ppwwyyxx / wechat-dump

Cracking encrypted wechat message history from android
GNU General Public License v3.0
1.65k stars 309 forks source link

Negative uin #74

Open gregoiregentil opened 3 years ago

gregoiregentil commented 3 years ago

I have run everything and I get:

[10:24:53 39@decrypt-db.py:wechat] found uin=-157... in system_config_prefs.xml [10:24:53 54@decrypt-db.py:wechat] found uin=272... in com.tencent.mm_preferences.xml [10:24:53 69@decrypt-db.py:wechat] found uin=-157... in auth_info_key_prefs.xml [10:24:53 78@decrypt-db.py:wechat] found uin=-157... in systemInfo.cfg [10:24:53 81@decrypt-db.py:wechat] Possible uin: [-157..., 272...] [10:24:53 105@decrypt-db.py:wechat] found imei=353... from iphonesubinfo [10:24:53 117@decrypt-db.py:wechat] found imei=1234567890ABCDEF in CompatibleInfo.cfg [10:24:53 119@decrypt-db.py:wechat] Possible imei: ['353...', '1234567890ABCDEF', '1234567890ABCDEF'] Traceback (most recent call last): File "/tmp/wechat-dump/decrypt-db.py", line 175, in key = get_key(imei, uin) File "/tmp/wechat-dump/decrypt-db.py", line 132, in get_key a = md5(imei + uin) TypeError: can't concat int to bytes

I have tried to force the positive uin (272...) in the command line but it doesn't decrypt. Can you please look into this? Is this possible to have a negative uin?

ppwwyyxx commented 3 years ago

According to this old article https://www.forensicfocus.com/articles/decrypt-wechat-enmicromsgdb-database/ negative UIN should be concated as string directly. i.e. you can try "-157". Does this work?

gregoiregentil commented 3 years ago

No. If I login to the website, my uin cookie is 272... But even if I force this number for UIN and I use my IMEI from my phone, I still can't decrypt the database. Am I doing something wrong?

gregoiregentil commented 3 years ago

Also if I subtract my two potential UIN (272...) and (-157...), I get 0xFFFFFFFF

gregoiregentil commented 3 years ago

I have WeChat version 7.0.17 and I don't think it can work. I have calculated the MD5 as explained in the referenced article.