CN105678174A - Method for decrypting WeChat encrypted data based on binary system - Google Patents
Method for decrypting WeChat encrypted data based on binary system Download PDFInfo
- Publication number
- CN105678174A CN105678174A CN201511028797.7A CN201511028797A CN105678174A CN 105678174 A CN105678174 A CN 105678174A CN 201511028797 A CN201511028797 A CN 201511028797A CN 105678174 A CN105678174 A CN 105678174A
- Authority
- CN
- China
- Prior art keywords
- data based
- uid
- android device
- imei
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for decrypting WeChat encrypted data based on the binary system, and belongs to the field of electronic data evidence collection. The method comprises the following steps of 101 obtaining a unique exclusive imei number of the Android device and a WeChat uid, and calculating the secret key; 102 making a mirror image document of the Android device; 103 encrypting a file identification by means of a WeChat encryption algorithm, and generating a unique exclusive encrypted data characteristic; 104 searching the content which is consistent with the data characteristic generated in the step 103 in the clear area of the mirror image document made in the step 102 by means of the encrypted data characteristic, and obtaining the address of the content, if the content is found out, a step 105 needs to be executed, if the content is not found out, the steps are ended; and 105 decrypting data encrypted in the step 103 by means of the WeChat encryption algorithm. The method for decrypting WeChat encrypted data based on the binary system is advantaged in that the problem that the WeChat encrypted data cannot be decrypted is solved, and the method is a major breakthrough for electronic evidence collection work.
Description
Technical field
The present invention relates to electronic evidence-collecting field, particularly to a kind of method adding ciphertext data based on binary system deciphering wechat.
Background technology
Improving constantly and expanding along with the provided service level of mobile communication technology and type service, mobile phone has been increasingly becoming contact instrument indispensable in people's Working Life, but meanwhile, utilize mobile phone to carry out swindling, calumniate and the criminal activity such as forgery is also of common occurrence. Mobile Phone Forensics hits an effective means of this kind of crime just. In concept, Mobile Phone Forensics is exactly put storage card and Mobile Network Operator data base from SIM cards of mobile phones, mobile phone inside/outside to collect, save from damage and analyze relevant electronic evidence, and the process of evidence that final therefrom acquisition has act of law, can be admitted by court.
The criminal behavior involving mobile phone at present substantially has three kinds: one to be use mobile phone to serve as liaison instrument in the implementation process of criminal behavior; Two is the storage media that mobile phone is used as a kind of evidence of crime; Last a kind of mode is the implementation tool that mobile phone is taken as the novel mobile phone criminal activities such as the harassing and wrecking of short message fraud, note and bogusware propagation. These all fully show that the correlational study carrying out Mobile Phone Forensics technology has sufficient necessity and great urgency for maintaining social stability, ensureing people's rights and interests and the behavior of fighting crime.
The target data related in Mobile Phone Forensics encryption often, especially with the chat class application that number is more, wechat data use SQLCipherforAndroid encryption storage, once suspect is by wechat application unloading, or after being formatted by mobile phone, these encrypting databases are that the mode that can not use customary means file signature is recovered, then such issues that run into, evidence obtaining will be had reached an impasse, and there is presently no good way and solves this problem.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, it is provided that a kind of method adding ciphertext data based on binary system deciphering wechat, it is possible to the problem effectively solving wechat encrypting database file.
For solving problem above, the technical solution used in the present invention is as follows: a kind of method adding ciphertext data based on binary system deciphering wechat, comprises the steps: unique exclusive No. imei and the wechat uid of 101 acquisition Android device computation key;102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive encryption data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
As preferably, the concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain Android device by searching Android device, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value.
As preferably, the file identification described in 103 is 0X53514C69746520666F726D6174203300.
As preferably, the wechat AES described in 103 is AES-256-CBC.
As preferably, described Android device includes Android mobile phone, Android flat board.
The method of the present invention can reach following effect: the present invention is by obtaining mobile phone imei, and wechat uid calculates key; Wechat AES AES-256-CBC is used to add ciphertext data; Image file is searched encryption Data Position; AES-256-CBC algorithm is finally used to decipher the data found. Said method can well solve wechat and add the problem that ciphertext data cannot be decrypted, becomes one of important breakthrough of electronic evidence-collecting work.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the present invention.
