├── bin ├── pjsz_aarch64 ├── pjsz_armv8l └── introduction.txt ├── README.md └── shanzhao_crack.c /bin/pjsz_aarch64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kpwd/QQ_Disappear_Images_saver/HEAD/bin/pjsz_aarch64 -------------------------------------------------------------------------------- /bin/pjsz_armv8l: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kpwd/QQ_Disappear_Images_saver/HEAD/bin/pjsz_armv8l -------------------------------------------------------------------------------- /bin/introduction.txt: -------------------------------------------------------------------------------- 1 | ./pjsz_aarch64 was built on vivo x6 plus 2 | ./pjsz_armv8l was built on mi6 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # QQ_Disappear_Images_saver 2 | 安卓QQ闪照破解(原图级破解,非二次截图!) 3 | 4 | 《公安部门QQ闪照取证程序》 5 | 由于本程序过于邪恶QwQ,老衲在这里郑重说明一下咕咕估。 6 | 这个程序是用来公安部门取证使用,用来干坏坏的事情我不会管的!!!>_< 7 | 你们啊,不要喜欢弄个大新闻,说我的程序侵犯了别人的隐私,就把我批判一番,naive! 8 | 编程时使用的参考资料: 9 | https://blog.csdn.net/u010155023/article/details/51969513 10 | https://www.jiangmiao.org/blog/2179.html 11 | https://www.ibm.com/developerworks/cn/linux/l-ubuntu-inotify/ 12 | https://www.cnblogs.com/sky-heaven/p/5884475.html 13 | 14 | 让我们隆重感谢楼上大佬的无偿滋瓷! 15 | 16 | -------------------------------------------------------------------------------------------------------------------------------- 17 | 那么这个鳖孙玩意到底咋破解啊? 18 | PS:如果不想gcc编译可以去/bin/里找我的编译版本,这样就无需安装clang了 19 | 20 | 21 | 首先吧,把这个神奇的c文件放到/sdcard/ (什么?不知道sdcard?你咋来的github混蛋!) 22 | 然后在/sdcard/下创建一个目录/sdcard/bak 23 | 然后,手机要安装termux,然后执行 24 | pkg install clang 25 | cp /sdcard/shanzhao_crack.c ~ 26 | gcc shanzhao_crack.c 27 | 28 | 29 | 这时程序已经编译完成,别忙着执行,切换到QQ的界面,然后到闪照附近(别点闪照) 30 | 执行下面的 31 | ./a.out /sdcard/tencent/MobileQQ/diskcache /sdcard/bak 32 | 33 | (个别使用存储重定向的可能需要稍微变通一下路径,比如我的是 34 | /sdcard/VirtualXposed/vsdcard/0/tencent/MobileQQ/diskcache 35 | 当然,一般情况下还是不变的。) 36 | 37 | 这时进入监听模式,切换到QQ界面,点击闪照,然后不出意外的话 38 | /sdcard/bak 会产生一些文件(也有一些垃圾文件),其中就有闪照的原图。 39 | -------------------------------------------------------------------------------- /shanzhao_crack.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | /* 8 | 《公安部门QQ闪照取证程序》 9 | 由于本程序过于邪恶QwQ,老衲在这里郑重说明一下咕咕估。 10 | 这个程序是用来公安部门取证使用,用来干坏坏的事情我不会管的!!!>_< 11 | 你们啊,不要喜欢弄个大新闻,说我的程序侵犯了别人的隐私,就把我批判一番,naive! 12 | 参考资料: 13 | https://blog.csdn.net/u010155023/article/details/51969513 14 | https://www.jiangmiao.org/blog/2179.html 15 | https://www.ibm.com/developerworks/cn/linux/l-ubuntu-inotify/ 16 | https://www.cnblogs.com/sky-heaven/p/5884475.html 17 | 18 | 让我们隆重感谢楼上大佬的无偿滋瓷! 19 | */ 20 | /* 21 | struct inotify_event { 22 | int wd; //watch descriptor 23 | uint32_t mask; //mask of events 24 | uint32_t cookie; //unique cookie 25 | uint32_t len; //size of 'name' field 26 | char name[]; //nul-terminated name 27 | }; 28 | 29 | -------------------------------------------------------------------------------------------------------------------------------- 30 | 那么这个鳖孙玩意到底咋破解啊? 31 | 首先吧,把这个神奇的c文件放到/sdcard/ (什么?不知道sdcard?你咋来的github混蛋!) 32 | 然后在/sdcard/下创建一个目录/sdcard/bak 33 | 然后,手机要安装termux,然后执行 34 | pkg install clang 35 | cp /sdcard/shanzhao_crack.c ~ 36 | gcc shanzhao_crack.c 37 | 38 | 39 | 这时程序已经编译完成,别忙着执行,切换到QQ的界面,然后到闪照附近(别点闪照) 40 | 执行下面的 41 | ./a.out /sdcard/tencent/MobileQQ/diskcache /sdcard/bak 42 | 43 | (个别使用存储重定向的可能需要稍微变通一下路径,比如我的是 44 | /sdcard/VirtualXposed/vsdcard/0/tencent/MobileQQ/diskcache 45 | 当然,一般情况下还是不变的。) 46 | 47 | 这时进入监听模式,切换到QQ界面,点击闪照,然后不出意外的话 48 | /sdcard/bak 会产生一些文件(也有一些垃圾文件),其中就有闪照的原图。 49 | */ 50 | #define EVENT_SIZE ( sizeof (struct inotify_event) ) 51 | #define BUF_LEN ( 1024 * ( EVENT_SIZE + 16 ) ) 52 | int main(int argc, char *argv[]){ 53 | char *TargetDir; 54 | char *DestnationDir; 55 | char buffer[BUF_LEN]; 56 | unsigned int filenumber=0; 57 | int length,i=0; 58 | if (argc == 1) { 59 | printf("**********HELP ME!!