dzming.li / wxdump-linux
解锁并提取Linux客户端微信数据库 (vibe coded)
fork atom
wxdump-linux / wxdump_linux / wx_core / utils / common_utils.py
at 37 lines 1.2 kB view raw
1# -*- coding: utf-8 -*-# 2import hmac 3import hashlib 4from ._loger import wx_core_loger 5 6 7def wx_core_error(func): 8 def wrapper(*args, **kwargs): 9 try: 10 return func(*args, **kwargs) 11 except Exception as e: 12 wx_core_loger.error(f"wx_core_error: {e}", exc_info=True) 13 return None 14 return wrapper 15 16 17def verify_raw_key(enc_key_hex: str, wx_db_path: str) -> bool: 18 """ 19 验证从进程内存提取的 raw key (已派生,无需 PBKDF2)。 20 SQLCipher 4: AES-256-CBC, HMAC-SHA512, page=4096, reserve=80 (16 IV + 64 HMAC) 21 """ 22 KEY_SIZE = 32 23 DEFAULT_PAGESIZE = 4096 24 HMAC_SIZE = 64 25 try: 26 enc_key = bytes.fromhex(enc_key_hex) 27 with open(wx_db_path, "rb") as file: 28 blist = file.read(DEFAULT_PAGESIZE + 100) 29 salt = blist[:16] 30 first = blist[16:DEFAULT_PAGESIZE] 31 mac_salt = bytes([(salt[i] ^ 58) for i in range(16)]) 32 mac_key = hashlib.pbkdf2_hmac("sha512", enc_key, mac_salt, 2, KEY_SIZE) 33 hash_mac = hmac.new(mac_key, first[:-HMAC_SIZE], hashlib.sha512) 34 hash_mac.update(b'\x01\x00\x00\x00') 35 return hash_mac.digest() == first[-HMAC_SIZE:] 36 except Exception: 37 return False