本文主要介绍xlog是什么文件格式(xlog可以用什么软件打开)？，下面一起看看xlog是什么文件格式(xlog可以用什么软件打开)？相关资讯。
前面已经介绍了将日志打印为xlog文件的xlog。下面是如何将xlog文件解码成正常可读的日志文件。
解码未加密的xlog如果在android代码中初始化xlog，则使用未加密的方法，如下所示:
xlog.open(false，xlog。级别_调试，xlog。appednermodeasync 日志路径dbxlog ， );最后一个参数表示pubkey，null表示日志内容没有加密。
然后可以直接使用mars项目中的decode _ mars _ nocrypt _ log _ file . py文件进行直接转换，不过mars提供的python工具是python2版本。目前大部分用的是python3。如果您愿意在本地配置多个python版本，您可以配置python2，添加一些必需的库并直接执行。
如果你不 如果不想配置python2，您希望在python3中执行它，或者您可以手动更改这个python文件，这就是我更改的内容:
#!/usr/bin/python import sys import osi import glob import zlibimport struct import binasciiiimport tracebackmagic _ no _ compress _ start = 0x 03 magic _ no _ compress _ start 1 = 0x 06 magic _ no _ compress _ crypt _ start = 0x 08 magic _ compress _ start = 0x 04 magic _ compress _ start 1 = 0x 05 magic _ compress _ start 2 = 0x 07 magic _ no _ crypt _ star t = 0x 09 magic _ end = 0x 09 lastseq = 0 def isgoodlogbuffer(_; )magic _ start = _ buffer[_ offset]if magic _ no _ compress _ start == magic_start或magic _ compress _ start = = magic _ start或magic _ compress _ start 1 = = magic_start: crypt _ key _ len = 4 elif magic _ compress _ sta rt2 = = magic _ start或magic _ no _ compress _ start 1 = = magic _ start或magic _ no _ compress _ no _ crypt _ start = = magic _ start或magic _ compress _ no _ crypt _ start = = m agic_start: crypt _ k: r:%d！=魔法数字开始 % (_offset，_ buffer[_ offset]))header len = 1 2 1 1 4 crypt _ k:返回(fals: % d l: % d ;% (_offset，len(_ buffer)))start = _ offset header len4crypt _ key _ len length = struct . unpack _ from( 我 ，m: start 4]。tobyt:返回(false， log length cho 12@ . com % d，: % d ;% (l:返回(false， 日志长度15@.com%d，缓冲区[%d]:%d！=魔法终结 % ( length，_offset headerlen length，_ buffer[_ offset header length]))if(1 = count):返回(tru:返回isgoodlogbuffer(_buffer，_ offset headerlen length 1，count1)def getlogstartpos(_ buffer，_count): offs: if offs: break if magic _ no _ compress _ start = = _ buffer[offset]或magic _ no _ compress _ start 1 = = _ buffer[offset]或magic _ compress _ start = = _ buffer[offset]或magic _ compress _ start 1 = = _ buffer[offset]或magic _ compress _ start 2 = = _ buffer[offset]或magic _buff: if _offs: r: r: fix pos = g:)，1)if1 = = fixpos: r: _ out buffer . extend( [f]decod: % s \ n % (fixpos，ret[1])_ offset = fix pos magic _ start = _ buffer[_ offset]if magic _ no _ compress _ start = = magic _ start或magic _ compress _ start = = magic _ start或magic _ compress _ start 1 = = magic_start: crypt _ key _ len = 4 elif magic _ compress _ start 2 = = magic _ start或magic _ no _ compress _ start 1 = = magic _ start或magic _ no _ no _ crypt _ start = = magic _ start或magic _ co compress _ no _ crypt _ start = = magic_start:;在decod: % d！=魔法数字开始 % (_offset，magic_start)) return 1标头len = 1 2 1 1 4 crypt _ key _ len start = _ offset header len4crypt _ key _ len length = struct . unpack _ from( 我 ，m: start 4])[0]tmpbuffer = bytearray(length)seq = struct . unpack _ from( h ，m: start2])[0]begin _ hour = struct . unpack _ from( c ，m: start1])[0]end _ hour = struct . unpack _ from( c ，m: start])[0]global last s: _ out buffer . extend( [f]decod: % d% d丢失\ n % (lasts: last s:]= _ buffer[_ offset header lencho 44@ . com _ offs:解压缩器= zlib . decompressor obj(zlib。max _ wbits)if magic _ no _ compress _ start 1 = = _ buffer[_ offset]或magic _ compress _ start 2 = = _ buffer[_ offset]echo 46@ 。