CN105678174A - Method for decrypting WeChat encrypted data based on binary system - Google Patents

Method for decrypting WeChat encrypted data based on binary system Download PDF

Info

Publication number
CN105678174A
CN105678174A CN201511028797.7A CN201511028797A CN105678174A CN 105678174 A CN105678174 A CN 105678174A CN 201511028797 A CN201511028797 A CN 201511028797A CN 105678174 A CN105678174 A CN 105678174A
Authority
CN
China
Prior art keywords
wechat
data based
uid
android device
imei
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201511028797.7A
Other languages
Chinese (zh)
Inventor
黄旭
赵飞
朱星海
张佳强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SICHUAN MWH INFORMATION SAFETY TECHNOLOGY Co Ltd
Original Assignee
SICHUAN MWH INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN MWH INFORMATION SAFETY TECHNOLOGY Co Ltd filed Critical SICHUAN MWH INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority to CN201511028797.7A priority Critical patent/CN105678174A/en
Publication of CN105678174A publication Critical patent/CN105678174A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method for decrypting WeChat encrypted data based on the binary system, and belongs to the field of electronic data evidence collection. The method comprises the following steps of 101 obtaining a unique exclusive imei number of the Android device and a WeChat uid, and calculating the secret key; 102 making a mirror image document of the Android device; 103 encrypting a file identification by means of a WeChat encryption algorithm, and generating a unique exclusive encrypted data characteristic; 104 searching the content which is consistent with the data characteristic generated in the step 103 in the clear area of the mirror image document made in the step 102 by means of the encrypted data characteristic, and obtaining the address of the content, if the content is found out, a step 105 needs to be executed, if the content is not found out, the steps are ended; and 105 decrypting data encrypted in the step 103 by means of the WeChat encryption algorithm. The method for decrypting WeChat encrypted data based on the binary system is advantaged in that the problem that the WeChat encrypted data cannot be decrypted is solved, and the method is a major breakthrough for electronic evidence collection work.

Description

A kind of method adding ciphertext data based on binary system deciphering wechat
Technical field
The present invention relates to electronic evidence-collecting field, particularly to a kind of method adding ciphertext data based on binary system deciphering wechat.
Background technology
Improving constantly and expanding along with the provided service level of mobile communication technology and type service, mobile phone has been increasingly becoming contact instrument indispensable in people's Working Life, but meanwhile, utilize mobile phone to carry out swindling, calumniate and the criminal activity such as forgery is also of common occurrence. Mobile Phone Forensics hits an effective means of this kind of crime just. In concept, Mobile Phone Forensics is exactly put storage card and Mobile Network Operator data base from SIM cards of mobile phones, mobile phone inside/outside to collect, save from damage and analyze relevant electronic evidence, and the process of evidence that final therefrom acquisition has act of law, can be admitted by court.
The criminal behavior involving mobile phone at present substantially has three kinds: one to be use mobile phone to serve as liaison instrument in the implementation process of criminal behavior; Two is the storage media that mobile phone is used as a kind of evidence of crime; Last a kind of mode is the implementation tool that mobile phone is taken as the novel mobile phone criminal activities such as the harassing and wrecking of short message fraud, note and bogusware propagation. These all fully show that the correlational study carrying out Mobile Phone Forensics technology has sufficient necessity and great urgency for maintaining social stability, ensureing people's rights and interests and the behavior of fighting crime.
The target data related in Mobile Phone Forensics encryption often, especially with the chat class application that number is more, wechat data use SQLCipherforAndroid encryption storage, once suspect is by wechat application unloading, or after being formatted by mobile phone, these encrypting databases are that the mode that can not use customary means file signature is recovered, then such issues that run into, evidence obtaining will be had reached an impasse, and there is presently no good way and solves this problem.
Summary of the invention
The present invention is directed to the deficiencies in the prior art, it is provided that a kind of method adding ciphertext data based on binary system deciphering wechat, it is possible to the problem effectively solving wechat encrypting database file.
For solving problem above, the technical solution used in the present invention is as follows: a kind of method adding ciphertext data based on binary system deciphering wechat, comprises the steps: unique exclusive No. imei and the wechat uid of 101 acquisition Android device computation key;102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive encryption data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
As preferably, the concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain Android device by searching Android device, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value.
As preferably, the file identification described in 103 is 0X53514C69746520666F726D6174203300.
As preferably, the wechat AES described in 103 is AES-256-CBC.
As preferably, described Android device includes Android mobile phone, Android flat board.
The method of the present invention can reach following effect: the present invention is by obtaining mobile phone imei, and wechat uid calculates key; Wechat AES AES-256-CBC is used to add ciphertext data; Image file is searched encryption Data Position; AES-256-CBC algorithm is finally used to decipher the data found. Said method can well solve wechat and add the problem that ciphertext data cannot be decrypted, becomes one of important breakthrough of electronic evidence-collecting work.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of the present invention.
Detailed description of the invention
For making the purpose of the present invention, technical scheme and advantage clearly understand, develop simultaneously embodiment referring to accompanying drawing, the present invention is described in further details.
A kind of decipher the wechat method that adds ciphertext data based on binary system, for Android mobile phone:
101 unique exclusive No. imei and the wechat uid obtaining Android device, and computation key; 102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
The concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain mobile phone by searching mobile phone, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value;
The concrete grammar of 102 is as follows: under the premise having root authority, by overall for mobile phone mirror image, lays the groundwork for searching encrypted feature data below in mirror image;
The concrete grammar of 103 is as follows: wechat uses AES-256-CBC algorithm, this algorithm is increased income, wechat data base uses sqlite3 data base, sqlite3 data base has a file signature mark, owing to No. imei of each mobile phone is different, so the key generated also is unique, the file identification of use AES-256-CBC algorithm for encryption is also all just uniquely exclusive encryption data characteristics;
104 specifically comprise the following steps that in the mirror image clear area using encryption data characteristics to make in 102 is retrieved the data shape consistent with this feature and is obtained its address, if any then performing 105, it does not have then terminate.
105 specifically comprise the following steps that the data by the data of 103 encrypted features retrieve in 104 are decrypted by AES-256-CBC, it is possible to decrypt the whole of some wechat data or fragment.

