How to extract and decrypt WeChat enmicromsg.db on Android phone

Source: Internet
Author: User

One of my friend came to me with an Android phone.  She saild somehting wrong with the hardware of her friend's phone, and her friend is eager to backup his data,especially WeChat chat messages. Unfortunatelly her friend forgot the Accoutn/password to logon WeChat .... What can I say. She is one of the My best firend. I should do her a favor ...

I took a look at the this phone, and I found it "rooted" already. That's a good news~ Some people root his/her phone in order to gain full access,but. Guest what.. There is an old saying: "water are a boon in ther desert, and the drowning man cursed it". rooted phones is easier to does physical extraction because Root privilege has been realeased. Those who try to operate full function of smartphones by rooting his/her Android phone actually make smartphones more inse Cure . But to forensic guys, couldn ' t be better ...

First I interviewed her to gather some basic info on the case. The scenario was and the version of the WeChat is 6.0.1, but she had no WeChat Account/password to logon to ... That's all the what I know about the this case, and now I'm like to explain what I'm going to do.

1.Locate the WeChat enmicromsg.db and export it to the forensics workstation your use.

2.Take a look at enmicromsg.db. It ' s an encrypted database. We could not see what is inside. So we had to decrypt it ...

3.Let me Explian the encryption algorithm of WeChat enmicromsg.db. The pragma key is the first 7 character of MD5 (Imei+wechat UIN). That's it,very easy to calculate it. First figure out the imei,you has to options:

A. Dial * #06 #

B. Take off back cover and battery and your could see some info including IMEI

4.Find out the WeChat UIN. UIN is the unique id# for WeChat account. The UIN is inside the file System_config_prfs.xml

5.Get the UIN value

6.Input the IMEI and UIN String,be carefully there is no need to add any symbol between these both string ... Generate the MD5 value: The key is the first 7 character as BELOW:9C751DC

7.Now the most import step. You need a tool-sqlcipher to decrypte the enmicromsg.db with the pragma key we found. Since The SQLCipher is opensource, you could find some resource by searching the Gurdian Project on the Internet. I show you the Windwos solution first. Notice that's version is 2.1

8. Use SQLCipher 2.1 to open enmicromsg.db and input the Pragam key

9.You could see the chat messages now ...

10.You also could export those chat messages so don't have the to open database more often.

Finally, I encrypted the WeChat enmicromsg.db for her. She ' s very happy with that. Couple days later I realized that it's her boy friend's smartphone ... What's a tradegy, I did not don't do it on purpose ... Sorry Buddy. Hope You'll be alright this time ... I think she'll kill you if she found some ambigious chat messages in your phone. God Bless you ...

How to extract and decrypt WeChat enmicromsg.db on Android phone

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.