Open rom1504 opened 8 years ago
rom1504
commented
8 years ago Okay I figured out where it was : in WeChat Files in Documents. Got 3 .data files with one being 26M , one 1.3M and 28K Hopefully it's a readable format, and really hopefully it's not encrypted.
rom1504
commented
8 years ago Now that I've got the files, a possibility would be connecting the windows vm to the android emulator via usb (not sure how easy that is to simulate) and restoring on the emulator. Then maybe the files you get there are easier to read than the backup files.
rom1504
commented
8 years ago I'm getting this from binwalk on the bigger file:
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
7312867 0x6F95E3 MySQL MISAM compressed data file Version 1
24565656 0x176D798 lrzip compressed databut trying to open the extracted lrzip file result in Attempting to work with file produced by newer lrzip version 39.-69 file. and Unknown encryption
Reading http://dev.mysql.com/doc/refman/5.7/en/myisam-storage-engine.html and trying to myisamchk the second biggest file as a .MYI (https://dev.mysql.com/doc/refman/5.7/en/myisamchk.html ) result in myisamchk: error: 'index.MYI' is not a MyISAM-table
rom1504
commented
8 years ago It is quite possible that binwalk is wrong and that file is simple encrypted.
The smallest file is kind of readable in vim, it starts with &bakID and seems to have one hash every line. And it finishes by Nexus 6º
binwalk doesn't know anything about the second biggest file.
rom1504
commented
8 years ago Only decent option I found : get an other phone, root it, backup on it, get the db. Except now the db is encrypted (it used to be stored unencrypted).
But someone created that great repo https://github.com/ppwwyyxx/wechat-dump , thanks for that.
rom1504
commented
8 years ago https://github.com/ppwwyyxx/wechat-dump indeed works for decrypting the db. Very nice !
rom1504
commented
8 years ago About the emulator : even if I managed to fake the wifi, the problem wouldn't be solved because the wechat backup tool requires to point the phone who gets the backup to a QR code with the camera. Having to fake the camera too would be annoying.
Getting a different (old) phone is definitely much much easier.
rom1504
commented
7 years ago https://github.com/rom1504/sshd_android is a good way to autosync the wechat files.
rom1504
commented
11 months ago back at this in 2023, wechat-dump working well, and this repo idea is still as valid as ever
http://www.wechat.com/en/ is a very popular Instant Messaging chinese application. If you have a rooted phone you can just take the sqlite3 database from /data If you don't (and currently my phone is not rooted), to find an other way is required. The only working possibility I found is to install a windows vm and install the wechat windows app. That app has a backup to pc functionality. The next step is figuring out where the backup files are stored and what format they are in.
Edit: An other possibility I explored is running an android emulator and using the phone-to-phone backup functionnality, sadly that doesn't quite work as the phone-to-phone backup requires a wifi connection and the android emulator doesn't have that functionality (see https://github.com/lemonsqueeze/FakeWifiConnection/issues/8 for further attempt on that)