IOError: [Errno 2] No such file or directory: 'encrypted_bananas_file'

[abhishakemitra]

Hi

This is the output I got when I tried the script. I have a rooted device.

8.0.0 Traceback (most recent call last): File "decrypt_photos.py", line 140, in decrypt_bananas_file() File "decrypt_photos.py", line 80, in decrypt_bananas_file with open("encrypted_bananas_file") as encrypted_bananas: IOError: [Errno 2] No such file or directory: 'encrypted_bananas_file'

[xeroxnir]

Hi, can you tell me what Snapchat version are you running? Because the script works only for versions 5.0.34.X or 5.0.38.X. You can check your version under the Settings->Application Manager->Snapchat tab. If your running any of those versions, try closing the application before running the script.

Joaquín

[abhishakemitra]

It got upgraded to version 8.0.0 on 17th November. Is there any hack for that?

[xeroxnir]

I'll have to look into the new update, i'll probably take a few days to check how the learn how new version encrypts images. Thanks for reporting this.

[abhishakemitra]

please let me know if you find a hack. it's urgent. need to submit a report in 3 weeks

[xeroxnir]

Hi, I just tested the script with the new version and it appeared to work. Did you close the application before running the script? are you running adb shell as root from start? (You should have # instead of $ when running adb shell). Remember the script only works for images so far, since it's a poc.

[abhishakemitra]

the app was closed but i think i missed the adb part.. so to summarise, please confirm if this is what i need to do:-- $ adb shell

su

python decrypt_images.py

the script is saved on the Desktop currently

[xeroxnir]

Hi, plese install adbd Insecure from Chainfire to make adb run as root from the start. Otherwise the script won't work because adb pull command can't pull files from internal memory.

[abhishakemitra]

but i am doing a forensic analysis currently by extracting the whole image and i have used adb pull and did not need to install any of those. But still could you please provide a link to those?

[xeroxnir]

Hi, sure, download from http://forum.xda-developers.com/showthread.php?t=1687590. The problem is using adb pull to extract something from /data/data/ folder, you need adb running as root to do that.

[abhishakemitra]

Thanks mate.. Will have a look and update my findings!!

Cheers!

[abhishakemitra]

I installed chainfire and then ran the script again.. And got the following error:--

$ python decrypt_photos.py 8.0.0 b4d975402fe47bbd Traceback (most recent call last): File "decrypt_photos.py", line 141, in decrypt_images() File "decrypt_photos.py", line 105, in decrypt_images if len(json_bananas) < len( os.listdir("encrypted_received_image_snaps") ): OSError: [Errno 2] No such file or directory: 'encrypted_received_image_snaps'

[xeroxnir]

Can you check if you check if you have the folder "received_image_snaps" under /data/data/com.snapchat.android/cache folder? Unloaded images are cached inside this folder when closing the application.

[abhishakemitra]

yes i do ![Uploading Screenshot from 2014-11-20 18:53:20.png . . .]()

[abhishakemitra]

[xeroxnir]

The folder is empty, apparently you have no unseen images. You must open the chat so the images are downloaded and then close the application so it's cached inside that folder. Try checking if there are images files inside that folder before running the script.

[abhishakemitra]

As you can see from the screenshots, I have opened the image and viewed it. Now, in the last 2 screenshots, you can see that the Received images folder is empty. But it is really interesting to see that there are some .nomedia files under cache/stories/received/thumbnail. Are the pics being stored in this new location now? Is that why the script is failing?

[xeroxnir]

Hi, did you check the received images folder after you viewed the image? I checked last night the script with two accounts and it seemed to work properly with the last Snapchat version. Are you checking /data/data/com.snapchat.android/cache (internal memory for the application) or the cache folders stored in the sdcard?

[abhishakemitra]

I am checking the internal memory of the phone. I am taking the whole image of /data. Please see the screenshot of the received images folder above

Also, when you said to close the app, did you mean to use the "force stop" function?

[xeroxnir]

No, force stop stops the app abruptly and doesn't give the application a chance to save the keys for the image in the bananas file and unloaded images can't be decrypted. You need to close it the normal way (press home screen and swipe gesture closing the app).

[abhishakemitra]

I did that. But still no snaps are being stored in the /data/com.snapchat.android/cache/received_image_snaps folder. I checked this from the extracted image of the device. Is there any particular reason that you could think of why this is happening?

[abhishakemitra]

also could you also confirm your version no please?

[pedelman]

I got this to work today by manually installing the snapchat APK with version 5.0.38.1. Hope that helps.

[abhishakemitra]

No I need to work on it on the latest one. The other guy said it works for him. Do you also face the same issue as me?

Regards Abhishek Mitra On 2 Dec 2014 04:25, "Patrick Edelman" notifications@github.com wrote:

I got this to work today by manually installing the snapchat APK with version 5.0.38.1. Hope that helps.

— Reply to this email directly or view it on GitHub https://github.com/programa-stic/snapchat-decrypt/issues/5#issuecomment-65181698 .

[abhishakemitra]

@zerokes

Did you try running it on the version 8.x?

[xeroxnir]

Yes, I did. It appeared to be working properly. No changes where made to the classes mentioned in the README file in 8.x from what i've seen.