Claims (5)

1. the method adding ciphertext data based on binary lookup wechat, it is characterised in that comprise the steps:
101 unique exclusive No. imei and the wechat uid obtaining Android device, and computation key; 102 make Android device image file; 103 use wechat AES encryption file identification to generate uniquely exclusive encryption data characteristics; The clear area of the image file that 104 use encryption data characteristicses make in 102 is retrieved the content consistent with the data characteristics that 103 produce and obtained its address, if any then performing 105, it does not have then terminate; 105 use the deciphering of wechat algorithm through the data of 103 encryptions.
2. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1, it is characterized in that, the concrete grammar of 101 is as follows: arrange unique exclusive No. imei that can directly obtain Android device by searching Android device, the uid of wechat can be directly obtained by two cfg files under the MicroMsg file of lookup wechat, two cfg files are systeminfo.cfg and compatibleinfo.cfg respectively, after obtaining No. imei and wechat uid, key is (imei+uid) and takes the first seven position of MD5 value.
3. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1 and 2, it is characterised in that the file identification described in 103 is 0X53514C69746520666F726D6174203300.
4. a kind of method adding ciphertext data based on binary lookup wechat according to claim 3, it is characterised in that the wechat AES described in 103 is AES-256-CBC.
5. a kind of method adding ciphertext data based on binary lookup wechat according to claim 1, it is characterised in that described Android device includes Android mobile phone, Android flat board.
CN201511028797.7A 2015-12-31 2015-12-31 Method for decrypting WeChat encrypted data based on binary system Pending CN105678174A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511028797.7A CN105678174A (en) 2015-12-31 2015-12-31 Method for decrypting WeChat encrypted data based on binary system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511028797.7A CN105678174A (en) 2015-12-31 2015-12-31 Method for decrypting WeChat encrypted data based on binary system

Publications (1)

Publication Number Publication Date
CN105678174A true CN105678174A (en) 2016-06-15

Family

ID=56298320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511028797.7A Pending CN105678174A (en) 2015-12-31 2015-12-31 Method for decrypting WeChat encrypted data based on binary system

Country Status (1)

