1
Target scene
I do not know you have not experienced, do not want to contact a long time to contact friends, find each other a long time ago you've deleted, but you know nothing about.
I believe that everyone in the address book of the micro-channel, there are some "zombie powder", they lay silent contact list, do you think the other party or friends, it is really too young, too naive; in fact, from the other side would have to friends list deleted, then how to filter out these people do?
It detected a large number of zombie powder of online tools, testing each time a friend in the micro-channel communication will send a recorded message to detect serious "bother" to each other; another part of the software at the time of detection, the virus will be implanted in some code, black-box operation seems very safe.
The purpose of this article is to automate micro letter App, through "transfer simulation to a Friend" to filter out all of the zombie powder, and a key to remove them.
2
Ready to work
Before you start writing scripts, do the following preparations
- Android phone or emulator after a Root, Root if no equipment is recommended Netease MuMu simulator
- Android development environment, Android Studio
- sqlcipher graphical tools
- Automated tools: Python is installed under the virtual environment pocoui
3
Scripting
The entire operation is divided into 3 steps, the micro-cracks are selected communication channel database catalog friends, friends to transfer analog data obtained zombie powder, remove all zombie powder.
The first step, we need to crack the micro-channel App database.
ps: Here is just a brief speech to crack process, like a key to crack the micro-channel address book data, you can skip this step and use APK end of the article provides.
First, we use Android Studio to create a new project, when the project initialization, grant applications administrator privileges, and modify the micro-channel access rights to.
//微信 App 的目录 public static final String WX_ROOT_PATH = "/data/data/com.tencent.mm/"; /** * 执行linux指令 * * @param paramString */ public static void execRootCmd(String paramString) { try { Process localProcess = Runtime.getRuntime().exec("su"); Object localObject = localProcess.getOutputStream(); DataOutputStream localDataOutputStream = new DataOutputStream((OutputStream) localObject); String str = String.valueOf(paramString); localObject = str + "\n"; localDataOutputStream.writeBytes((String) localObject); localDataOutputStream.flush(); localDataOutputStream.writeBytes("exit\n"); localDataOutputStream.flush(); localProcess.waitFor(); localObject = localProcess.exitValue(); } catch (Exception localException) { localException.printStackTrace(); } } //获取权限 RootUtils.execRootCmd("chmod 777 -R " + WX_ROOT_PATH);
Then, get micro-letter password database.
Password database is a micro-channel and micro-channel uid imei feed device through md5 algorithm generated.
/ ** * The imei and uin md5 code generation, access to the password database (prior to seven lowercase letters) * * @param imei * @param uin * @ return * / public static String getDbPassword (imei String, String uin ) { IF (TextUtils.isEmpty (IMEI) || TextUtils.isEmpty (UIN)) { Log.d ( " XAG " , " initialize the database password failed: uid empty or IMEI " ); return " password error " ; } String MD5 = MD5Utils.md5 (IMEI + UIN); Assert ! MD5 = null; returnmd5.substring (0,. 7 ) .toLowerCase (); } # the Python learning exchange group 631,441,315
Then, you can use SQLCipher dependent libraries to query the database of micro-channel, we need to add the following dependence for the project, easy to operate database.
// We need to increase reliance on project Implementation ' net.zetetic: Android-Database-sqlcipher: 3.5.4@aar '
Obtained above with a password to open an encrypted database and the query "rcontact" table for all friends of micro-signal contacts within the micro-channel, nickname, user name and other data.
