录下搜索wxapkg会得到所在目录,导出即可。
wxapkg 文件的数据格式分成三个部分:
第一部分:文件的前 6 字节为 V1MMWX;
第二部分:之后的 1024 字节为 AES CBC 加密数据;
第三部分:从 1024+6 之后的所有数据为异或加密的数据。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
__author__
=
'行简'
import
sys, os
import
struct
class
WxapkgFile(
object
):
nameLen
=
0
name
=
""
offset
=
0
size
=
0
def
main(dir_path):
with
open
(dir_path,
"rb"
) as f:
root
=
os.path.dirname(os.path.realpath(f.name))
name
=
os.path.basename(f.name)
+
'_dir'
if
len
(sys.argv) >
2
:
name
=
sys.argv[
2
]
firstMark
=
struct.unpack(
'B'
, f.read(
1
))[
0
]
print
(
'first header mark = {}'
.
format
(firstMark))
info1
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
print
(
'info1 = {}'
.
format
(info1))
indexInfoLength
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
print
(
'indexInfoLength = {}'
.
format
(indexInfoLength))
bodyInfoLength
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
print
(
'bodyInfoLength = {}'
.
format
(bodyInfoLength))
lastMark
=
struct.unpack(
'B'
, f.read(
1
))[
0
]
print
(
'last header mark = {}'
.
format
(lastMark))
if
firstMark !
=
0xBE
or
lastMark !
=
0xED
:
print
(
'its not a wxapkg file!!!!!'
)
f.close()
exit()
fileCount
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
print
(
'fileCount = {}'
.
format
(fileCount))
fileList
=
[]
for
i
in
range
(fileCount):
data
=
WxapkgFile()
data.nameLen
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
data.name
=
f.read(data.nameLen)
data.offset
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
data.size
=
struct.unpack(
'>L'
, f.read(
4
))[
0
]
print
(
'readFile = {} at Offset = {}'
.
format
(
str
(data.name, encoding
=
"utf-8"
), data.offset))
fileList.append(data)
for
d
in
fileList:
d.name
=
'/'
+
name
+
str
(d.name, encoding
=
"utf-8"
)
path
=
root
+
os.path.dirname(d.name)
if
not
os.path.exists(path):
os.makedirs(path)
w
=
open
(root
+
d.name,
'wb'
)
f.seek(d.offset)
w.write(f.read(d.size))
w.close()
print
(
'writeFile = {}{}'
.
format
(root, d.name))
f.close()
if
__name__
=
=
'__main__'
:
dir_path
=
r
'xxxx'
main(dir_path)