Country Link
CN (1) CN105678174A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788999A (en) * 2016-12-09 2017-05-31 武汉中软通证信息技术有限公司 A kind of wechat evidence collecting method and system based on data collision
CN107563216A (en) * 2016-07-01 2018-01-09 四川秘无痕信息安全技术有限责任公司 A kind of Android system QQ chat record decryption methods
CN107563215A (en) * 2016-07-01 2018-01-09 四川秘无痕信息安全技术有限责任公司 A kind of Android system wechat chat record decryption method
CN108777621A (en) * 2018-05-30 2018-11-09 盘石软件(上海)有限公司 A method of obtaining means of payment Alipay transaction record
CN110046506A (en) * 2017-12-27 2019-07-23 三星电子株式会社 Store equipment and including the storage system for storing equipment and the method operated using it
WO2022028255A1 (en) * 2020-08-04 2022-02-10 公安部第三研究所 Data extraction method and system for mobile phone enterprise wechat, and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101183419A (en) * 2007-12-07 2008-05-21 武汉达梦数据库有限公司 Data-base storage ciphering method based on conversation
US20100067706A1 (en) * 2007-05-30 2010-03-18 Fujitsu Limited Image encrypting device, image decrypting device and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100067706A1 (en) * 2007-05-30 2010-03-18 Fujitsu Limited Image encrypting device, image decrypting device and method
CN101183419A (en) * 2007-12-07 2008-05-21 武汉达梦数据库有限公司 Data-base storage ciphering method based on conversation

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
SANGJUN JEON等: "A recovery method of deleted record for SQLite database", 《PERSONAL AND UBIQUITOUS COMPUTING》 *
佚名: "微信EnMicroMsg.db文件怎么破解", 《HTTPS://JINGYAN.BAIDU.COM/ARTICLE/4F7D5712D1EF1C1A2019271B.HTML》 *
易帅等: "SQLite数据库删除记录恢复方法", 《信息工程大学学报》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107563216A (en) * 2016-07-01 2018-01-09 四川秘无痕信息安全技术有限责任公司 A kind of Android system QQ chat record decryption methods
CN107563215A (en) * 2016-07-01 2018-01-09 四川秘无痕信息安全技术有限责任公司 A kind of Android system wechat chat record decryption method
CN106788999A (en) * 2016-12-09 2017-05-31 武汉中软通证信息技术有限公司 A kind of wechat evidence collecting method and system based on data collision
CN106788999B (en) * 2016-12-09 2020-05-19 武汉中软通证信息技术有限公司 WeChat evidence obtaining method and system based on data collision
CN110046506A (en) * 2017-12-27 2019-07-23 三星电子株式会社 Store equipment and including the storage system for storing equipment and the method operated using it
CN108777621A (en) * 2018-05-30 2018-11-09 盘石软件(上海)有限公司 A method of obtaining means of payment Alipay transaction record
WO2022028255A1 (en) * 2020-08-04 2022-02-10 公安部第三研究所 Data extraction method and system for mobile phone enterprise wechat, and storage medium

Similar Documents

Publication Publication Date Title
CN105678174A (en) Method for decrypting WeChat encrypted data based on binary system
CN105260668B (en) A kind of file encrypting method and electronic equipment
KR102051720B1 (en) Method and apparatus for encrypting/decrypting data on mobile terminal
CN113346998B (en) Key updating and file sharing method, device, equipment and computer storage medium
CN104283853A (en) Method, terminal device and network device for improving information safety
CN104657670A (en) Data encryption based safety use method of configuration file
CN106096424A (en) One is encrypted method and terminal to local data
CN110704854B (en) Stream type encryption method aiming at text data reserved format
CN103699823A (en) Identity authentication system based on user behavior pattern and method thereof
CN112039902A (en) Data encryption method and device
CN111065101A (en) 5G communication information encryption and decryption method and device based on block chain and storage medium
CN104809410A (en) Individual privacy protected credit investigation data desensitized acquisition method
CN102135944A (en) Method for safe data storage in mobile communication equipment
CN102612025B (en) Protective system and protective method for mobile phone documents
KR101358375B1 (en) Prevention security system and method for smishing
CN104936172A (en) Beidou positioning data transmission encryption system
CN112287371B (en) Method and device for storing industrial data and computer equipment
CN102622251A (en) Method and server for managing navigation software upgrading
CN105515757A (en) Security information interaction equipment based on trusted execution environment
CN111475690B (en) Character string matching method and device, data detection method and server
CN105357665A (en) Encryption method for sensitive data of mobile phone and off-line decryption method based on same
CN117640150A (en) Terminal authentication method, carbon emission supervision integrated platform and terminal authentication device
CN102223229A (en) Method for safe transmission of data in public network
CN105022963A (en) Document storage method, system and mobile terminal
CN103209240A (en) Method and system for encrypting and deciphering data

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160615

RJ01 Rejection of invention patent application after publication