CN107563215A - A kind of Android system wechat chat record decryption method - Google Patents
A kind of Android system wechat chat record decryption method Download PDFInfo
- Publication number
- CN107563215A CN107563215A CN201610520490.7A CN201610520490A CN107563215A CN 107563215 A CN107563215 A CN 107563215A CN 201610520490 A CN201610520490 A CN 201610520490A CN 107563215 A CN107563215 A CN 107563215A
- Authority
- CN
- China
- Prior art keywords
- file
- catalogue
- key
- uin
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of Android system wechat chat record decryption method, its step is:S1:" com.tencent.mm " catalogue is found in mobile phone;S2:Travel through WeChat accounts directory number;S3:Look for path for " cdn cdninfo.txt " file, or the file looked in " cdndnsinfo " catalogue;S4:UIN is found according to S4 file;S5:Obtain the IMEI that wechat uses mobile phone;S6:The clear crytpographic key of 7 characters is calculated by the UIN characters and IMEI characters that get.Beneficial effects of the present invention are as follows:Wechat database decruption key is fast and accurately found, Android wechat chat record is decrypted, can completely recover encryption data, helps the police to solve a case, reduces victim's loss.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of Android system wechat chat record decryption method.
Background technology
Information data epoch communication APP is conventional social tool, and these social tools store in long-term use
Substantial amounts of user profile, is the data of the emphasis extraction of data evidence obtaining;But due to the consideration of its personal secrets, usual social work
The data of tool have all carried out encryption storage, and this causes no small trouble to loss of data evidence obtaining.Wherein in substantial amounts of social work
In tool, wechat customer volume is preeminent, and Android wechat chat record database is deposited for encryption.And can there is presently no a kind of technology
So that wechat encryption data to be decrypted.
The content of the invention
The defects of present invention is directed to prior art, there is provided a kind of Android system wechat chat record decryption method, can have
Solution the above-mentioned problems of the prior art of effect.
A kind of Android system wechat chat record decryption method, comprises the following steps:
S1:Judge to whether there is " com.tencent.mm " mesh in " data " catalogue of Android mobile phone user data subregion
Record, if there may be wechat chat record data in the Android mobile phone if expression being present, perform S2;Otherwise in the Android mobile phone not
Wechat chat record data be present, terminate;
S2:" MicroMsg " catalogue in recursive scanning " com.tencent.mm " catalogue, find the entitled MD5 values of catalogue,
Length is the catalogue of 32 character strings, and the number by counting above-mentioned catalogue can obtain what the historical log in Android mobile phone was crossed
WeChat accounts number, also need to find " EnMicroMsg.db " file;
S3:Look for path for " cdn cdninfo.txt " file, or the file looked in " cdndnsinfo " catalogue;
S4:The UIN of file in " cdninfo.txt " file or " cdndnsinfo " catalogue, UIN is looked for be recorded in keyword
After " 0x010102010102 ", the key bytes latter one byte is byte length shared by UIN, by specifying after length byte
Length byte is converted into after the binary data character string of symbol 10 being the UIN for decryption;
S5:The IMEI that wechat uses mobile phone is obtained, detailed step is as follows:
S51:Judge whether there is the file of one entitled " CompatibleInfo.cfg " in " MicroMsg " catalogue, if should
File, which exists, to be continued to parse this document, performs S52;Terminate if this document is not present;
S52:" CompatibleInfo.cfg " file is that a Java serializes file, the side serialized by anti-Java
Formula finds the field data where IMEI, can also be found by way of search key section " 0x000001027400 ", the pass
Key byte latter one byte is byte length shared by IMEI, the designated length byte after length byte, is exactly IMEI data
Body.