************\n"); 60 | printf("YOU: I can't use your shit program !! :(\n"); 61 | printf("I :I am so sorry to here that,and help you immediately! >_<\n"); 62 | printf("Execute 'Program diskcache /sdcard/bak' \n"); 63 | return 0; 64 | } 65 | if (argc == 2) { 66 | TargetDir = malloc(3); 67 | strcat(TargetDir,"./"); 68 | }else { 69 | TargetDir=malloc(strlen(argv[1])+1); 70 | DestnationDir=malloc(strlen(argv[2])+1); 71 | *(TargetDir)='\0'; 72 | *(DestnationDir)='\0'; 73 | strcat(TargetDir,argv[1]); 74 | strcat(DestnationDir,argv[2]); 75 | if(DestnationDir[strlen(DestnationDir)-1]!='/'){//if last char is not / 76 | strcat(DestnationDir,"/"); // add / 77 | } 78 | if(TargetDir[strlen(TargetDir)-1]!='/'){ 79 | strcat(TargetDir,"/"); 80 | } 81 | } 82 | int fd=inotify_init(); 83 | if (fd == -1) 84 | { 85 | perror("I can not be inited! :(\n"); 86 | exit(EXIT_FAILURE); 87 | } 88 | int wd = inotify_add_watch(fd,TargetDir, IN_CLOSE_WRITE); 89 | if (wd == -1) 90 | { 91 | perror("There can not be watched! :(\n"); 92 | exit(EXIT_FAILURE); 93 | }else{ 94 | printf("I am watching this dir: [%s] \n and immediately copy new image to [%s] if it exits.\n",TargetDir,DestnationDir); 95 | } 96 | while(1){ 97 | //printf("Waiting...\n"); 98 | length=read( fd,buffer,BUF_LEN ); 99 | while ( i < length ) { 100 | struct inotify_event *event = ( struct inotify_event * ) &buffer[ i ]; 101 | i += EVENT_SIZE + event->len; 102 | if ( event->len ) { 103 | char head[9]={0}; 104 | char *TargetFileName; 105 | TargetFileName=(char *)malloc(strlen(TargetDir)+event->len+1); 106 | *(TargetFileName)='\0'; 107 | strcat(TargetFileName,TargetDir); 108 | strcat(TargetFileName,event->name); 109 | //memcpy(EventFileName,event->name,event->len); 110 | printf("TargetFileName: %s\n",TargetFileName); 111 | FILE* rfile=fopen(TargetFileName,"r"); 112 | if(!(rfile&&fread(head,1,8,rfile)==8)){ 113 | printf("Can't open TargetFileName!\n"); 114 | goto CLEAR; 115 | } 116 | if(strcmp("ENCRYPT:",head)==0){ 117 | //printf("Pass it!\n"); 118 | goto CLEAR_AND_CLOSE_FILES; 119 | //This file was ENCRYPTED so I can do nothing 120 | }else{ 121 | //Catched it! it was decrypted so I must immediately copy it to destnation 122 | char *DestnationFileName; 123 | unsigned int DestnationFileReadSize; 124 | char DestnationFileReadData[1024]; 125 | DestnationFileName=(char *)malloc(strlen(DestnationDir)+event->len+4+1);//+4=strlen(".jpg") 126 | *(DestnationFileName)='\0'; 127 | strcat(DestnationFileName,DestnationDir); 128 | strcat(DestnationFileName,event->name); 129 | strcat(DestnationFileName,".jpg"); 130 | if(access(DestnationFileName,F_OK)!=-1){ 131 | //printf("Pass it!\n"); 132 | goto CLEAR_AND_CLOSE_FILES; 133 | } 134 | printf("SaveFileName: %s\n",DestnationFileName); 135 | FILE* DestnationFileNameP=fopen(DestnationFileName,"w"); 136 | fwrite(head,1,8,DestnationFileNameP); 137 | while(DestnationFileReadSize=fread(DestnationFileReadData,1,1024,rfile)){ 138 | fwrite(DestnationFileReadData,1,DestnationFileReadSize,DestnationFileNameP); 139 | } 140 | fclose(DestnationFileNameP); 141 | //printf("DestnationFileName: %s\n",DestnationFileName); 142 | 143 | //fread(rfile,sizeof(char),1024,filedata); 144 | } 145 | CLEAR_AND_CLOSE_FILES: 146 | fclose(rfile); 147 | CLEAR: 148 | free(TargetFileName); 149 | } 150 | } 151 | i=0; 152 | } 153 | close(fd); 154 | free(TargetDir); 155 | free(DestnationDir); 156 | return 0; 157 | } 158 | --------------------------------------------------------------------------------