init

.classpath

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" path="src"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8"/>
+	<classpathentry kind="output" path="bin"/>
+</classpath>

.gitignore

@@ -0,0 +1,2 @@
+/.settings
+/bin

.project

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>wechat-data-decode</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

README.md

@@ -0,0 +1,35 @@
+## wechat-data-decode
+
+微信 data 解密。
+
+### 需求
+
+微信暂用 C 盘几个 G，需要对微信目录清理。墓中的 image/video 等文件夹中的不需要的文件直接删掉即可。而 Data 目录占用了最大 2G 空间，那么删除这些 .data 文件前最好知道是什么文件。
+
+最后发现 Data 都是图片文件，而且绝大多数都没用了。。。
+
+### 原理
+
+（1）DAT文件，前三位是4F 96 88。
+
+（2）给出参考文件头：
+
+JPEG (jpg)，文件头：FFD8FF
+
+PNG (png)，文件头：89504E47
+
+GIF (gif)，文件头：47494638
+
+（3）异或处理尝试
+
+4F9688 Xor FFD8FF    =    B0 4E77‬
+
+4F9688 Xor 89504E    =    C6C6C6‬
+
+4F9688 Xor 474946    =    8 DFCE‬
+
+（4）对比发现密钥
+
+可以发现，异或结果 C6C6C6‬ 十分规律，对每个字节异或都为C6。反过来，图片加密的算法就是 89504E Xor C6C6C6 = 4F9688
+
+

java/src/me/yoqi/wechatdecode/WeChatImgRevert.java

@@ -0,0 +1,79 @@
+package me.yoqi.wechatdecode;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+public class WeChatImgRevert {
+	static String rootPath = "C:/Users/liuyuqi/AppData/Local/Packages/TencentWeChatLimited.forWindows10_sdtnhv12zgd7a/LocalCache/Roaming/Tencent/WeChatAppStore/WeChatAppStore Files/ab3255/Data/";
+
+	public static void main(String[] args) {
+		ExecutorService pool = Executors.newFixedThreadPool(10);
+		Runnable r = () -> {
+			String[] fileName = GetFileName.getFileName(rootPath);
+
+			int i = 0;
+			for (String name : fileName) {
+
+				try (InputStream reader = new FileInputStream(rootPath + name)) {
+					try (OutputStream writer = new FileOutputStream("D:/photo/" + name + ".jpg")) {
+						byte[] bytes = new byte[1024];
+						int b;
+						while ((b = reader.read(bytes)) != -1) {// 这里的in.read(bytes);就是把输入流中的东西，写入到内存中（buffer）。
+							// System.out.println("b = " + b + " b ^ 241 = " +
+							// (b ^ 241));
+							writer.write(b ^ 56611);// 241这个值是现算的，每个人电脑的值都不一致
+							writer.flush();
+						}
+					}
+					System.out.println(i++);
+				} catch (Exception e) {
+					e.printStackTrace();
+				}
+			}
+		};
+		pool.submit(r);
+		pool.shutdown();
+		// System.out.println("--------------------------------");
+		//
+		// ArrayList<String> listFileName = new ArrayList<String>();
+		//
+		// GetFileName.getAllFileName("F:/dat", listFileName);
+		//
+		// for (String name : listFileName) {
+		// System.out.println(name);
+		// }
+
+	}
+
+}
+
+class GetFileName {
+
+	public static String[] getFileName(String path) {
+		File file = new File(path);
+		String[] fileName = file.list();
+		return fileName;
+
+	}
+
+	public static void getAllFileName(String path, ArrayList<String> fileName) {
+		File file = new File(path);
+		File[] files = file.listFiles();
+		String[] names = file.list();
+		if (names != null)
+			fileName.addAll(Arrays.asList(names));
+		for (File a : files) {
+			if (a.isDirectory()) {
+				getAllFileName(a.getAbsolutePath(), fileName);
+			}
+		}
+	}
+
+}

python/wechat-data-decode.py

@@ -0,0 +1,38 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+'''
+@Contact :   liuyuqi.gov@msn.cn
+@Time    :   2019/08/13 11:21:00
+@Version :   1.0
+@License :   (C)Copyright 2019 liuyuqi
+@Desc    :   微信data数据解析
+'''
+import os
+
+out_path=r"D:/photo/"
+path = r'C:/Users/xx/AppData/Local/Packages/TencentWeChatLimited.forWindows10_sdtnhv12zgd7a/LocalCache/Roaming/Tencent/WeChatAppStore/WeChatAppStore Files/ab3255/Data/'
+
+def imageDecode(f,fn):
+    dat_read = open(f, "rb")
+    out=out_path+fn+".png"
+    png_write = open(out, "wb")
+    for now in dat_read:
+        for nowByte in now:
+            newByte = nowByte ^ 0xAB
+            png_write.write(bytes([newByte]))
+    dat_read.close()
+    png_write.close()
+ 
+def findFile(f):
+    fsinfo = os.listdir(f)
+    for fn in fsinfo:
+        temp_path = os.path.join(f, fn)
+        if not os.path.isdir(temp_path):
+            print('文件路径: {}' .format(temp_path))
+            print(fn)
+            imageDecode(temp_path,fn)
+        else:
+            ...
+
+if __name__ == "__main__":
+    findFile(path)