com打印( 使用错误的解码脚本)elif magic _ compress _ start = = _ buffer[_ offset]或magic _ compress _ no _ crypt _ start = = _ buff: tmpbuffer = decompressor . decompress(bytes(tmpbuffer))elif magic _ compr: decompr: single _ log _ len = struct . unpack _ from( h ，m: 2])[0]decompr: singl:]= tmp buff: len(tmp buffer)]tmp buffer = decompressor . decompress(str(decompr:通行证# _ out buff:%d，houre cho 56@ . com % d% d l: % d decompresse cho 58@ . com % d \ n ;%(s: trace back . print _ exc()_ out buffer . extend( [f]decod: fp = open(_ file， rb )_ buffer = bytearray(os . path . getsize(_ file))fp . readinto(_ buffer)fp . clos: r: start pos = decod: br:返回fpout = open(_outfile， 世界银行 )fp out . write(out buffer)fp out . clos:全局last s: if os . path . isdir(args[0]): fil: last s:解析文件(args[0]，args[0] 。日志 ):解析文件(args[0]，args[1]):文件列表= glob . glob( *.xlog )for file path in filelistecho 72@ 。解析文件(文件路径，文件路径 。日志 )if _ _ nam: main(sys。argv [1:])其实很简单。如果在python3中执行，主要是因为python3中没有了buffer()方法。
这是我修改文件的地址(decode _ mars _ nocrypt _ log _ fil
解码的具体操作直接执行，xlog文件作为参数传入:
python decode _ mars _ nocrypt _ log _ file . py dbx log _ 20220514 . xlog对加密的xlog进行解码。mars已经提供了一个加密工具:gen_key.py，可以直接执行该工具获得一组随机的公钥和私钥:
通过gen_key.py获得的密钥
在android代码中初始化xlog时，将公钥传递给指定的参数，输出日志将被加密:
xlog.open(false，xlog。级别_调试，xlog。appednermodeasync 日志路径dbxlog ， 68 f 0 b 7d 5 c 8 a 792 e1 ea 94 cfc 5 aaad 0 db 0840282 e 2 b 8 f 5 a 82 f 369 a 996 f 681 c 6 cd 1292 f 2d 6d 06712 eaf 735459584819 c4 fa 71 b 94 f 2d 9 bd 53837782 ea 35 aef 52 ef 35 );解码解密的工具是这样的:decode_mars_crypt_log_file.py，mars也提供了，但是不能直接使用，里面的密钥需要修改:
更新密钥
需要注意的是，mars提供的这个工具也需要python2来执行。我已经修改成python3了。如果有必要，你可以看看:
#!/usr/bin/python import sys import osi import glob import zlibimport struct import binasciiiimport pyellipticimport tracebackmaric _ no _ compress _ start = 0x 03 magic _no _ compress _ start 1 = 0x 06 magic _ no _ compress _ no _ crypt _ start = 0x 08 magic _ compress _ start = 0x 04 magic _ compress _ start 1 = 0x 05 magic _ compress _ start 2 = 0x 07 magi c _ compress _ no _ crypt _ start = 0x 09 magic _ end = 0x 00 last seq = 0 priv _ key = b ;babff 40958d 0346 b 8 c 602 dff 415 e 082 e 94 ed 5872903 ed 0 ea 2 a3 b 198 cd 3 e 5d 454 ;pub _ key = b 68 f 0 b 7d 5 c 8 a 792 e1 ea 94 cfc 5 aaad 0 db 0840282 e 2 b 8 f5 a 82 f 369 a 996 f 681 c 6 cd 1 ;b 292 f 2d 6d 06712 eaf 735459584819 c4 fa 71 b 94 f 2d 9 bd 53837782 ea 35 aef 52ef 35 ;def tea _ deciph: op = 0x ffffffff v 0，v1 = struct . unpack( ;ll ，v[0:8]) k1，k2，k3，k4 = struct . unpack( ;llll ;，k[0 : 16])d: v1 =(v1(((v 0 4)k3)^(v 0s)^((v 0 5)k4)))op v 0 =(v 0(((v1 4)k1)^(v1 s)^((v1 5)k2)))op s =(sdelta)op return struct . pack( ;ll ，v0，v1)def tea_decrypt(v，k): num = int(l: vi = v[i:i 8]if l: continue x = tea _ deciph:]retdef is goodlogbuffer(_ buffer，_offset，count): if _ offs: return(true， )magic _ start = _ buffer[_ offset]if magic _ no _ compress _ start = = magic _ start或magic _ compress _ start = = magic _ start或magic _ compress _ start 1 = = magic_start: crypt _ key _ len = 4 elif magic _ compress _ start 2 = = magic _ start或magic _ no _ compress _ no _ crypt _ start = = magic _ start或magic _ co mpress _ no _ crypt _ start = = magic_start: crypt _ k:返回fals:%d！=魔法数字开始 % (_offset，_ buffer[_ offset])header len = 1 2 1 1 4 crypt _ k:返回fals: % d l: % d ;% (_offset，len(_ buffer))start = _ offset header len4crypt _ key _ len length = struct . unpack _ from( 我 ，m: start 4])[0]if _ offs:返回false， log length cho 95@ . com % d，: % d ;% ( length，_offset headerlen length 1，len(_buffer)) if magic_:返回false。