学习研究经历:
mmtls详解 一定要反复详细阅读
https://mp.weixin.qq.com/s?__biz=MzAwNDY1ODY2OQ==&mid=2649286266&idx=1&sn=f5d049033e251cccc22e163532355ddf&scene=0&key=b28b03434249256b2a5d4fdf323a185a798eaf972317ca3a47ef060d35c5cd8a4ae35715466d5bb5a558e424d20bef6c&ascene=0&uin=Mjc3OTU3Nzk1&devicetype=iMac+MacBookPro10%2C1+OSX+OSX+10.10.5+build%2814F1713%29&version=11020201&pass_ticket=8lpzOjRJO3IS%2BmKcvsqRN%2FlzlWyR2q2fmKv15GKO2PPYAKDGPXDhyfntueC4bIod
看雪微信mmtls分析
https://bbs.pediy.com/thread-257942.htm
AES - 了解原理即可
https://www.jianshu.com/p/79a225c2650e
https://blog.csdn.net/liangjisheng/article/details/79627770
HKDF算法分析 细读
https://www.cnblogs.com/foxclever/p/8642865.html
sha256算法
https://github.com/monkeyDemon/Blockchain-programming-exercises/blob/master/1.Blockchain%20basic%20exercises/2.Cryptography%20and%20security%20technology/SHA256/C%20Code/sha256.c
---
工具
OD 动态调试
IDA 静态分析
LE-log hook日志打印
--------------------
其他资料参考
源码地址
https://github.com/Tencent/mars
Mars 开发文档
https://www.bookstack.cn/read/mars/README.md
mmtls介绍
https://mp.weixin.qq.com/s?__biz=MzAwNDY1ODY2OQ==&mid=2649286266&idx=1&sn=f5d049033e251cccc22e163532355ddf&scene=0&key=b28b03434249256b2a5d4fdf323a185a798eaf972317ca3a47ef060d35c5cd8a4ae35715466d5bb5a558e424d20bef6c&ascene=0&uin=Mjc3OTU3Nzk1&devicetype=iMac+MacBookPro10%2C1+OSX+OSX+10.10.5+build%2814F1713%29&version=11020201&pass_ticket=8lpzOjRJO3IS%2BmKcvsqRN%2FlzlWyR2q2fmKv15GKO2PPYAKDGPXDhyfntueC4bIod
微信技术文章
https://github.com/WeMobileDev/article
公司能不能监控到微信聊天?
https://m.sohu.com/a/342143755_466846/
使用wireshark抓包软件分析微信协议--zucc
https://blog.csdn.net/sos768/article/details/91147566?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task
微信安卓协议分析笔记
http://www.voidcn.com/article/p-suqntmmu-bsc.html
https://blog.csdn.net/qq_21051503/article/details/79746742
微信协议小结
https://blog.csdn.net/flyforqie/article/details/22847545
微信协议简单调研笔记
https://blog.csdn.net/threadroc/article/details/37888245?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task
微信端口及协议分析
https://blog.csdn.net/supermig/article/details/49358171
微信安卓协议分析笔记(高清长图)
https://blog.csdn.net/yy405145590/article/details/79963999
微信协议分析 pc端记录
https://blog.csdn.net/liutianheng654/article/details/83014010
Hook dll中导出函数
https://blog.csdn.net/liutianheng654/article/details/83547078
微信mars学习笔记
https://blog.csdn.net/chwnpp2/article/details/75287738?depth_1-utm_source=distribute.pc_relevant.none-task&utm_source=distribute.pc_relevant.none-task
开源的微信Mars案例MicroChat参考学习小结[第一篇]
https://www.icefox.org/2018/01/10/%e5%bc%80%e6%ba%90%e7%9a%84%e5%be%ae%e4%bf%a1mars%e6%a1%88%e4%be%8bmicrochat%e5%8f%82%e8%80%83%e5%ad%a6%e4%b9%a0%e5%b0%8f%e7%bb%93/
开源的微信Mars案例MicroChat参考学习小结[第二篇](含Release下载)
https://www.icefox.org/2018/01/10/%e5%bc%80%e6%ba%90%e7%9a%84%e5%be%ae%e4%bf%a1mars%e6%a1%88%e4%be%8bmicrochat%e5%8f%82%e8%80%83%e5%ad%a6%e4%b9%a0%e5%b0%8f%e7%bb%93%e7%ac%ac%e4%ba%8c%e7%af%87%e5%90%abrelease%e4%b8%8b%e8%bd%bd/
MicroChat 微信安卓通信协议学习
https://github.com/h4dex/MicroChat
[原创]关于微信聊天机器人的半hook半协议研究
https://bbs.pediy.com/thread-248389.htm
[原创]mmtls的分析研究与总结
https://bbs.pediy.com/thread-257942.htm
微信mmtls协议归纳和演示
https://github.com/leafzz/mmtls-demo/tree/master/mmtls_demo
微信多平台低版本漏洞之MMTLS绕过PC也能抢红包
https://www.freebuf.com/vuls/193984.html
如何愉快地在Mac上刷朋友圈
https://docs.ioin.in/writeup/iosre.com/_t_mac_7014/index.html
IOS逆向-微信(6.6.0)砸壳和重签名
https://www.jianshu.com/p/4d726a0b9f9e
公司能不能监控到微信聊天?
