Comments (94)
fine-1
commented on July 21, 2024
本人未修改该微信号,微信号为原始的wxid_
from pywxdump.
xaoyaoo
commented on July 21, 2024
您好,方便的话,提供一下系统版本,微信版本,python版本,运行脚本的命令
from pywxdump.
fine-1
commented on July 21, 2024
python get_base_addr.py --mobile “我的手机号” --name "我的昵称" --account ”wxid_我的用户“ --key 3aba38366d5d4593b06f054ece0f8c71416ad031e78349c99175ad754cd44c39
from pywxdump.
fine-1
commented on July 21, 2024
key是3.9.7.25获取到的,想要获取3.9.7.75版本的key
from pywxdump.
xaoyaoo
commented on July 21, 2024
如果你用3.9.7.25版本的微信,重新运行上面的命令,可以得到基址吗?
from pywxdump.
fine-1
commented on July 21, 2024
目前找基地址快疯掉了[哭笑不得]
from pywxdump.
fine-1
commented on July 21, 2024
如果你用3.9.7.25版本,重新运行上面的命令,可以得到基址吗?
可以
from pywxdump.
xaoyaoo
commented on July 21, 2024
我的微信更新不到3.9.7.75
from pywxdump.
fine-1
commented on July 21, 2024
不好意思说错了,是29的版本
from pywxdump.
fine-1
commented on July 21, 2024
不好意思说错了,是29的版本
就是最下面那个
from pywxdump.
fine-1
commented on July 21, 2024
不好意思说错了,是29的版本
就是最下面那个
最新版本的
from pywxdump.
xaoyaoo
commented on July 21, 2024
你把这个版本微信发我一下 [email protected]
from pywxdump.
fine-1
commented on July 21, 2024
好的,稍等
from pywxdump.
fine-1
commented on July 21, 2024
好的,稍等
已发送
from pywxdump.
xaoyaoo
commented on July 21, 2024
{'3.9.7.29': [63486984, 63488320, 63486792, 0, 63488256]} 我获取正常
from pywxdump.
fine-1
commented on July 21, 2024
emmmm,好吧,那我再去进一步尝试,感谢您的解答
from pywxdump.
xaoyaoo
commented on July 21, 2024
你可以直接用这个基址,然后使用get_wx_info.py这个文件看看能不能获取到用户名
from pywxdump.
fine-1
commented on July 21, 2024
嗯嗯,我正在卸载旧版本,安装最新版本
…------------------ 原始邮件 ------------------
发件人: ***@***.***>;
发送时间: 2023年10月7日(星期六) 晚上8:33
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [xaoyaoo/PyWxDump] 获取用户名失败 (Issue #6)
你可以直接用这个基址,然后使用get_wx_info.py这个文件看看能不能获取到用户名
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from pywxdump.
fine-1
commented on July 21, 2024
可以获取到的,请问您是用什么版本获取历史Key的呢?
from pywxdump.
xaoyaoo
commented on July 21, 2024
3.9.7.25,但是你这个为什么用户名没有获取到
from pywxdump.
fine-1
commented on July 21, 2024
不知道,这是我的运行情况,一直卡在这个页面【已回车】
from pywxdump.
xaoyaoo
commented on July 21, 2024
我完全无法复现这个问题,我不知道为什么卡住了
from pywxdump.
xaoyaoo
commented on July 21, 2024
我没有在代码中发现会死循环的地方
from pywxdump.
fine-1
commented on July 21, 2024
emmm,要不我尝试换win11的虚拟机测试吧。
from pywxdump.
fine-1
commented on July 21, 2024
emmm,要不我尝试换win11的虚拟机测试吧。
感谢您的解答,让我有了继续测试下去的动力,如果还有问题,望不吝赐教
from pywxdump.
xaoyaoo
commented on July 21, 2024
你会修改python代码吗?如果可以的话,你修改220行为下面的
print("start")
if len(self.mobile_addr) >= 1:
mobile_offset = self.calculate_offset(self.mobile_addr[0])
print("mobile_offset success")
if len(self.name_addr) >= 1:
name_offset = self.calculate_offset(self.name_addr[0])
print("name_offset success")
if len(self.account_addr) >= 1:
if len(self.account_addr) >= 2:
print("account_offset 1 success")
account_offset = self.calculate_offset(self.account_addr[1])
else:
print("account_offset 0 success")
account_offset = self.calculate_offset(self.account_addr[0])
print("account_offset success")
key_offset = self.calculate_offset(self.key_addr)
from pywxdump.
xaoyaoo
commented on July 21, 2024
接着你截图给我看看,我可以猜测一下哪个地方死循环了
from pywxdump.
fine-1
commented on July 21, 2024
好的
from pywxdump.