;日志长度98@.com%d，缓冲区[%d]:%d！=魔法终结 % ( length，_offset headerlen length，_ buffer[_ offset header length])if(1 = count):返回(tru:返回isgoodlogbuffer(_buffer，_ offset headerlen length 1，count1)def getlogstartpos(_ buffer，_count): offs: if offs: break if magic _ no _ compress _ start = = _ buffer[offset]或magic _ no _ compress _ start 1 = = _ buffer[offset]或magic _ compress _ start = = _ buffer[offset]或magic _ compress _ start 1 = = _ buffer[offset]或magic _ compress _ start 2 = = _ buffer[offset]或magic _ compress _ no _ crypt _ start = = _ buffer[offset]或magic _ no _ compress _ no _ crypt _ start = = _ buff: if is goodlogbuffer(_ buffer，offset，_count)[0]: return offset offset = 1 return1 def decod: if _offs: r: r: fix pos = g: % s \ n % (fixpos，ret[1])_ offset = fix pos magic _ start = _ buffer[_ offset]if magic _ no _ compress _ start = = magic _ start或magic _ compress _ start = = magic _ start \或magic _ compress _ start 1 = = magic_start: crypt _ key _ len = 4 elif magic _ compress _ start 2 = = magic _ start或magic _ no _ compress _ start 1 = = magic _ start \或者magic _ no _ compress _ no _ crypt _ start = = magic _ start或者magic _ compress _ no _ crypt _ start = = magic_start: crypt _ key _ len = 64 elseecho 117@ 。extend( ;在decod: % d！=魔法数字开始 % (_offset，magic _ start))return1 header len = 1 2 1 1 4 crypt _ key _ len start = _ offset header len4crypt _ key _ len length = struct . unpack _ from( 我 ，m: start 4])[0]tmpbuffer = bytearray(length)seq = struct . unpack _ from( h ，m: start2])[0]begin _ hour = struct . unpack _ from( c ，m: start1])[0]end _ hour = struct . unpack _ from( c ，m: start])[0]全局lasts: _ out buffer . extend( [f]decod: % d% d丢失\ n % (lasts: last s:]= _ buffer[_ offset header lencho 127@ . com _ offs:解压缩器= zlib . decompressor obj(zlib。max _ wbits)if magic _ no _ compr:传球elif magic _ compr: svr = pyelliptic。曲线= secp256k1 )client = pyelliptic。曲线= secp256k1 )start = _ offset header lencrypt _ key _ len cli: int(start crypt _ key _ len/2)]。tobytes()client . pubkey _ y = memory view(_ buffer)[int(start crypt _ k: start crypt _ key _ len]。tobytes()svr . privkey = binascii . unhexlify(priv _ key)tea _ key = svr . get _ ecdh _ key(client . get _ pubkey())tmp buffer = tea _ decrypt(tmp buffer，tea _ key)tmp buffer = decompressor . decompress(bytes(tmp buffer))elif magic _ compress _ start = = _ buffer[_ offset]或magic _ compress _ no _ crypt _ start = = _buff: tmp buffer = decompressor . decompress(bytes(tmp buffer))elif magic _ compr:解压缩_data = byt: single _ log _ len = struct . unpack _ from( h ，m: 2])[0]decompr: singl:]= tmp buff: len(tmp buffer)]tmp buffer = decompressor . decompress(str(decompr: pass # _ out buff:%d，hour : % d% d l: % d解压缩: % d \ n ;%(s: trace back . print _ exc()_ out buffer . extend( [f]decod: fp = open(_ file， rb )_buffer = bytearray(os.path。getsize(_ file))fp . readinto(_ buffer)fp . clos: r: startpos = decod: br: return fp out = open(_ outfile， 世界银行 )fp out . write(out buffer)fp out . clos:全局last s: if os . path . isdir(args[0]): fil: last s:解析文件(args[0]，args[0] 。日志 ):解析文件(args[0]，args[1]):文件列表= glob . glob( *.xlog )for fil: last s:主(sys.argv [1:])文章标签:
了解更多xlog是什么文件格式(xlog可以用什么软件打开)？相关内容请关注本站点。