[abhishakemitra]

Now I am getting this error suddenly:--

Traceback (most recent call last): File "decrypt_photos.py", line 135, in VERSION = get_version() File "decrypt_photos.py", line 64, in get_version print p.findall(version)[0].strip() IndexError: list index out of range

[xeroxnir]

The script is supposed to be a POC, changes could be made to make it more stable. For example, not having to run adb as root. Sometimes keys for images are lost because you received the image, then forced stoped the application (being unable to update the bananas key file). Cleaning the application data and reloading the unseen image may fix the issue.

The error you're seing comes from the script not being able to obtain the app version using the command adb shell dumpsys package com.snapchat.android, change the script to return "8.0.0" in getVersion() if you're sure to be running that version.

[abhishakemitra]

ok.. let me try.. thanks!!

[abhishakemitra]

ok.. since there are no files or folders under received_image_snaps, I changed the code in line nos 86 and 108. Look at attached screenshot. But still the script throws an error :-- Traceback (most recent call last): File "decrypt_photos.py", line 144, in decrypt_images() File "decrypt_photos.py", line 108, in decrypt_images if len(json_bananas) < len( os.listdir("received_image_snaps") ): OSError: [Errno 2] No such file or directory: 'received_image_snaps'

I tried this on two devices now, Samsung Galaxy Fame and Samsung Galaxy Note. Both yielded the same result

[abhishakemitra]

The script is not running in the device. It runs on the folder from where it is saved on the computer. Could you please share your email id or any other contact details so that I can contact you with more details?

[xeroxnir]

The script is not supposed to run in the device. In your script, adb pull is missing the output directory. It should be adb pull /data/data/cache/receive_images_snaps/ received_image_snaps/. 1) Have you tried looking for jpg.nomedia files outside the thumbnails folder? 2) Have you tried decrypting the bananas1 file alone to see what it has? 3) Checking the snapchat db to check for the reference for the snapchats received?

[abhishakemitra]

Hi

I'm currently restoring my laptop. Will look into it soon. Can I have your mail id if you don't mind so that I can send my findings to you right away?

Regards Abhishek Mitra On 5 Dec 2014 17:36, "zerokes" notifications@github.com wrote:

The script is not supposed to run in the device. In your script, adb pull is missing the output directory. It should be adb pull /data/data/cache/receive_images_snaps/ received_image_snaps/. 1) Have you tried looking for jpg.nomedia files outside the thumbnails folder? 2) Have you tried decrypting the bananas1 file alone to see what it has? 3) Checking the snapchat db to check for the reference for the snapchats received?

— Reply to this email directly or view it on GitHub https://github.com/programa-stic/snapchat-decrypt/issues/5#issuecomment-65825241 .

[abhishakemitra]

Hi @zerokes

The bananas1 file is getting pulled and decrypted. Checked the db and there are records of snaps being received. Also, there is 1 jpg.nomedia file but INSIDE the thumbnails folder.

The adb pull command is running for both the bananas1 file and the received folder. The problem is that the former is working perfectly but the folder is not getting pulled. Any ideas?

[abhishakemitra]

Ok. I tried pulling out the cache folder instead of the received images folder and it worked (thought the program couldn't decrypt anything for obvious reason).

But the funny thing is that there was no received images folder in the cache folder. That means when I am trying to pull the received images folder, the script is not able to find it and hence it crashes.

On the other hand, if I pull an image of the whole device, the received images folder is present in the cache folder.

[xeroxnir]

Hi, it appears as there were no unseen snapchats again. Have you tried sending yourself more snapchats images? In the database under snapimagefiles there's supposed to be a reference that relates snapsId to where the encrypted image file location. Check also under "receivedsnaps" if there are some images whose state is "UNVIEWED_AND_LOADED".

[abhishakemitra]

Are you saying that only unseen snaps can be seen? That if snaps are already viewed, they cannot be retrieved?

[nicoleneo]

Hi I'm a friend of @abhishakemitra . I have made a fork where ADB isn't required. Requires a file explorer to send the files to the computer.

I think received images were duplicated. Encrypted1 and encrypted2. Previously decrypted Encrypted1 as Decrypted1. A new file was created Encrypted2. Encrypted2 when decrypted is the same as Decrypted1. The old Encrypted1 can't be decrypted because there are no matching keys.

Could use deleted files recovery tools to recovered seen snaps?

[xeroxnir]

Hi, abhishakemitra, yes only unseen apps can be seen. This is because Snapchats saves the keys for only unseen images. After they are seen the keys I believe are removed from the 'bananas1' file. Second, theridlr, yes images may be duplicated. This may happen if you open the Snapchat application and let it load the unseen images but then stop the application without closing it properly (the script for example kills the application, it needs to close first) . This causes the application to not save the keys for the encrypted image in the 'bananas1' file. When opening Snapchat again, since the application was not closed properly a new copy of the image will be downloaded.

About using file recovery tools, i'm not sure. Since the 'bananas1' file with the keys for the images is not being deleted but overwritten I believe you won't be able to recover the keys for the seen snapchats.

[santimacia]

One short question, it works only with private messages or history images too?