解密微信图片

玉兰 • 2020-01-20 07:37 • 技术文章

寻找最新的图片文件，30分钟内修改过的文件

find ./ -mmin -30

找到后进入相应的文件夹，保存以下代码为WechatImageDecoder.py文件

#!/usr/bin/env python
# zhangxiaoyang.hit[at]gmail.com

import re

class WechatImageDecoder:
    def __init__(self, dat_file):
        dat_file = dat_file.lower()

        decoder = self._match_decoder(dat_file)
        decoder(dat_file)

    def _match_decoder(self, dat_file):
        decoders = {
            r'.+/.dat$': self._decode_pc_dat,
            r'cache/.data/./d+$': self._decode_android_dat,
            None: self._decode_unknown_dat,
        }

        for k, v in decoders.items():
            if k is not None and re.match(k, dat_file):
                return v
        return decoders[None]

    def _decode_pc_dat(self, dat_file):
        
        def do_magic(header_code, buf):
            return header_code ^ list(buf)[0] if buf else 0x00
        
        def decode(magic, buf):
            return bytearray([b ^ magic for b in list(buf)])
            
        def guess_encoding(buf):
            headers = {
                'jpg': (0xff, 0xd8),
                'png': (0x89, 0x50),
                'gif': (0x47, 0x49),
            }
            for encoding in headers:
                header_code, check_code = headers[encoding] 
                magic = do_magic(header_code, buf)
                _, code = decode(magic, buf[:2])
                if check_code == code:
                    return (encoding, magic)
            print('Decode failed')
            sys.exit(1) 

        with open(dat_file, 'rb') as f:
            buf = bytearray(f.read())
        file_type, magic = guess_encoding(buf)

        img_file = re.sub(r'.dat$', '.' + file_type, dat_file)
        with open(img_file, 'wb') as f:
            new_buf = decode(magic, buf)
            f.write(new_buf)

    def _decode_android_dat(self, dat_file):
        with open(dat_file, 'rb') as f:
            buf = f.read()

        last_index = 0
        for i, m in enumerate(re.finditer(b'/xff/xd8/xff/xe0/x00/x10/x4a/x46', buf)):
            if m.start() == 0:
                continue

            imgfile = '%s_%d.jpg' % (dat_file, i)
            with open(imgfile, 'wb') as f:
                f.write(buf[last_index: m.start()])
            last_index = m.start()

    def _decode_unknown_dat(self, dat_file):
        raise Exception('Unknown file type')


if __name__ == '__main__':
    import sys
    if len(sys.argv) != 2:
        print('/n'.join([
            'Usage:',
            '  python WechatImageDecoder.py [dat_file]',
            '',
            'Example:',
            '  # PC:',
            '  python WechatImageDecoder.py 1234567890.dat',
            '',
            '  # Android:',
            '  python WechatImageDecoder.py cache.data.10'
        ]))
        sys.exit(1)

    _,  dat_file = sys.argv[:2]
    try:
        WechatImageDecoder(dat_file)
    except Exception as e:
        print(e)
        sys.exit(1)
    sys.exit(0)

保存后执行命令

python WechatImageDecoder.py 某图文件名一般32个字符.dat

如需解密整个目录的图片文件

for i in `ls | grep .dat`; do python WechatImageDecoder.py $i; done;

参考链接 Github

版权声明：
作者：玉兰
链接：https://www.techfm.club/p/1040.html
来源：TechFM
文章版权归作者所有，未经允许请勿转载。

THE END

二维码

unlock-music：支持解密网易云/QQ音乐的加密文件和ID3信息补全

< <上一篇

Rider 调试 Unity 客户端

下一篇>>

搜索内容

解密微信图片

取消回复

共有 0 条评论

Ads