/ ** * connected database * <P> * Common Library Introduction: [] contact rcontact table, table [message] message chat * * @param dbFile * / Private void openWxDb (File dbFile, String db_pwd) { // All Information people List <Business Card> = new new Contacts the ArrayList <> (); SQLiteDatabase.loadLibs (the this); SQLiteDatabaseHook Hook = new new SQLiteDatabaseHook () { public void prekey (the SQLiteDatabase Database) { } public void postKey (the SQLiteDatabase Database) { atabase.rawExecSQL ( " PRAGMA cipher_migrate; " ); //2.0 compatible database } }; the try { // Open Database Connectivity SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase (dbFile, db_pwd, null, Hook); // query all contacts // filter out himself, group chat, the public number, service number and some contacts // verifyFlag =! 0: public number, service number // Note blacklist users, I - settings - Privacy - contacts blacklist the Cursor c1 = db.rawQuery ( " the SELECT * from Rcontact = 0 and the WHERE verifyFlag type not in (2,4,8,9,33,35,256,258,512,2051,32768,32770,32776,33024,65536,65792,98304) and username not like \ "% @ app \" and username not like \ "% @qqim \ "and not like username \"% @ ChatRoom \ "and encryptUsername = \!" \ " " , null); while (c1.moveToNext()) { String userName = c1.getString(c1.getColumnIndex("username")); String alias = c1.getString(c1.getColumnIndex("alias")); String nickName = c1.getString(c1.getColumnIndex("nickname")); int type = c1.getInt(c1.getColumnIndex("type")); contacts.add(new Contact(userName, alias, nickName)); } Log.d("xag", "微信通讯录中,联系人数目:"Contacts.size + () + " th " ); for (int I = 0; I <contacts.size (); I ++ ) { Log.d ( " XAG " , contacts.get (I) .getNickName ()); } c1.close (); db.Close (); } the catch (Exception E) { Log.e ( " XAG " , " read the database information failed " + e.toString ()); Toast.makeText (the this, " reading the recorded micro-channel communication failure! " , Toast.LENGTH_SHORT) the .Show (); } Toast.makeText (the this, " read successful micro-channel address book! ", Toast.LENGTH_SHORT).show(); }
It should be noted that the data in the database table rcontact more messy, in addition to the normal data of friends, blacklist friends, friends deleted data, the public number, micro letters and other groups are also included, we need to be screened by type and verifyFlag field.
For ease of operation Python, and finally writes the data query to a friend csv file.
/*** * 写入数据到csv中 * @param output_path * @param contacts */ public static void writeCsvFile(String output_path, List<Contact> contacts) { try { File file = new File(output_path); //删除之前保存的文件 if (file.exists()) { file.delete(); } BufferedWriter bw = new BufferedWriter(new FileWriter(file, true)); // 添加头部名称 bw.write("userName" + "," + "alias" + "," + "nickName"); bw.newLine(); for (int i = 0; i < contacts.size(); i++) { bw.write(contacts.get(i).getUserName() + "," + contacts.get(i).getAlias() + "," + contacts.get(i).getNickName()); bw.newLine(); } bw.close(); } catch (IOException e) { e.printStackTrace(); } }
第 2 步,我们需要模拟给好友转账,来判断这个好友关系是否正常。
首先,我们需要初始化 Airtest,然后利用 adb 把第 1 步生成的数据从手机里导出到本地。
def __init_airtest(self): """ 初始化Airtest :return: """ device_1 = Android('822QEDTL225T7') # device_1 = Android('emulator-5554') connect_device("android:///") self.poco = AndroidUiautomationPoco(device_1, screenshot_each_action=False) auto_setup(__file__) def export_wx_db_from_phone(target_path): """ 从手机中导出通信录数据 :param target_path: :return: """ # 微信通信录数据 wx_db_source_path = "/data/data/com.xingag.crack_wx/wx_data.csv" # 导出到本地 os.popen('adb pull %s %s' % (wx_db_source_path, target_path))
然后就是一系列自动化操作。
打开微信,遍历好友列表,拿到每一个好友的微信号去搜索好友,跳转到好友的聊天界面。