Detailed description of the invention
For making the purpose of the present invention, technical scheme and advantage clearly understand, develop simultaneously embodiment referring to accompanying drawing, the present invention is described in further details.
A kind of decipher the wechat method that adds ciphertext data based on binary system, for Android mobile phone:
101 unique exclusive No. imei and the wechat uid obtaining Android device, and computation key; 102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
The concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain mobile phone by searching mobile phone, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value;
The concrete grammar of 102 is as follows: under the premise having root authority, by overall for mobile phone mirror image, lays the groundwork for searching encrypted feature data below in mirror image;
The concrete grammar of 103 is as follows: wechat uses AES-256-CBC algorithm, this algorithm is increased income, wechat data base uses sqlite3 data base, sqlite3 data base has a file signature mark, owing to No. imei of each mobile phone is different, so the key generated also is unique, the file identification of use AES-256-CBC algorithm for encryption is also all just uniquely exclusive encryption data characteristics;
104 specifically comprise the following steps that in the mirror image clear area using encryption data characteristics to make in 102 is retrieved the data shape consistent with this feature and is obtained its address, if any then performing 105, it does not have then terminate.
105 specifically comprise the following steps that the data by the data of 103 encrypted features retrieve in 104 are decrypted by AES-256-CBC, it is possible to decrypt the whole of some wechat data or fragment.
Claims (5)
1. the method adding ciphertext data based on binary lookup wechat, it is characterised in that comprise the steps:
101 unique exclusive No. imei and the wechat uid obtaining Android device, and computation key; 102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive encryption data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
2. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1, it is characterized in that, the concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain Android device by searching Android device, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value.
3. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1 and 2, it is characterised in that the file identification described in 103 is 0X53514C69746520666F726D6174203300.
4. a kind of method adding ciphertext data based on binary lookup wechat according to claim 3, it is characterised in that the wechat AES described in 103 is AES-256-CBC.
5. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1, it is characterised in that described Android device includes Android mobile phone, Android flat board.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511028797.7A CN105678174A (en) | 2015-12-31 | 2015-12-31 | Method for decrypting WeChat encrypted data based on binary system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201511028797.7A CN105678174A (en) | 2015-12-31 | 2015-12-31 | Method for decrypting WeChat encrypted data based on binary system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105678174A true CN105678174A (en) | 2016-06-15 |
Family
ID=56298320
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201511028797.7A Pending CN105678174A (en) | 2015-12-31 | 2015-12-31 | Method for decrypting WeChat encrypted data based on binary system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105678174A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106788999A (en) * | 2016-12-09 | 2017-05-31 | 武汉中软通证信息技术有限公司 | A kind of wechat evidence collecting method and system based on data collision |
CN107563215A (en) * | 2016-07-01 | 2018-01-09 | 四川秘无痕信息安全技术有限责任公司 | A kind of Android system wechat chat record decryption method |
CN107563216A (en) * | 2016-07-01 | 2018-01-09 | 四川秘无痕信息安全技术有限责任公司 | A kind of Android system QQ chat record decryption methods |
CN108777621A (en) * | 2018-05-30 | 2018-11-09 | 盘石软件(上海)有限公司 | A method of obtaining means of payment Alipay transaction record |
CN110046506A (en) * | 2017-12-27 | 2019-07-23 | 三星电子株式会社 | Store equipment and including the storage system for storing equipment and the method operated using it |