https://www.myncic.com/archives/4213
逆向微信的一些结论
https://ifconfiger.com/articles/reverse-engineering-on-wechat
漫谈网络通讯加密(2)握手流程设计
https://www.qiujiawei.com/crypto-2/
Wyman的原创技术博客
https://www.qiujiawei.com/
微信交互数据包分析
https://www.right.com.cn/forum/thread-251485-1-1.html
长链接 mmtls 协议数据分析 发送包:
第一次ECDH生成:公钥:04 34 43 17 C1 91 36 B2 EF 83 47 07 69 34 D4 4E CA 9E EB 86 60 81 B1 D1 F8 19 FB A9 62 58 92 D2 09 19 54 F3 07 96 82 46 28 8B 2A EC 96 54 69 87 30 DB 06 D8 82 BC 6E C0 05 C1 43 CD 39 44 C8 14 59
私钥:30 77 02 01 01 04 20 5C 60 1F C9 B0 22 EF E7 CA EB 22 8A 62 72 07 AD 7D E3 CB 1C C9 A2 9A 2D 9D 61 FE 22 9D 98 77 9F A0 0A 06 08 2A 86 48 CE 3D 03 01 07 A1 44 03 42 00 04 34 43 17 C1 91 36 B2 EF 83 47 07 69 34 D4 4E CA 9E EB 86 60 81 B1 D1 F8 19 FB A9 62 58 92 D2 09 19 54 F3 07 96 82 46 28 8B 2A EC 96 54 69 87 30 DB 06 D8 82 BC 6E C0 05 C1 43 CD 39 44 C8 14 59
第二次ECDH生成:公钥:04 1E 6F 36 56 E0 83 A4 4D F5 F8 14 D7 B1 1C E4 36 E7 7F 9E A1 39 BC C8 FE A7 E9 92 B9 90 11 3D 5A 0C 66 3A 40 40 2E CE 0D A6 DE 8C 16 AC B4 CF 17 2D 1C A1 A1 F4 30 EE 3A 8D 87 75 49 73 6A 24 B6
私钥:30 77 02 01 01 04 20 77 3B DA DF CB C3 69 AA AD E3 55 FB C4 07 57 61 20 E4 70 80 7F 27 AB 53 69 70 19 DD D9 28 94 B2 A0 0A 06 08 2A 86 48 CE 3D 03 01 07 A1 44 03 42 00 04 1E 6F 36 56 E0 83 A4 4D F5 F8 14 D7 B1 1C E4 36 E7 7F 9E A1 39 BC C8 FE A7 E9 92 B9 90 11 3D 5A 0C 66 3A 40 40 2E CE 0D A6 DE 8C 16 AC B4 CF 17 2D 1C A1 A1 F4 30 EE 3A 8D 87 75 49 73 6A 24 B6B0
数据包
-------
16 F1 03 01 65
00 00 01 61
01 03 F1 02 C0 2B 00 A8 //固定
A2 15 2A 64 62 7E 94 9D 78 0B CD 1A B0 54 3A 9A
64 7D 75 E3 DA 93 12 2B 0F BD 10 2F FA 25 2C 1F
5F 71 70 F9 //时间戳
00 00 01 31
02
00 00 00 8B
00 0F
01
00 00 00 84
02
00 27 8D 00
00 00 00 00
//GCM 解密而来 这是上次服务器返回的+hkdf扩展
00 3A
00 0C 96 26 6F 12 62 97 64 1C 3B F2 CA 92 00 69
98 11 3C F5 D3 63 8D 8D 79 94 2E 5C 01 EC 3D 55
7A 84 AD 40 33 18 D5 42 9B FC 19 B1 7B 7C 88 47
38 43 6F C9 65 A8 79 72 19 41 21 F1 F7 C7 3A 4D
A8 17 EB FC FF 94 A0 8F 0C 46 6B 94 00 B7 0B 5E
69 87 4F 55 74 63 36 A9 0E B7 46 F3 69 2C C2 EC
63 88 A0 7C 20 D3 4E 67 5A 0F E0 7E 5A E7 36 D0
34 44 43 FF B4 5C DD 3E 64
00 00 00 9D
00 10
02
00 00 00 47
00 00 00 01
00 41 //公钥1
04 34 43 17 C1 91 36 B2 EF 83 47 07 69 34 D4 4E
CA 9E EB 86 60 81 B1 D1 F8 19 FB A9 62 58 92 D2
09 19 54 F3 07 96 82 46 28 8B 2A EC 96 54 69 87
30 DB 06 D8 82 BC 6E C0 05 C1 43 CD 39 44 C8 14