S6:The clear crytpographic key of 7 characters, its detailed step are calculated by the UIN characters and IMEI characters that get
It is as follows:
S61:By the IMEI character strings got, UIN character strings are arrived plus acquisition, this group of character string is passed through into MD5
Small letter md5 values are calculated in algorithm, take preceding 7 characters as clear crytpographic key;
S62:7 clear crytpographic keys obtained are used as initial key, 16 bytes works before EnMicroMsg.db database files
For initial vector, OpenSSL officials libeay32 built-in functions (PKCS5_PBKDF2_HMAC_SHA1 (), key iteration time are called
Number is 4000 times, and what can be derived from arrives decruption key;The key calculated is passed to OpenSSL officials libeay32 built-in functions
AES_set_decrypt_key () obtains AES256 decruption keys;
The page size of " EnMicroMsg.db " file encryption database is 1024 bytes, and every page of last 16 bytes are
Descrambled vector, decryption unit is for the first time 1024-32 bytes, is later each 1024-16 bytes, recursive call OpenSSL official
Square libeay32 built-in functions AES_cbc_encrypt () can complete to decrypt;
S63:By original 16 bytes of wechat database file head after decryption
" 0x53514C69746520666F726D6174203300 " reduction covering, can normally check wechat database file.
Compared with prior art the advantage of the invention is that:Wechat database decruption key is fast and accurately found, to peace
Zhuo Weixin chat records are decrypted, and can completely recover encryption data, help the police to solve a case, and reduce victim's loss.
Embodiment
For the objects, technical solutions and advantages of the present invention are more clearly understood, by the following examples, the present invention is done into
One step describes in detail.
A kind of Android system wechat chat record decryption method, comprises the following steps:
S1:Android wechat APP chat record databases be stored in Android mobile phone user data subregion " data
Com.tencent.mm " in path.If exist in " data " catalogue of Android mobile phone user data subregion
" com.tencent.mm " catalogue, then illustrate to there may be wechat chat record data in the Android mobile phone, otherwise the Android hand
Wechat chat record data are not present in machine.
S2:" MicroMsg " catalogue in recursive scanning " com.tencent.mm " catalogue, find the entitled MD5 values of catalogue,
Length is the catalogue of 32 character strings, different WeChat accounts data is saved in each catalogue, wherein " EnMicroMsg.db "
File is wechat chat record SQLite database files, can be obtained by the number for counting above-mentioned catalogue in Android mobile phone
The WeChat accounts number that historical log is crossed.
S3:Look for path for " cdn cdninfo.txt " file, record has WeChat accounts in cdninfo.txt files
UIN, or judge that the file in " cdndnsinfo " catalogue may be remembered with the presence or absence of there is file in " cdndnsinfo " catalogue
Record has the UIN of WeChat accounts.The effective document path found under storage.
S4:After UIN in " cdninfo.txt " file is recorded in keyword " 0x010102010102 ", the key bytes
Latter one byte is byte length shared by UIN, and normal length byte is 0x04 or 0x03 etc., by the specified length after length byte
Spend byte, i.e. 4 or 3 byte conversions into have after the binary data character string of symbol 10 be for decryption UIN (such as:
0x3E6B2EA0 change after into 1047211680).The UIN of file, key bytes and recording mode in " cdndnsinfo " catalogue
It is identical with " cdninfo.txt " file.Only need to obtain UIN in a file corresponding to more than in each WeChat accounts catalogue
Can the UIN of each WeChat accounts (different).
S5:Obtain the IMEI that wechat uses mobile phone
(1) there is the file of one entitled " CompatibleInfo.cfg " in " MicroMsg " catalogue, if this document is present
Continue to parse this document, return and terminate if this document is not present.
(2) " CompatibleInfo.cfg " file is a Java serializing file, can be serialized by anti-Java
Mode find field data where IMEI, can also be found by way of search key section " 0x000001027400 ",
The key bytes latter one byte is byte length shared by IMEI, and normal length byte is 0x0F or 0x0E etc., length byte
Designated length byte afterwards, i.e., the data of 15 or 14 bytes are exactly IMEI data volume.
S6:The clear crytpographic key of 7 characters is calculated by the UIN characters and IMEI characters that get;
(1) by the IMEI character strings got, UIN character strings is arrived plus acquisition, this group of character string is calculated by MD5
Small letter md5 values are calculated in method, take preceding 7 characters (letter is small letter) to be used as clear crytpographic key.
