wilzbach / threema-decrypt

Decrypt Threema's Android SQLite database
22 stars 4 forks source link

Threema Version 4 - DB-Update #2

Open moffer opened 5 years ago

moffer commented 5 years ago

Since Threema Version 4 it is using also an updated version of sqlcipher (version 4). Therefore also some other configurations of sqlcipher has been updated. Instead of PRAGMA cipher_default_kdf_iter = 4000;... following code is needed:

PRAGMA cipher_default_kdf_iter = 1;
PRAGMA key='$key';
PRAGMA kdf_iter = 1;
PRAGMA cipher_memory_security = OFF;

Otherwise it says file is not a database.

mrthaggar commented 4 years ago

Have you been able to read the contents of the threema4.db using this tool?

ohunecker commented 4 years ago

Yes, you can decrypt content from threema4.db with this tool. All you need is sqlclipher version 4. Older versions only show the error:

error: file is encrypted or is not a database

You can check your local version with PRAGMA cipher_version;

Build a newer version from sqlclipher from source if needed and use the PRAGMA-Params from moffer's post to decrypt database.