59
00 00 00 47
00 00 00 02
00 41 //公钥2
04 1E 6F 36 56 E0 83 A4 4D F5 F8 14 D7 B1 1C E4
36 E7 7F 9E A1 39 BC C8 FE A7 E9 92 B9 90 11 3D
5A 0C 66 3A 40 40 2E CE 0D A6 DE 8C 16 AC B4 CF
17 2D 1C A1 A1 F4 30 EE 3A 8D 87 75 49 73 6A 24
B6
00 00 00 01//尾部
后续数据包分析 可自行阅读以上资料
简单成品
:
东西都不难 就是需要大把大把的时间!如违规,请联系删除即可
------------------
尝试改变一下设备 可以保持 Ipad 或Mac 在线
说明pc底层协议都是一样的只不多WinPC屏蔽了太多功能了
-------
逆了一下MacOS的数据包 把重要的CCD明文贴一下 供参考
<clientCheckData>
<fileSafeAPI>no</fileSafeAPI>
<dylibSafeAPI>no</dylibSafeAPI>
<OSVersion>10.15.5</OSVersion>
<model>VMware7,1</model>
<coreCount>3</coreCount>
<bundleID>com.tencent.xinWeChat</bundleID>
<device>x86_64</device>
<displayName>微信</displayName>
<version>302317586</version>
<plistVersion>0</plistVersion>
<USBState>0</USBState>
<dibs>00:0c:29:e8:a4:96</dibs>
<HasSIMCard>2</HasSIMCard>
<languageNum>zh</languageNum>
<localeCountry>CN</localeCountry>
<isInCalling>2</isInCalling>
<weChatUUID>/Users/lemon/Library/Containers/com.tencent.xinWeChat/Data/Documents</weChatUUID>
<AppState>0</AppState>
<encryptStatusOfMachO>0</encryptStatusOfMachO>
<md5OfMachOHeader>bc095c1f40d07b03a65427be907b6857</md5OfMachOHeader>
<md5OfMachOFile>8a2c954afc2b8c02c4adf396201485a2</md5OfMachOFile>
<weChatUUID>7FA221C7-C397-3213-A5B6-27B171DDC033</weChatUUID>
<dylibInfo>
<i>
<s>/Applications/WeChat.app/Contents/MacOS/WeChat</s>
<u>7FA221C7-C397-3213-A5B6-27B171DDC033</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/Sparkle.framework/Versions/A/Sparkle</s>
<u>50C08D08-2F05-3F4A-A50C-46CE14FD6420</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/WCDB.framework/Versions/A/WCDB</s>
<u>DE06449F-CA4F-3202-AB0F-1BBF2A68BF27</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/MMLibHooks.framework/Versions/A/MMLibHooks</s>
<u>C682C320-AF55-3CAF-B8D5-C496284B61C5</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/CocoaLumberjack.framework/Versions/A/CocoaLumberjack</s>
<u>6BDB40E8-05DA-32DE-8C81-37632C48E80B</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/AFNetworking.framework/Versions/A/AFNetworking</s>
<u>BDD10371-3F15-3EF9-A0A7-E80EAC53ADF6</u>
</i>
<i>
<s>/Applications/WeChat.app/Contents/Frameworks/matrixreport.framework/Versions/A/matrixreport</s>
<u>2586BD60-1797-3862-B461-CA38A7E71FAA</u>
</i>
</dylibInfo>
</clientCheckData>
<ccdcc>751848392</ccdcc>
<ccdts>1605890861</ccdts>