(2) by 7 previously obtained passwords as initial key, 16 bytes before EnMicroMsg.db database files
As initial vector, OpenSSL officials libeay32 built-in functions (PKCS5_PBKDF2_HMAC_SHA1 (), key iteration are called
Number is 4000 times, and what can be derived from arrives decruption key.The key calculated is passed to OpenSSL officials libeay32 built-in functions
AES_set_decrypt_key () obtains AES256 decruption keys.
The page size of " EnMicroMsg.db " file encryption database is 1024 bytes, and every page of last 16 bytes are
Descrambled vector, decryption unit is for the first time 1024-32 bytes, is later each 1024-16 bytes, and recursive call calls
OpenSSL officials libeay32 built-in function AES_cbc_encrypt () can complete to decrypt.
(3) because 16 bytes house decryption initial vector before the wechat database file of encryption, cause original
SQLite file headers are capped;Therefore by original 16 bytes of its file header
" 0x53514C69746520666F726D6174203300 " reduction covering, can normally check wechat database file.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader and understands this hair
Bright implementation, it should be understood that protection scope of the present invention is not limited to such especially statement and embodiment.Ability
The those of ordinary skill in domain can be made according to these technical inspirations disclosed by the invention it is various do not depart from essence of the invention its
Its various specific deformations and combination, these deformations and combination are still within the scope of the present invention.
Claims (1)
1. a kind of Android system wechat chat record decryption method, it is characterised in that comprise the following steps:
S1:Judge to whether there is " com.tencent.mm " catalogue in " data " catalogue of Android mobile phone user data subregion, if
In the presence of there may be wechat chat record data in the expression then Android mobile phone, S2 is performed;Otherwise it is not present in the Android mobile phone
Wechat chat record data, terminate;
S2:" MicroMsg " catalogue in recursive scanning " com.tencent.mm " catalogue, find the entitled MD5 values of catalogue, length
For the catalogue of 32 character strings, the wechat that historical log is crossed in Android mobile phone can be obtained by the number for counting above-mentioned catalogue
Account number number, also need to find " EnMicroMsg.db " file;
S3:Look for path for " cdn cdninfo.txt " file, or the file looked in " cdndnsinfo " catalogue;
S4:The UIN of file in " cdninfo.txt " file or " cdndnsinfo " catalogue, UIN is looked for be recorded in keyword
After " 0x010102010102 ", the key bytes latter one byte is byte length shared by UIN, by specifying after length byte
Length byte is converted into after the binary data character string of symbol 10 being the UIN for decryption;
S5:The IMEI that wechat uses mobile phone is obtained, detailed step is as follows:
S51:Judge whether there is the file of one entitled " CompatibleInfo.cfg " in " MicroMsg " catalogue, if this document
In the presence of parsing this document is continued, S52 is performed;Terminate if this document is not present;
S52:" CompatibleInfo.cfg " file is a Java serializing file, is looked for by way of anti-Java is serialized
To the field data where IMEI, can also be found by way of search key section " 0x000001027400 ", the keyword
Section latter one byte is byte length shared by IMEI, the designated length byte after length byte, is exactly IMEI data volume;
S6:The clear crytpographic key of 7 characters is calculated by the UIN characters and IMEI characters that get, its detailed step is as follows:
S61:By the IMEI character strings got, UIN character strings are arrived plus acquisition, this group of character string is passed through into MD5 algorithms
Small letter md5 values are calculated, take preceding 7 characters as clear crytpographic key;
S62:7 clear crytpographic keys obtained are used as initial key, at the beginning of 16 bytes are used as before EnMicroMsg.db database files
Begin vector, and calling OpenSSL officials libeay32 built-in functions, (PKCS5_PBKDF2_HMAC_SHA1 (), key iterations are