WO2022028255A1 (en) * | 2020-08-04 | 2022-02-10 | 公安部第三研究所 | Data extraction method and system for mobile phone enterprise wechat, and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101183419A (en) * | 2007-12-07 | 2008-05-21 | 武汉达梦数据库有限公司 | Data-base storage ciphering method based on conversation |
US20100067706A1 (en) * | 2007-05-30 | 2010-03-18 | Fujitsu Limited | Image encrypting device, image decrypting device and method |
-
2015
- 2015-12-31 CN CN201511028797.7A patent/CN105678174A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100067706A1 (en) * | 2007-05-30 | 2010-03-18 | Fujitsu Limited | Image encrypting device, image decrypting device and method |
CN101183419A (en) * | 2007-12-07 | 2008-05-21 | 武汉达梦数据库有限公司 | Data-base storage ciphering method based on conversation |
Non-Patent Citations (3)
Title |
---|
SANGJUN JEON等: "A recovery method of deleted record for SQLite database", 《PERSONAL AND UBIQUITOUS COMPUTING》 * |
佚名: "微信EnMicroMsg.db文件怎么破解", 《HTTPS://JINGYAN.BAIDU.COM/ARTICLE/4F7D5712D1EF1C1A2019271B.HTML》 * |
易帅等: "SQLite数据库删除记录恢复方法", 《信息工程大学学报》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107563215A (en) * | 2016-07-01 | 2018-01-09 | 四川秘无痕信息安全技术有限责任公司 | A kind of Android system wechat chat record decryption method |
CN107563216A (en) * | 2016-07-01 | 2018-01-09 | 四川秘无痕信息安全技术有限责任公司 | A kind of Android system QQ chat record decryption methods |
CN106788999A (en) * | 2016-12-09 | 2017-05-31 | 武汉中软通证信息技术有限公司 | A kind of wechat evidence collecting method and system based on data collision |
CN106788999B (en) * | 2016-12-09 | 2020-05-19 | 武汉中软通证信息技术有限公司 | WeChat evidence obtaining method and system based on data collision |
CN110046506A (en) * | 2017-12-27 | 2019-07-23 | 三星电子株式会社 | Store equipment and including the storage system for storing equipment and the method operated using it |
CN108777621A (en) * | 2018-05-30 | 2018-11-09 | 盘石软件(上海)有限公司 | A method of obtaining means of payment Alipay transaction record |
WO2022028255A1 (en) * | 2020-08-04 | 2022-02-10 | 公安部第三研究所 | Data extraction method and system for mobile phone enterprise wechat, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105678174A (en) | Method for decrypting WeChat encrypted data based on binary system | |
CN105260668B (en) | A kind of file encrypting method and electronic equipment | |
KR102051720B1 (en) | Method and apparatus for encrypting/decrypting data on mobile terminal | |
CN106096424B (en) | A kind of pair of local data carries out encryption method and terminal | |
CN113346998B (en) | Key updating and file sharing method, device, equipment and computer storage medium | |
CN104283853A (en) | Method, terminal device and network device for improving information safety | |
CN104657670A (en) | Data encryption based safety use method of configuration file | |
CN110704854B (en) | Stream type encryption method aiming at text data reserved format | |
CN104318286A (en) | NFC label data management method and system and terminal | |
CN111065101A (en) | 5G communication information encryption and decryption method and device based on block chain and storage medium | |
CN112039902A (en) | Data encryption method and device | |
CN104809410A (en) | Individual privacy protected credit investigation data desensitized acquisition method | |
CN102135944A (en) | Method for safe data storage in mobile communication equipment | |
CN102612025B (en) | Protective system and protective method for mobile phone documents | |
KR101358375B1 (en) | Prevention security system and method for smishing | |
CN104936172A (en) | Beidou positioning data transmission encryption system | |
CN112287371B (en) | Method and device for storing industrial data and computer equipment | |
CN102622251A (en) | Method and server for managing navigation software upgrading | |
CN105515757A (en) | Security information interaction equipment based on trusted execution environment | |
CN111475690B (en) | Character string matching method and device, data detection method and server | |
CN105357665A (en) | Encryption method for sensitive data of mobile phone and off-line decryption method based on same | |
CN117640150A (en) | Terminal authentication method, carbon emission supervision integrated platform and terminal authentication device | |
CN102223229A (en) | Method for safe transmission of data in public network | |
CN105022963A (en) | Document storage method, system and mobile terminal | |
CN103209240A (en) | Method and system for encrypting and deciphering data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160615 |
|
RJ01 | Rejection of invention patent application after publication |