解包加固的 app.asar 文件
本帖最后由 evlon 于 2023-11-24 08:24 编辑## 背景
解包 app.asar 文件的过程中,解出来几个1G的文件。然后后面解压报错。
```shell
node:internal/validators:181
throw new ERR_OUT_OF_RANGE(
^
RangeError : The value of "size" is out of range. It must be >= 0 && <= 4294967296. Received 5_.09_881_721_313_988_2e+_306
at Function.alloc (node:buffer:401:3)
at module.exports.readFileSync (/usr/local/lib/node_modules/asar/lib/disk.js:106:23)
at module.exports.extractFile (/usr/local/lib/node_modules/asar/lib/asar.js:170:15)
at Command.<anonymous> (/usr/local/lib/node_modules/asar/bin/asar.js:65:12)
at Command.listener (/usr/local/lib/node_modules/asar/node_modules/commander/index.js:413:31)
at Command._parseCommand (/usr/local/lib/node_modules/asar/node_modules/commander/index.js:914:14)
at Command._dispatchSubcommand (/usr/local/lib/node_modules/asar/node_modules/commander/index.js:865:18)
at Command._parseCommand (/usr/local/lib/node_modules/asar/node_modules/commander/index.js:882:12)
at Command.parse (/usr/local/lib/node_modules/asar/node_modules/commander/index.js:717:10)
at Object.<anonymous> (/usr/local/lib/node_modules/asar/bin/asar.js:80:9) {
code: 'ERR_OUT_OF_RANGE'
}
```
## 分析
### 1. 提取文件结构内容
```shell
$ json=$(head -n1 app.asar) && echo ${json:10} > app.json
```
### 2. 通过Vscode 格式化后查看,找到问题有两个
第一个问题:好几个文件的大小都是 1073741824 ,差不多就是1G
第二个问题:好几个文件的大小,是 5.275993804089815e+307, 大的没边了
```js
{
"files": {
"9ff5e67e3a8d90a5ea38e489b7df48aae95647197b00d80982cd10d4a6da": {
"offset": "0",
"size": 1073741824
},
"2310ec28019fff8f777b4232a0383e9a319c37ded20503a161df3e54fa41": {
"offset": "0",
"size": 1073741824
},
"0adb4548348ba990ccf1719c24c00b30698d438245e4df710b52e6962eb3": {
"offset": "0",
"size": 1073741824
},
"51b0f1ce28bebc9b6b882a880b74fb6cd0823e8a323af562f824c49f5073": {
"offset": "0",
"size": 1073741824
},
"15dd7e5871da30eefaffd2e276d3945e2ae9939d3164280bd88bf597173e": {
"offset": "0",
"size": 1073741824
},
"164da01bd3ee462e958307bd01ab394bc3434534ae7fd4e57f7b7dae216c": {
"offset": "0",
"size": 1073741824
},
"fd0e44de57d04716ca699f0dc8d010c2599ede17796b384fef55283ed618": {
"offset": "0",
"size": 1073741824
},
"dbaebc579f90db65f0a6ea7b7d3e15ef86b3f9b9f60165cb829e6bbdeee1": {
"offset": "0",
"size": 1073741824
},
"1bbb4a9e1a2c8618124823c6848e47d283e078893f58ed91b4843fae0c9d": {
"offset": "0",
"size": 1073741824
},
"a8e4d967f7098a0f10e9cc26211f385974f9b6c02185d52621be628c9819": {
"offset": "0",
"size": 1073741824
},
"license": {
"size": 5.098817213139882e+306,
"offset": "967376885"
},
"production": {
"size": 3.29507800030067e+307,
"offset": "944881848"
},
"development": {
"size": 2.83416941938342e+307,
"offset": "2967236527"
},
"staging": {
"size": 5.504175224545362e+307,
"offset": "1883543224"
},
"secrets": {
"size": 1.7173109818958156e+307,
"offset": "2031504498"
},
"test": {
"files": {
"test1.js": {
"size": 8.074474951744806e+306,
"offset": "158220493"
},
"test2.js": {
"size": 6.753019992570355e+307,
"offset": "1200325917"
},
"test3.js": {
"size": 5.275993804089815e+307,
"offset": "2877622515"
}
}
},
"background.js": {
"size": 1111113,
"offset": "0"
},
"background.js.LICENSE.txt": {
"size": 1437,
"offset": "1111113"
},
```
## 解决方案
我目前的解决方案,是修改 asar 命令,添加如下功能选项
### 1. 添加选项 --max-file-size ,限制文件最大数量
### 2. 添加选项 --ignore-fake-file, 自动去除乱文件,即没有头,没有尾巴的虚假文件
### 3. 添加选项 --ignore-unpack,有些文件是外连的,不接呀
```shell
$ node bin/asar.js e -h
Usage: asar extract|e <archive> <dest>
extract archive
Options:
-iff, --ignore-fake-fileskip fake file item
-iu, --ignore-unpack skip unpack file item
--max-file-size max file size, if biger ignore it
-h, --help display help for command
```
## 使用方法
### 安装
```shell
evlon@evlon-pc:~$ sudo npmi -g asar-plus
password for evlon:
added 13 packages in 7s
1 package is looking for funding
run `npm fund` for details
evlon@evlon-pc:~$ asar-plus -h
Usage: asar-plus
Manipulate asar archive files
Options:
-V, --version output the version number
-h, --help display help for command
Commands:
pack|p <dir> <output> create asar archive
list|l <archive> list files of asar archive
extract-file|ef <archive> <filename>extract one file from archive
extract|e <archive> <dest>extract archive
*
help display help for command
evlon@evlon-pc:~$ asar-plus e -h
Usage: asar-plus extract|e <archive> <dest>
extract archive
Options:
-iff, --ignore-fake-fileskip fake file item
-iu, --ignore-unpack skip unpack file item
--max-file-size max file size, if biger ignore it
-h, --help display help for command
evlon@evlon-pc:~$
```
### 使用方法
```shell
$ mkdir ./app
$ node asar-plus e -iff -iu app.asar ./app/
```
## 源码
https://github.com/evlon/asar-plus 本帖最后由 AcidTan 于 2024-2-23 23:42 编辑
自己安装测试出现错误,自己测试删减了 不知道是不是自己电脑原因 有错误请指出谢谢
npmi -g asar-plus ‘’删除sudo ‘’
asar-plus -h
asar-plus e -h
使用方法
mkdir ./app
asar-plus e -iff -iu app.asar ./app/ ‘’删除node ‘
然后就正常了解压了 原型设计工具Figma的app.asar文件会附带一个app.asar.unpacked文件夹,解包后app.asar文件翻译.js字串打包回去,程序无法运行,点击没反应,请问怎么解决? 这几个参数实用性大大增强 楼主,node打包的exe有办法反编译吗 我倒是没遇到 过这种情况 ,关注一下 来学习大佬的参数,膜拜大佬!{:1_893:} 学习学习 厉害 之前想看一个asar文件没搞定,试试 学习学习 好厉害,感谢!! 之前遇到过类似这种情况,一会试试楼主方法
页:
[1]
2