WARNING: The following procedures are unofficial and dangerous. Be aware that you might break your Threema installation.
NEVER leave your private key on a public computer. Keep it private!
Update: I wrote a short wrap blog post about my insights.
On a Debian-like system it should be as easy as:
sudo apt-get install sqlcipher sqlite
Download this code to your computer
git clone https://github.com/greenify/threema-decrypt
cd threema-decrypt
Copy key.dat
and threema.db
to your computer (root is needed) in this folder.
Exact paths:
/data/data/ch.threema.app/files/key.dat
/data/data/ch.threema.app/databases/threema.db
We first need to convert the binary key to its string version.
javac ThreemaDecrypt.java && java ThreemaDecrypt key.dat > key.plain
key.plain
should look roughly like this. It's a 64 character hex string which
SQLCipher will automatically convert to its 32bytes (256 bits) representation.
x"a50b..."
Now using our fresh plain-text key, we can decrypt the database.
./decrypt.sh threema key.plain
You now can use any tool like sqlite3
(CLI) or SQLiteBrowser (GUI)
to browse through the encrypted database.
Warning: Newer versions of Threema might change the database layout.
If you need to make changes, I recommend to work on the encrypted database directly by opening it with sqlcipher.
sqlcipher threema.db
To encrypt it enter your full hexadecimal key (with 'x').
PRAGMA cipher_default_kdf_iter = 4000;PRAGMA key='x"your-key"';
You can also encrypt the database. However if you plan to push it make to your device, I recommend you to use the previous approach and open it directly in sqlcipher as you might loose your indexes by this procedure.
./encrypt.sh threema key.plain
You can find the referenced media files in sdcard/Android/data/ch.threema.app/files/data
.
They are hidden files and the suffix _T
is obviously for thumbnails.
Once you have copied your desired file to your computer, you can decrypt it with:
javac ThreemaDecrypt.java && java ThreemaDecrypt 7bc0df74ca2e40af897152bcf7836624
(where 7bc...
is the to encrypted filename)
Most image viewer should recognize the file format automatically, otherwise
append .jpg
.
This procedure and part of its source code resulted from decompiling Threema android source. I am not the owner nor legal representative of their intellectual property. Happy hacking!