微信数据库解密
(手机IMEI + 微信uin )取MD5的前7位
手机的IMEI获取:手机拨号盘输入:*#06# ,你或者用android代码获取可以,怎么都行 或者 adb shell service call iphonesubinfo 1 | awk -F "'" '{print $2}' | sed '1 d' | tr -d '.' | awk '{print}' ORS= nexus6p: 867982021177614
adb shell
su
chmod 777 /data/data/com.tencent.mm/shared_prefs/auth_info_key_prefs.xml
exit
exit
adb shell cat /data/data/com.tencent.mm/shared_prefs/auth_info_key_prefs.xml
adb shell su -c "cat /data/data/com.tencent.mm/shared_prefs/*.xml | grep uin"
或者adb shell su -c "cat /data/data/com.tencent.mm/shared_prefs/auth_info_key_prefs.xml | grep _auth_uin | cut -b 34-43"
uid:
cd /data/data/com.tencent.mm/shared_prefs
cat auth_info_key_prefs.xml
<int name="_auth_uin" value="1612047176" />
echo -n '8679820211776141612047176' | md5sum
(手机IMEI + 微信uin )==8679820211776141612047176
取MD5(32位小写) == 51096839112723abc0a096fa0d054b76
取MD5的前7位:5109683
其中MicroMsg下某个用户的文件夹名称为 md5(mm+uid)
例如
echo -n 'mm1612047176' | md5sum
md5(mm1612047176)=089c975516ccefb11195d7695bdbf908
adb shell
su
cp /data/data/com.tencent.mm/MicroMsg/089c975516ccefb11195d7695bdbf908/EnMicroMsg.db /sdcard/
adb pull /sdcard/EnMicroMsg.db
adb shell am force-stop com.tencent.mm
adb shell am start com.tencent.mm/com.tencent.mm.ui.LauncherUI && pidcat.py com.tencent.mm -t XposedTag
sqlcipher EnMicroMsg.db 'PRAGMA key = "5109683"; PRAGMA cipher_use_hmac = off; PRAGMA kdf_iter = 4000; ATTACH DATABASE "decrypted_database.db" AS decrypted_database KEY "";SELECT sqlcipher_export("decrypted_database");DETACH DATABASE decrypted_database;'
sqlitebrowser decrypted_database.db
输入命令1,sqlcipher-shell64.exe encryted.db 【Enter】
输入命令2,PRAGMA key = 'thisiskey';
输入命令3,ATTACH DATABASE 'plaintext.db' AS plaintext KEY "";
输入命令4,SELECT sqlcipher_export('plaintext');
输入命令5,DETACH DATABASE plaintext;
命令解释:
命令1,要操作加密的数据库
命令2,输入加密数据库的密码
命令3,新建了一个数据库plaintext.db, 密码是空【两个单引号中间是空】
命令4,拷贝加密数据库中所有的数据到plaintext.db中
命令5,断开连接
上述命令完成之后就完成了一个解密的过程。
使用sqlite打开plaintext.db发现里面数据和源数据库中的文件一致
getdb.sh
uin=`adb shell su -c "cat /data/data/com.tencent.mm/shared_prefs/auth_info_key_prefs.xml | grep _auth_uin | cut -b 34-43"`
echo "uin" $uin
folder=`echo -n mm$uin | md5sum | cut -d " " -f 1`
echo "folder" $folder
imei=`adb shell service call iphonesubinfo 1 | awk -F "'" '{print $2}' | sed '1 d' | tr -d '.' | awk '{print}' ORS= | cut -d " " -f 1`
echo "imei" $imei
imeiuin=$imei$uin
echo "imei+uin" $imeiuin
pwd=`echo -n $imeiuin | md5sum | cut -c -7`
echo "pwd" $pwd
database="/data/data/com.tencent.mm/MicroMsg/$folder/EnMicroMsg.db"
echo "database "$database
tmpdb="/sdcard/"
tdb=$tmpdb"EnMicroMsg.db"
echo "tdb "$tdb
adb shell su -c "cp $database $tmpdb"
adb pull $tdb
adb shell rm $tdb
sleep 1
pass='"'$pwd'"'
echo $pass
sqlcipher EnMicroMsg.db 'PRAGMA key = "5109683"; PRAGMA cipher_use_hmac = off; PRAGMA kdf_iter = 4000; ATTACH DATABASE "decrypted_database.db" AS decrypted_database KEY "";SELECT sqlcipher_export("decrypted_database");DETACH DATABASE decrypted_database;'
Enjoy Reading This Article?
Here are some more articles you might like to read next: