Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

使用way1没有出现报错也没有出现key #9

Closed
ruthless2012 opened this issue Apr 26, 2023 · 3 comments
Closed

使用way1没有出现报错也没有出现key #9

ruthless2012 opened this issue Apr 26, 2023 · 3 comments

Comments

@ruthless2012
Copy link

macos 13.3.1 Intel 关闭了SIP
frida 15.2.2
微信 3.7.0

查看PID

~/Downloads/mac_wxapkg_decrypt-main » ps -ef | grep Mini                                      130 ↵
  501  2598     1   0  3:03下午 ??         0:04.59 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3474     1   0  3:32下午 ??         0:01.11 /Applications/WeChat.app/Contents/MacOS/Mini Program.app/Contents/MacOS/Mini Program
  501  3589   979   0  3:39下午 ttys002    0:00.00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox Mini

启动frida

~/Downloads/mac_wxapkg_decrypt-main » sudo frida 3474 -l _agent.js
Password:
     ____
    / _  |   Frida 15.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

[Local::PID::3474 ]->
[Local::PID::3474 ]-> exit

Thank you for using Frida!

没有出现Attaching,也没有报错
@TinyNiko
Copy link
Owner

需要hook 的是wechat 进程,不是小程序进程。 小程序进程起来的时候, 解密应该已经完成了

1 similar comment
@TinyNiko
Copy link
Owner

需要hook 的是wechat 进程,不是小程序进程。 小程序进程起来的时候, 解密应该已经完成了

@ruthless2012
Copy link
Author

我明白了,是在hook对应的pid之后再去打开小程序,然后就正常出现key了,谢谢大佬!

~/Downloads/mac_wxapkg_decrypt-main » frida 6274 -l _agent.js
     ____
    / _  |   Frida 15.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)

[Local::PID::6274 ]->            0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
00000000  27 76 09 33 7a 88 4a 5c ae 13 ab c2 a9 01 0e ea  'v.3z.J\........
00000010  ee e0 76 80 88 69 48 42 8e c6 91 94 49 12 24 8c  ..v..iHB....I.$.
           0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  0123456789ABCDEF
00000000  27 76 09 33 7a 88 4a 5c ae 13 ab c2 a9 01 0e ea  'v.3z.J\........
00000010  ee e0 76 80 88 69 48 42 8e c6 91 94 49 12 24 8c  ..v..iHB....I.$.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TinyNiko @ruthless2012