def __to_friend_chat_page(self, weixin_id): """ 点击到一个好友的聊天界面 :param weixin_id: :param weixin_name: :return: """ # 1、点击搜索 element_search = self.__wait_for_element_exists(self.id_search) element_search.click() print('点击搜索') # 2、搜索框 element_search_input = self.__wait_for_element_exists(self.id_search_input) element_search_input.set_text(weixin_id) # 3、搜索列表 element_search_result_list = self.__wait_for_element_exists(self.id_search_result_list) # 3.1 是否存在对应的联系人,如果存在就在第一个子View布局下 # 注意:可能出现最常用的聊天列表,这里需要进行判断 index_tips = 0 for index, element_search_result in enumerate(element_search_result_list.children()): # 联系人的Tips # if element_search_result_list.children()[0].offspring(self.id_contact_tips).exists(): if element_search_result.offspring(text=self.text_contact_tips).exists(): index_tips = index break # 4、点击第一个联系人进入聊天界面 element_search_result_list.children()[index_tips + 1].click()
接着尝试着给对方转账,如果好友关系正常,就会跳出一个支付页面让输入密码。
def __judge_is_friend(self, weixin_id, weixin_name): """ 判断是不是微信好友 :param weixin_id: 微信号 :return: """ # 尝试给好友转账,设置一个小额度,以防止刷脸直接支付了 # 如果对方是你的好友,接下来会让你输入密码,关掉页面就行了 # 如果对方不是你的好友,会提示不是你的好友,不能继续操作了 # 5、点击好友界面的+按钮 self.poco(self.id_chat_more_button).click() # 6、点击转账按钮 self.poco(self.id_chat_more_container).offspring(text=self.text_chat_transfer_account_text).click() # 7、输入金额 self.poco(self.id_transfer_account_input).set_text(self.money) # 8、点击转账按钮 self.poco(self.id_transfer_account_container).offspring(text=self.text_chat_transfer_account_text).click()
如果是僵尸粉,应用会弹出一个警告对话框,提示你不是收款方好友,没法完成转账的操作。
通过警告对话框是否存在,就可以判断好友关系是否正常。 非正常的好友关系,包含:僵尸粉、对方账号异常等。
# 10.弹出警告对话框 # 弹出好友关系不正常 if element_transfer_account_result_button: # 提示内容 ransfer_account_result_tips = self.poco(self.id_transfer_account_result_tips).get_text() if self.text_friend_no_tips in transfer_account_result_tips: print('注意!%s已经把你拉黑了!!!' % weixin_name) self.friend_black_list.append({ 'id': weixin_id, 'nickName': weixin_name }) write_to_file(self.path_black_list, 'id:%s,nickName:%s' % (weixin_id, weixin_name)) elif self.text_friend_limit_tips in transfer_account_result_tips: print('%s账号收到限制!!!' % weixin_name) write_to_file(self.path_account_limit, 'id:%s,nickName:%s' % (weixin_id, weixin_name)) elif self.text_friend_is_norm in transfer_account_result_tips: print('%s好友关系不正常!!!' % weixin_name) write_to_file(self.path_relationship_unnormal, 'id:%s,nickName:%s' % (weixin_id, weixin_name)) # 点击确认按钮 element_transfer_account_result_button.click() # 返回到主页面 self.__back_to_home() else: # 包含正常好友关系和对方账号限制的情况 print('好友关系正常') self.__back_to_home()
最后,模拟点击手机的返回键,一直回退到微信主界面。
def __back_to_home(self): """ 回退到主界面 :return: """ print('准备回退到主界面') home_tips = ['微信', '通讯录', '发现', '我'] while True: keyevent('BACK') is_home = False # 判断是否到达首页 if self.poco(text=home_tips[0]).exists() and self.poco(text=home_tips[1]).exists() and self.poco( text=home_tips[2]).exists() and self.poco(text=home_tips[3]).exists(): is_home = True if is_home: print('已经回到微信首页~') break
循环上面的操作,就可以判断出哪些是僵尸粉,哪些好友的账号被限制,哪些是正常的好友关系。
第 3 步,删除上面获取到的僵尸粉列表。
拿到上面的僵尸粉数据列表,就可以利用上面的方式进行一系列自动化UI 操作,删除掉这些好友。
def del_friend_black(self, weixin_id): """ 删除黑名单好友 :return: """ # 到好友聊天界面 self.__to_friend_chat_page(weixin_id) # 点击聊天界面右上角,进入到好友的详细信息界面 self.poco(self.id_person_msg_button).click() # 点击好友头像 self.poco(self.id_person_head_url).click() # 点击个人名片的右上角,弹出好友操作菜单 self.poco(self.id_person_manage_menu).click() # 查找删除操作栏 # 注意:对于目前主流的手机,都需要滑动到最底部才能出现【删除】这一操作栏 self.poco.swipe([0.5, 0.9], [0.5, 0.3], duration=0.2) # 点击删除,弹出删除对话框 self.poco(self.id_person_del, text=self.text_person_del) .click () # OK OK Delete Delete Friend # interface will return directly to the main interface self.poco (self.id_person_del_sure, text = self.text_person_del) .click ()
4
Conclusions The results of
Android project to compile or run directly APK will be able to save the address book of the micro-letter friends to the next item data file directory.
Then run a Python program will traverse friends contacts data, automation to operate the micro-channel App, then writes all of the zombie powder to a local file, and finally you can choose to delete all of these zombie powder out.