WeChat SQLite decryption

This article transferred from: Zz_zigzag

Get database file

With Google, there has been a reverse app to get a local database.

For details, please refer to the answer

https://www.zhihu.com/question/19924224

Here is a brief description of the need to root the phone, 

Get/data/data/com.tencent.mm/MicroMsg/a long string/EnMicroMsg.db, the file is encrypted, the key formd5(IMEI+UIN)the first 7 digits, the phone serial number IMEI can usually be obtained in the settings, or dial pad * #06 #. I am here for Imei1,uin user information number, can be/data/data/com.tencent.mm/shared_prefs/system_config_prefs.xmlobtained in the file, the Default_uid value is.

Decrypt SQLite Database

Using sqlcipher encryption, it seems that sqlcipher commonly used in the Android-side SQLite database encryption.

Originally wanted to introduce sqlcipher on the PC side of the package connection db file, later found that Sqlcipher is mainly used for Android applications, did not find a common Java project available libraries, so forget it.

Also learned that sqlcipher with the AES256 do encryption, just to handwritten AES decryption, found that the JDK with AES 128-bit, if you want to use, but also to download additional packages, also to see the Sqlcipher encryption part of the source code, later think of AES also different types, This is not a good chance of success, so also dropped.

The bell is also required to ring people, or use sqlchipher to decrypt it, installation and command reference to this and this article, thanks for sharing.

Installing Sqlcipher

1	Apt-get Install Sqlcipher

Or

unzip -q sqlcipher-master.zip
cd sqlcipher-master
sudo apt install openssl libssl-dev tcl tk sqlite3
./configure --enable-tempstore=yes CFLAGS="-DSQLITE_HAS_CODEC" LDFLAGS="-lcrypto"
make
./sqlcipher

Use the key obtained in the previous step, such as key = ' 1234567 '.

1 2 3 4 5 6 7

./sqlcipher EnMicroMsg.db sqlite> PRAGMA key = ‘1234567‘; sqlite> PRAGMA cipher_use_hmac = off; sqlite> PRAGMA kdf_iter = 4000; sqlite> ATTACH DATABASE ‘wechat.db‘ AS wechat KEY ‘‘; sqlite> SELECT sqlcipher_export(‘wechat‘); sqlite> DETACH DATABASE wechat;

Or a sentence to execute directly

1	Sqlcipher enmicromsg.db ' PRAGMA key = "1234567"; PRAGMA Cipher_use_hmac = off; PRAGMA kdf_iter = 4000; ATTACH DATABASE "Wechat.db" as WeChat KEY "; Select Sqlcipher_export ("WeChat");D Etach DATABASE WeChat; '

You can get the ordinary unencrypted wechat.db.
WhichPRAGMA cipher_use_hmac = off; PRAGMA kdf_iter = 4000;can bePRAGMA cipher_migrate;substituted. Using the latter, the original file will be changed,sqlcipher EnMicroMsg.db ‘PRAGMA key = "1234567"; PRAGMA cipher_migrate; ‘for example, after execution can beDB Browser for SQLiteopened with the input key, and then the menu bar, file-and set encryption, password is empty to clear the password.

Understanding the database structure

Using browser to open the database file, a general overview of the table structure and data, where the main use of three tables:

1. Rcontact, Contacts table
2. Chatroom, Group chat table
3. Message, Chat History table

Each record in the message is a chat message that contains the chat object, andtalkerif it is a group chat, the message.talker=chatroom.chatroomname,message.content is stored in the form: "Group member Wxid:\ N Content ".

Coding

The encoding process is easy, statistical chat records will be matched according to regular expressions, where group members are required, and the meal fee message is a single value.

Specific code See

Https://github.com/zz-zigzag/wechat-db-parser

Because of the small program, for the realization of the convenience of discarding some coding rules, such as the function of reentrant, etc., here for reference only.

---restore content ends---

WeChat SQLite decryption