Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what is the processing method of decrypting WeChat Mini Programs packet on the PC side of node.js". In the daily operation, I believe that many people have doubts about the handling method of WeChat Mini Programs packet decryption on the PC side of node.js. The editor consulted all kinds of materials and sorted out a simple and useful operation method. I hope it will be helpful for you to answer the question of "what is the processing method of decrypting WeChat Mini Programs package on PC in node.js?" Next, please follow the editor to study!

WeChat Mini Programs is encrypted and stored on the PC side. If you open it directly, you can't see any useful information. You need to decrypt it before you can see the specific contents of the package. This paper uses nodejs to realize the decryption algorithm, which mainly involves the use of three packets: crypto, commander and chalk.

Where is the source code of Mini Program?

Mini Program opened on PC will be cached to the default save location of local Wechat file, which can be viewed in Wechat PC = > more = > settings:

Go to the / WeChat Files/WeChat Files/Applet folder under the default save location, and you can see a series of files prefixed with wx (the file name is actually the appid of Mini Program). These are the Mini Program we opened:

Go to one of the Mini Program folders and we can see a folder with the name of a string of numbers. Click in this folder and you will see a _ _ APP__.wxapkg file, which is the code corresponding to Mini Program:

However, when we open this file, we find that it looks like this:

WTF, you can see that. Obviously, this file is encrypted and needs to be decrypted to see what we want to see.

How is Mini Program encrypted on PC?

Here we refer to the decryption code of wxapkg on PC written by a boss in GE language. To sort it out, the encryption process goes like this:

First, the plaintext code is divided into two at 1024 bytes, the first half is encrypted with AES in CBC mode, and the second half is directly XOR. Finally, the encrypted two sections are concatenated and a fixed string is written at the beginning: "V1MMWX".

So, what we see when we open the _ _ APP__.wxapkg file is the encrypted code, which needs to be pushed back step by step from back to front if we want to restore it.

Pretreatment of decryption ideas

We use node.js to write a decoding program. According to the above encryption process, we first read the encrypted file and remove the fixed string of the first 6 bytes. Since the number of bits before and after AES encryption is the same as that before and after XOR, we can get the encrypted header 1024 bytes and the encrypted trailing part:

Const fs = require ('fs'). Const buf = await fs.readFile (pkgsrc); / / read original Bufferconst bufHead = buf.slice (6, 1024 + 6); const bufTail = buf.slice (1024 + 6); encrypted header

To get the 1024-byte plaintext, we need to know the initial vector iv of AES encryption and a 32-bit key. Knowing that the 16-byte initial vector iv is the string "the iv: 16 bytes", we next need to calculate the 32-bit key derived by the pbkdf2 algorithm.

Pbkdf2 (Password-Based Key Derivation Function) is a function used to generate a key, which uses a pseudo-random function, takes the original password and salt as input, and iterates to get the key. In the crypto library, the pbkdf2 function looks like this:

Const crypto = require ('crypto');... Crypto.pbkdf2 (password, salt, iterations, keylen, digest, callback)

The parameters are: original password, salt value, number of iterations, key length, hash algorithm, callback function. It is known that salt is "saltiest", the original password is WeChat Mini Programs's id (that is, the name of the folder that begins with wx), the number of iterations is 1000, and the hashing algorithm is sha1. Therefore, we can write the code that calculates the key:

Crypto.pbkdf2 (wxid, salt, 1000, 32, 'sha1', (err, dk) = > {if (err) {/ / error} / / dk is the calculated key})

Now that we have the key and the initial vector iv, we can begin to decrypt the ciphertext. AES encryption algorithm is an asymmetric encryption algorithm, its key is divided into public key and only know the private key, anyone can use the public key to encrypt, but only the person who holds the private key decrypts the plaintext.

The encryption algorithm used by Mini Program is AES in CBC (Cipher Block Chaining) mode, that is, when it encrypts, it first divides the plaintext into blocks, then XOR each block with the previous encrypted ciphertext, and then uses the public key to encrypt the ciphertext of each block. For the first plaintext, because it does not exist the previous plaintext, it will be XOR with the initial vector iv, and then public key encryption. In implementation, we only need to call the decryption function provided by crypto.

We know that AES algorithms have AES128, AES192 and AES256 according to the length of the key. Looking back, our key is 32 bytes, or 256 bits, so obviously we should use AES256. To sum up, we can write the decryption code:

Const decipher = crypto.createDecipheriv ('aes-256-cbc', dk, iv); const originalHead = Buffer.alloc (1024, decipher.update (bufHead))

OriginalHead is the first 1024 bytes of plaintext we want. We can print it out and see:

Um... It's kind of interesting.

The encrypted tail part

This part is very simple. Because XOR is reflexive, you only need to simply judge the number of Mini Program id digits to get the XOR xorKey, and then XOR with the ciphertext, you can get the original text:

Const xorKey = wxid.length

< 2 ? 0x66 : wxid.charCodeAt(wxid.length - 2);const tail = [];for(let i = 0; i < bufTail.length; ++i){ tail.push(xorKey ^ bufTail[i]);}const originalTail = Buffer.from(tail); 将头部部分的明文与尾部部分的明文进行拼接，再以二进制形式写入文件，就可以得到最终的明文啦。 再漂亮点 根据上边的描述，我们可以把我们整个的解密过程封装成一个黑盒子： commander 我们可以使用commander库让程序直接从命令行读取小程序的id和密文包。commander是一个nodejs命令行界面的解决方案，可以很方便的定义自己的cli命令。比如说对于下面这一串代码： const program = require('commander');...program .command('decry [dst]') .description('解码PC端微信小程序包') .action((wxid, src, dst) =>

{wxmd (wxid, src, dst);}) program.version ('1.0.0') .usage ("decry [dst]") .parse (process.argv)

I defined a "decry [dst]" command where angle brackets represent required parameters and square brackets represent optional parameters. The description contains the description text of the command, and action executes the command. After the console executes the code using node, you can see the following interface:

So we can decrypt it by entering parameters according to the prompt. The Chinese documents for commander.js are here.

Chalk

To add a touch of color to our console, we can use chalk.js to beautify the output. The basic usage of chalk is also relatively simple:

Const chalk = require ('chalk');... Console.log (chalk.green ('green'))

In this way, we can fill in a touch of green on the black-and-white console to realize the dream for the giant panda:

In addition, we can also use es6's string tag template to make it easier to use chalk. Refer to the chalk official documentation for details.

At this point, the study on "what is the processing method of decrypting WeChat Mini Programs packet on the PC side of node.js" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.