Open msftsecurityteam opened 3 years ago
gregoiregentil
commented
3 years ago I don't want to still your thread but could you please describe precisely which steps you are doing and on which platform/version. I see strange things too and I'm trying to decrypt my database.
Also, regarding your issue, there are some reports of problem of sqlcipher on some Linux Ubuntu system. Are you on Ubuntu?
ppwwyyxx
commented
3 years ago One possibility is that wechat upgraded their sqlcipher compat version at some version. We set it to 1 here: https://github.com/ppwwyyxx/wechat-dump/blob/6b501914203c32bd3b7754ac4f96fea6f1a29e99/decrypt-db.py#L142
maybe worth trying other versions
ellermister
commented
2 years ago I can open the EnMicroMsg.db using sqlite database browser (Version2.1 - SQLCipher Version).
but cannot decrypt the data by decrypt_db_with_password.py, the error is
database disk image is malformed
The output_db.db file is 2.7M, and the original file has 800M.
password is correct system is Ubuntu or debian uin is a negative number wechat version 8.0.2
decrypt_db_with_password.py param
c.execute("PRAGMA key = '" + key + "';")
c.execute("PRAGMA cipher_compatibility = 1;")
c.execute("PRAGMA cipher_use_hmac = OFF;")
c.execute("PRAGMA cipher_page_size = 1024;")
c.execute("PRAGMA kdf_iter = 4000;")
@gregoiregentil @ppwwyyxx
It's my file that is missing, it's normal to copy it again
Hi, as the issue is titled, I am running a Samsung S20 on Android 11, and the hardcoded 1234567890ABCDEF + UIN from system_config_prefs.xml generates a key "877f804" however I get the error "file is encrypted or is not a database" when running the decrypt-db.py script. If I use this same key with the SQLiteManager, it works.