RevokeMsgPatcher: Binary Patching for PC Messaging Apps
RevokeMsgPatcher is a hex editor tool specifically designed to modify the executable files of PC versions of popular Chinese messaging apps like WeChat, QQ, and TIM. The main purpose of this modification is to prevent messages from being revoked by the sender.
From a software engineer's point of view, this tool is interesting because it's a form of reverse engineering and binary patching. Instead of modifying the source code of the application (which is not available), it directly manipulates the compiled binary file.
The tool works by changing specific hexadecimal values within the application's executable. These values likely correspond to the code or logic that handles the message revocation feature. By altering these bytes, the tool effectively "disables" or "bypasses" the part of the program that would otherwise delete a revoked message from your view.
While you might not use this specific tool in your day-to-day job, the concepts behind it are highly relevant to a software engineer's skillset
Understanding Binary and Hexadecimal Data
This tool is a great example of why it's important to understand how data is represented at a low level. A software engineer who works with embedded systems, security, or performance optimization often needs to read and understand binary and hexadecimal data.
Reverse Engineering
The tool itself is a product of reverse engineering. The developer had to analyze the compiled code of WeChat, QQ, or TIM to find the exact location and function of the revocation feature. This skill is crucial in many areas, including security analysis, debugging complex issues, and understanding how third-party libraries or systems work.
Security and Vulnerability Analysis
Tools like this demonstrate how an application's features can be manipulated. A security engineer would analyze this tool to understand potential vulnerabilities. For example, if a client-side feature can be easily patched, it might indicate that the security of a feature relies too much on client-side controls rather than server-side validation.
Debugging and Low-Level Programming
When a bug is extremely difficult to reproduce or diagnose, a software engineer might need to use a hex editor to inspect memory or executable files directly, similar to what this tool does. It's a last resort but an essential skill for deep-level debugging.
The usage is quite straightforward, but it's important to understand the risks involved (e.g., potential for the application to stop working, or for you to be banned from the service).
Download the Tool
First, you would need to download the executable from the GitHub repository. It's usually provided as a single .exe file.
Run the Tool
Execute the RevokeMsgPatcher. The tool will likely have a graphical user interface (GUI) that automatically detects the installed versions of WeChat, QQ, or TIM.
Patch the Application
The tool will provide an option (like a button) to "Patch" or "Modify." When you click this, it will apply the hex changes to the target application's executable file.
Launch the App
After the patching process is complete, you can launch the messaging application as you normally would. The revocation feature should now be disabled.
Since the tool works on compiled binaries, there's no "sample code" in the traditional sense. The "code" is a series of hex bytes. However, here's a conceptual example of what a patch might look like from the perspective of a low-level engineer
Let's imagine the original code in the WeChat executable at memory address 0x00A1B2C3 looked something like this in hexadecimal
// Original code segment that checks if a message should be revoked
0F 84 5A 02 00 00 ; JZ (Jump if Zero) to a function that revokes the message
The RevokeMsgPatcher might change this code to a "no-op" (no operation) or change the jump instruction to a different location. For example, it might replace it with a jump that bypasses the revocation logic completely
// Patched code segment that bypasses the revocation check
90 90 90 90 90 90 ; NOP (No Operation) instructions to disable the check