#!/usr/bin/env python3 import os import re def modify_hex_pattern(): # 目标文件路径 target_file = "Payload/Yuanshen.app/Yuanshen" # ========================================== # 请在这里填入要搜索的十六进制模式(去除所有空格和换行) # 示例格式:88AC8ED288ADAEF268CEC7F2... SEARCH_HEX_PATTERN = "" # ========================================== # ========================================== # 请在这里填入要替换的新十六进制模式(必须与搜索模式长度相同) # 示例格式:99BD9FE399BEBFF379DFD8F3... REPLACE_HEX_PATTERN = "" # ========================================== # 验证输入 if not SEARCH_HEX_PATTERN: print("错误: 请先填写 SEARCH_HEX_PATTERN") return if not REPLACE_HEX_PATTERN: print("错误: 请先填写 REPLACE_HEX_PATTERN") return # 清理十六进制字符串(去除所有空格) search_pattern_clean = re.sub(r'\s+', '', SEARCH_HEX_PATTERN) replace_pattern_clean = re.sub(r'\s+', '', REPLACE_HEX_PATTERN) # 验证长度 if len(search_pattern_clean) != len(replace_pattern_clean): print(f"错误: 搜索模式和替换模式长度不匹配") print(f"搜索模式长度: {len(search_pattern_clean)} 字符") print(f"替换模式长度: {len(replace_pattern_clean)} 字符") return print(f"搜索文件: {target_file}") print(f"搜索模式长度: {len(search_pattern_clean)} 字符") print(f"替换模式长度: {len(replace_pattern_clean)} 字符") print(f"搜索模式: {search_pattern_clean[:50]}...") print(f"替换模式: {replace_pattern_clean[:50]}...") print("-" * 80) if not os.path.exists(target_file): print(f"错误: 文件 {target_file} 不存在") return # 创建备份 backup_file = target_file + ".backup" if not os.path.exists(backup_file): print(f"创建备份文件: {backup_file}") with open(target_file, 'rb') as src, open(backup_file, 'wb') as dst: dst.write(src.read()) else: print(f"备份文件已存在: {backup_file}") try: # 读取文件 with open(target_file, 'rb') as f: content = bytearray(f.read()) # 将二进制内容转换为十六进制字符串 hex_content = content.hex().upper() print(f"文件大小: {len(content)} 字节") print(f"十六进制内容长度: {len(hex_content)} 字符") # 搜索模式 occurrences = [] start = 0 while True: pos = hex_content.find(search_pattern_clean, start) if pos == -1: break occurrences.append(pos // 2) # 转换为字节偏移 start = pos + 1 print(f"\n找到 {len(occurrences)} 个匹配:") for i, offset in enumerate(occurrences): print(f" 匹配 {i+1}: 偏移 0x{offset:08X} ({offset} 字节)") if len(occurrences) == 0: print("未找到匹配的十六进制模式,无法进行修改") return # 确认修改 print(f"\n即将修改 {len(occurrences)} 个位置") confirm = input("确认要修改吗?(y/N): ") if confirm.lower() != 'y': print("取消修改") return # 执行修改 modified_count = 0 for i, offset in enumerate(occurrences): # 将十六进制字符串转换为字节 replace_bytes = bytes.fromhex(replace_pattern_clean) # 替换字节 content[offset:offset+len(replace_bytes)] = replace_bytes modified_count += 1 print(f"已修改匹配 {i+1}: 偏移 0x{offset:08X}") # 写回文件 with open(target_file, 'wb') as f: f.write(content) print(f"\n修改完成!共修改了 {modified_count} 个位置") print(f"原始文件已备份为: {backup_file}") # 验证修改 print("\n验证修改结果:") with open(target_file, 'rb') as f: new_content = f.read() new_hex_content = new_content.hex().upper() # 检查是否还有原始模式 remaining_old = new_hex_content.count(search_pattern_clean) print(f"剩余原始模式数量: {remaining_old}") # 检查新模式数量 new_pattern_count = new_hex_content.count(replace_pattern_clean) print(f"新模式数量: {new_pattern_count}") if remaining_old == 0 and new_pattern_count == len(occurrences): print("✅ 修改验证成功!") else: print("⚠️ 修改验证异常,请检查结果") except Exception as e: print(f"修改过程中出错: {e}") if __name__ == "__main__": modify_hex_pattern()