WeChat 8 ?

[rom1504]

Is this working for wechat8?

The decryption is failing for me, I wonder if something might have changed

[rom1504]

trying to figure out from https://github.com/tsuzcx/qq_apk/blob/afe46ef5640d0ba6850cdefd3c11badbd725a3f6/com.tencent.mm/classes.jar/com/tencent/wcdb/database/SQLiteDatabase.java

[rom1504]

https://reao.io/347

[rom1504]

https://zhuanlan.zhihu.com/p/616008078

[rom1504]

https://github.com/greycodee/wechat-backup

[rom1504]

https://blog-greycode-top.translate.goog/posts/android-wechat-bak/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#%E8%8E%B7%E5%8F%96-db-%E8%AE%BF%E9%97%AE%E5%AF%86%E7%A0%81

[rom1504]

solved by using frida. I think the problem is sometimes the imei comes from some other device number (like the one from another previous device)

I recommend using frida -U -n Wechat -l wechatdbpass.js https://github.com/ellermister/wechat-clean/blob/main/wechatdbpass.js

see basic instructions for frida at https://blog.greycode.top/posts/android-wechat-bak/

in english:

You can also obtain the access password through Frida. If you have a python environment on your computer, it is recommended to use this method, because this method can directly obtain the password without having to try the spliced ​​passwords one by one, and it is absolutely correct. First, install the Frida package on your computer using the following command:

copy $ pip install frida $ pip install frida-tools Then use adb to view the mobile phone architecture:

copy $ adb shell getprop ro.product.cpu.abi

arm64-v8a What you get is arm64-v8a, then go to https://github.com/frida/frida/releases page to download the corresponding frida-server--arm64.xz package, and then unzip it. Note: The version number of frida-server here must be consistent with the version number of frrida installed on the computer above, otherwise additional errors may occur. Transfer frida-server to the phone through adb:

copy $ adb push frida-server-<版本号>-android-arm /data/local/tmp Then run frida-server on your phone:

copy $ adb shell $ su $ cd /data/local/tmp $ chmod 777 frida-server-<版本号>-android-arm $ ./frida-server-<版本号>-android-arm After running, do not close the terminal interface. In addition, start a terminal and enter:

copy $ adb forward tcp:27042 tcp:27042 $ adb forward tcp:27043 tcp:27043 $ frida-ps -U If the terminal outputs some processes, it means that the environment has been set up successfully. After the setup is successful, run the following Python script on your computer:

[rom1504]

ah interesting actually the method to compute from the imei and uin actually also produced the same password I think the above frida method is useful anyway because it provides the passwords for the other DBs as well (which have different passwords apparently)

what was missing here are these 2 lines: c.execute("PRAGMA cipher_use_hmac = off;") c.execute("PRAGMA kdf_iter = 4000;")

without those, it doesn't work

they are not strictly needed but I think we should also add c.execute("PRAGMA cipher_page_size = 1024;") c.execute("PRAGMA cipher_hmac_algorithm = HMAC_SHA1;") c.execute("PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;")

as recommended in other places, for example https://blog.greycode.top/posts/android-wechat-bak/

opening a PR

[rom1504]

https://github.com/chg-hou/EnMicroMsg.db-Password-Cracker also worked but only the python version and after changing the prefix, will PR that there

[rom1504]

https://github.com/chg-hou/EnMicroMsg.db-Password-Cracker/pull/18

[rom1504]

97 PR for proposing alternative method frida

always good to have several alternatives

[rom1504]

so actually the new db params were not needed, I just needed to update sqlcipher properly (eg uninstall libsqlcipher0 and libsqlcipher-dev ubuntu package and install https://github.com/sqlcipher/sqlcipher/releases via make + make install )

[rom1504]

So everything works fine. Maybe one last thing to note here : most of the resources are now in the data folder instead of sdcard folder