Open chainpost opened 1 year ago
taytay-swift
commented
1 year ago 版本:3.9.6.33 成功获取数据库密钥,但是解密数据库提示密码错误 我在想是不是获取key的那边出了问题,我在使用SQLite解密数据库的时候也无法解密,无论是SQLCipher还是WxSQLite3下的 AES256加密算法或 SQLCipher:AES256加密算法都提示MSG1.db:file is not a database。,这通常表示着密码错误。
taytay-swift
commented
1 year ago 我已经找到了解决方案。 1.请确保msgx.db对应你的微信key(因为我都电脑里就有3个账户,获取的key可能不对应解码的db) 2.尝试使用以下脚本代替你的decode脚本(来源:https://blog.csdn.net/weixin_44495599/article/details/130030309 十分感谢他5555,日期很新2023-7,该脚本有注意事项,请查看)
============代码如下================
input_pass = '63......................7'
input_dir = './'
import ctypes
import hashlib
import hmac
from pathlib import Path
from Crypto.Cipher import AES
SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
IV_SIZE = 16
HMAC_SHA1_SIZE = 20
KEY_SIZE = 32
DEFAULT_PAGESIZE = 4096
DEFAULT_ITER = 64000
password = bytes.fromhex(input_pass.replace(' ', ''))
def decode_one(input_file):
input_file = Path(input_file)
with open(input_file, 'rb') as (f):
blist = f.read()
print(len(blist))
salt = blist[:16]
key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
first = blist[16:DEFAULT_PAGESIZE]
mac_salt = bytes([x ^ 58 for x in salt])
mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
hash_mac = hmac.new(mac_key, digestmod='sha1')
hash_mac.update(first[:-32])
hash_mac.update(bytes(ctypes.c_int(1)))
if hash_mac.digest() == first[-32:-12]:
print('Decryption Success')
else:
print('Password Error')
blist = [
blist[i:i + DEFAULT_PAGESIZE]
for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)
]
with open(input_file.parent / f'decoded_{input_file.name}', 'wb') as (f):
f.write(SQLITE_FILE_HEADER)
t = AES.new(key, AES.MODE_CBC, first[-48:-32])
f.write(t.decrypt(first[:-48]))
f.write(first[-48:])
for i in blist:
t = AES.new(key, AES.MODE_CBC, i[-48:-32])
f.write(t.decrypt(i[:-48]))
f.write(i[-48:])
if __name__ == '__main__':
input_dir = Path(input_dir)
for f in input_dir.glob('*.db'):
decode_one(f)
版本:3.9.6.33 成功获取数据库密钥,但是解密数据库提示密码错误