Shrimp Music PC-side database can view a large number of account information directly

There is a problem on the PC side of the shrimp music, the database used by SQLite, is not encrypted

It exposes a lot of account information, and although it is not known what will happen when this information is exposed, it may not happen, but the basic encryption I think is necessary.

Database location x:\ music \ Shrimp Music \system\xm_data.db

With the Admin tool link, we will get 5 table Api_cache,global_config,local_music,play_history,xm_user.

1. Api_cache has three fields Id,apiname,apidata

Apiname is a list of the APIs used by the shrimp.

Apidata is the string that gets to the JSON format

Instance:

2. Global_config Global Configuration has 4 fields Id,key,value,expiretimestamp

Key The following values contain a large amount of personal information logininfo (including sensitive information), Play_queue_snapshot,play_queue_snapshot_index,settingconfigshortcut (shortcut key setting), Downloadconfig (Download Settings)

These things are contained in the Logininfo.

{"Accesstoken": "", "Avatar": "", "Downcountleft":, "ISDEMOVIP":, "ISVIP":, "nickname": "", "type": "Succlogin", "UserId" :, "userverify":, "Verifyisopen":, "Version": "", "Vipexpire":, "visits":}

See here, you should know the login token, such as sensitive information, DEMOVIP (is a long time ago BEGGARVIP)

3. Local_music contains 10 fields

This table is a summary of local music and downloaded music.

4. play_history contains 13 fields, primarily a summary of the playlist's music information.

5. The last table Xm_user is mainly to save the user information

Although it is not known what will happen when this information is exposed, it may not happen, but the basic encryption I think is necessary.

Welcome reprint, please specify the original address.

Shrimp Music PC-side database can view a large number of account information directly