fine-1
commented on July 21, 2024
没有任何回显,情况同上
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
xaoyaoo
commented on July 21, 2024
def run(mobile, name, account, key):
proc_name = "WeChat.exe"
proc_module_name = "WeChatWin.dll"
pids = get_pid(proc_name)
print(pids)
for pid, proc in pids.items():
print(pid, proc)
ba = BaseAddr(pid, proc_module_name)
print(ba)
ba.search_memory_value(mobile, name, account)
ba.get_key_addr(key)
name_offset, account_offset, mobile_offset, _, key_offset = ba.get_offset()
rdata = {ba.version: [name_offset, account_offset, mobile_offset, 0, key_offset]}
return rdata
from pywxdump.
xaoyaoo
commented on July 21, 2024
修改一下这部分试试
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
稍等,我的微信掉了
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
情况如图
from pywxdump.
xaoyaoo
commented on July 21, 2024
def run(mobile, name, account, key):
proc_name = "WeChat.exe"
proc_module_name = "WeChatWin.dll"
pids = get_pid(proc_name)
for pid, proc in pids.items():
ba = BaseAddr(pid, proc_module_name)
ba.search_memory_value(mobile, name, account)
print("get key addr...")
ba.get_key_addr(key)
print("get offset...")
name_offset, account_offset, mobile_offset, _, key_offset = ba.get_offset()
print("name_offset: ", name_offset)
rdata = {ba.version: [name_offset, account_offset, mobile_offset, 0, key_offset]}
return rdata
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
xaoyaoo
commented on July 21, 2024
150行
"""
获取key的地址
:param key:
:return:
"""
key = bytes.fromhex(key)
module_start_addr = 34199871460642
module_end_addr = 0
print("search key addr...")
for module in self.proc.memory_maps(grouped=False):
if "WeChat" in module.path:
start_addr = int(module.addr, 16)
end_addr = start_addr + module.rss
if module_start_addr > start_addr:
module_start_addr = start_addr
if module_end_addr < end_addr:
module_end_addr = end_addr
print("module_start_addr: ", module_start_addr)
Handle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, self.pid)
array = ctypes.create_string_buffer(self.batch)
print("search key addr1...")
for i in range(module_start_addr, module_end_addr, self.batch):
if ctypes.windll.kernel32.ReadProcessMemory(Handle, ctypes.c_void_p(i), array, self.batch, None) == 0:
continue
hex_string = array.raw # 读取到的内存数据
if key in hex_string:
self.key_addr_tmp = i + hex_string.find(key)
break
print("search key addr2...")
array_key = []
for i in range(8):
byte_value = (self.key_addr_tmp >> (i * 8)) & 0xFF
hex_string = format(byte_value, '02x')
byte_obj = bytes.fromhex(hex_string)
array_key.append(byte_obj)
# 合并数组
array_key = b''.join(array_key)
print("search key addr3...")
array = ctypes.create_string_buffer(self.batch)
for i in range(self.base_address, self.end_address, self.batch):
if ctypes.windll.kernel32.ReadProcessMemory(Handle, ctypes.c_void_p(i), array, self.batch, None) == 0:
continue
hex_string = array.raw # 读取到的内存数据
if array_key in hex_string:
self.key_addr = i + hex_string.find(array_key)
return self.key_addr
print("search key addr4...")
from pywxdump.
xaoyaoo
commented on July 21, 2024
你的key mobile name account 是正确的吗?
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
是正确的
from pywxdump.
fine-1
commented on July 21, 2024
用get_wx_info和你提供的json的基地址能正常获取到key
from pywxdump.
xaoyaoo
commented on July 21, 2024
你的两个key是不一致的
from pywxdump.
fine-1
commented on July 21, 2024
8开头的是新版本的key,这个在你提供给我基地址之前不知道
from pywxdump.
fine-1
commented on July 21, 2024
3开头的是旧版本的(25版本)获取的Key
from pywxdump.
xaoyaoo
commented on July 21, 2024
不论是哪个版本,key应该是相等的
from pywxdump.
xaoyaoo
commented on July 21, 2024
你用8开头得试试
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
不论是哪个版本,key应该是相等的
这样的吗?
from pywxdump.
fine-1
commented on July 21, 2024
不论是哪个版本,key应该是相等的
这样的吗?
我切换低版本获取一下
from pywxdump.
fine-1
commented on July 21, 2024
不论是哪个版本,key应该是相等的
这样的吗?
我切换低版本获取一下
from pywxdump.
xaoyaoo
commented on July 21, 2024
好的
from pywxdump.
fine-1
commented on July 21, 2024
不论是哪个版本,key应该是相等的
这样的吗?
我切换低版本获取一下
是不一样的呢?
from pywxdump.
xaoyaoo
commented on July 21, 2024
你是在同一个设备吗
from pywxdump.
fine-1
commented on July 21, 2024
是的
from pywxdump.
xaoyaoo
commented on July 21, 2024
他不一样就很奇怪
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
同一个版本的登录是一样的
from pywxdump.
xaoyaoo
commented on July 21, 2024
你试试运行解密数据库的py脚本
decrypted文件夹下面decrypt.py
python decrypt.py --key ******** --db_path ./decrypted/decrypted.db --out_path ./decrypted/decrypted.db
数据库文件寻找微信文件夹下面,msg里面的db结尾的文件,试试哪个key可以解密
from pywxdump.
fine-1
commented on July 21, 2024
同一个版本的登录是一样的
补充一下这条评论的截图
from pywxdump.
fine-1
commented on July 21, 2024
同一个版本的登录是一样的
补充一下这条评论的截图
from pywxdump.
fine-1
commented on July 21, 2024
三个库都安装了,脚本的问题?我试着改一下。
from pywxdump.
xaoyaoo
commented on July 21, 2024
将from Cryptodome.Cipher import AES改为from Crypto.Cipher import AES
from pywxdump.
fine-1
commented on July 21, 2024
from pywxdump.
fine-1
commented on July 21, 2024
很明显只有当前版本的key可以
from pywxdump.
xaoyaoo
commented on July 21, 2024
哪个是可以的,从哪个版本获取到的是可以的
from pywxdump.
fine-1
commented on July 21, 2024
3.9.6.33版本通过get_wx_info脚本(已设置json)获取到的本版本的key可以解密,
from pywxdump.
xaoyaoo
commented on July 21, 2024
那就只有这个key在同一台设备,是不变的
from pywxdump.
fine-1
commented on July 21, 2024
你修改了用户名吗?
from pywxdump.
fine-1
commented on July 21, 2024
难道用初始的用户名(那个一年修改一次的)不行?
from pywxdump.
fine-1
commented on July 21, 2024
(暂时没改)改了就没有默认用户了
from pywxdump.
xaoyaoo
commented on July 21, 2024
用最新的用户名就行
点击头像,上面对应的是name下面对应的是account
from pywxdump.
fine-1
commented on July 21, 2024
你看,我没有修改用户名的就没有显示
from pywxdump.
fine-1
commented on July 21, 2024
但手机上显示了
from pywxdump.
xaoyaoo
commented on July 21, 2024
那设置里面可以看到微信号吗?
from pywxdump.
fine-1
commented on July 21, 2024
不可以
from pywxdump.
fine-1
commented on July 21, 2024
但手机上显示了
from pywxdump.
xaoyaoo
commented on July 21, 2024
可能是因为我改过微信号的原因,所以会显示吧
from pywxdump.
fine-1
commented on July 21, 2024
(⊙o⊙)?那我改下试试(跟随大佬的脚步)
from pywxdump.
xaoyaoo
commented on July 21, 2024
key和用户名是独立获取的
from pywxdump.
fine-1
commented on July 21, 2024
我发现每次卸载重装之后key都不一样(此时已经该了用户号了)
from pywxdump.
fine-1
commented on July 21, 2024
但是勾选了不清除历史数据就一样!!!!!!!!
from pywxdump.
xaoyaoo
commented on July 21, 2024
不会吧,你怎么重装的,这个key是用来解密数据库的,你是卸载干净后重装的吗?
from pywxdump.
fine-1
commented on July 21, 2024
好了,问题找到了。
from pywxdump.
fine-1
commented on July 21, 2024
不会吧,你怎么重装的,这个key是用来解密数据库的,你是卸载干净后重装的吗?
是的
from pywxdump.
xaoyaoo
commented on July 21, 2024
我就说呢,解密数据key,每次重装不一样,那就没法加载历史数据了。
from pywxdump.
fine-1
commented on July 21, 2024
感谢您陪我一直“嬉戏”,是我的问题
from pywxdump.
xaoyaoo
commented on July 21, 2024
我也发现了点微信的特性,共同进步
from pywxdump.
fine-1
commented on July 21, 2024
非常感谢您的耐心和解答[微笑]
from pywxdump.
Related Issues (20)
- 之前我看到过有利用这个库,做了ui界面的另一个项目,但是找不到了,请问有人知道吗? HOT 1
- 运行wxdump后在浏览器提示Internal Server Error是为什么? HOT 4
- 自动解密卡在99% HOT 3
- 大佬有希望实现对朋友圈内容的解密吗,想开发一个朋友圈的采集工具 HOT 1
- 现版本如何批量提取微信语音? HOT 1
- 使用问题 HOT 3
- 使用问题,使用之后如何再次查看聊天记录 HOT 1
- 早期版本下保存的WeChat Files,在微信中可以正常看到以往的数据,但解密数据库却没有信息 HOT 5
- 补充一些消息类型 HOT 4
- 在获取聊天记录的过程中,通过运行merge__db,py,获取了合并后的数据库解密结果-merge_all.db。但通过读取其中内容发现,只有一些以前的记录 HOT 2
- 微信群密码是多少 HOT 3
- 打包异常 HOT 2
- 实时解密数据库的功能如何使用?十分感谢! HOT 12
- 【建议】完善增强方案 HOT 1
- question HOT 1
- 解密的聊天记录能否再导入回微信中 HOT 1
- 企微号人名显示不出来 HOT 5
- 修改密码或移除登录设备能不能实现重置 key 或访问不到最新消息 HOT 1
- 有获取实时聊天记录的计划吗? HOT 2
- 我想咨询下这个合并数据的工具有源码吗 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pywxdump.