4000 times, what can be derived from arrives decruption key;The key calculated is passed to OpenSSL officials libeay32 built-in functions AES_
Set_decrypt_key () obtains AES256 decruption keys;
The page size of " EnMicroMsg.db " file encryption database is 1024 bytes, and every page of last 16 bytes are decryption
Vector, decryption unit is for the first time 1024-32 bytes, is later each 1024-16 bytes, recursive call OpenSSL officials
Libeay32 built-in function AES_cbc_encrypt () can complete to decrypt;
S63:By original 16 bytes of wechat database file head after decryption
" 0x53514C69746520666F726D6174203300 " reduction covering, can normally check wechat database file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610520490.7A CN107563215A (en) | 2016-07-01 | 2016-07-01 | A kind of Android system wechat chat record decryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610520490.7A CN107563215A (en) | 2016-07-01 | 2016-07-01 | A kind of Android system wechat chat record decryption method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107563215A true CN107563215A (en) | 2018-01-09 |
Family
ID=60968625
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610520490.7A Pending CN107563215A (en) | 2016-07-01 | 2016-07-01 | A kind of Android system wechat chat record decryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107563215A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109450777A (en) * | 2018-12-28 | 2019-03-08 | 苏州开心盒子软件有限公司 | Session information extracting method, device, equipment and medium |
CN110858249A (en) * | 2018-08-24 | 2020-03-03 | 中移(杭州)信息技术有限公司 | Database file encryption method, database file decryption method and related devices |
CN111291404A (en) * | 2020-01-15 | 2020-06-16 | 深圳软牛科技有限公司 | Crypt12 backup decryption method, system, device and storage medium of WhatsApp of android device |
CN111405550A (en) * | 2020-03-23 | 2020-07-10 | 深圳软牛科技有限公司 | WhatsApp key file extraction method and device |
CN111934987A (en) * | 2020-08-04 | 2020-11-13 | 公安部第三研究所 | Data extraction method, system and storage medium for mobile phone enterprise WeChat |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105678174A (en) * | 2015-12-31 | 2016-06-15 | 四川秘无痕信息安全技术有限责任公司 | Method for decrypting WeChat encrypted data based on binary system |
-
2016
- 2016-07-01 CN CN201610520490.7A patent/CN107563215A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105678174A (en) * | 2015-12-31 | 2016-06-15 | 四川秘无痕信息安全技术有限责任公司 | Method for decrypting WeChat encrypted data based on binary system |
Non-Patent Citations (1)
Title |
---|
博主: "微信PC版聊天记录SQLite解密", 《HTTPS://WWW.ICEFOX.ORG/2015/08/04/%E5%BE%AE%E4%BF%A1PC%E7%89%88%E8%81%8A%E5%A4%A9%E8%AE%B0%E5%BD%95SQLITE%E8%A7%A3%E5%AF%86/》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110858249A (en) * | 2018-08-24 | 2020-03-03 | 中移(杭州)信息技术有限公司 | Database file encryption method, database file decryption method and related devices |
CN110858249B (en) * | 2018-08-24 | 2021-11-16 | 中移(杭州)信息技术有限公司 | Database file encryption method, database file decryption method and related devices |
CN109450777A (en) * | 2018-12-28 | 2019-03-08 | 苏州开心盒子软件有限公司 | Session information extracting method, device, equipment and medium |
CN111291404A (en) * | 2020-01-15 | 2020-06-16 | 深圳软牛科技有限公司 | Crypt12 backup decryption method, system, device and storage medium of WhatsApp of android device |
CN111405550A (en) * | 2020-03-23 | 2020-07-10 | 深圳软牛科技有限公司 | WhatsApp key file extraction method and device |
CN111405550B (en) * | 2020-03-23 | 2023-08-08 | 深圳软牛科技有限公司 | WhatsApp key file extraction method and WhatsApp key file extraction equipment |
CN111934987A (en) * | 2020-08-04 | 2020-11-13 | 公安部第三研究所 | Data extraction method, system and storage medium for mobile phone enterprise WeChat |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107563215A (en) | A kind of Android system wechat chat record decryption method | |
US10135796B2 (en) | Masking and unmasking data over a network | |
US8135948B2 (en) | Method and system for transparently encrypting sensitive information | |
CN101404056B (en) | Software protection method, apparatus and equipment | |
CN105426708A (en) | Reinforcing method of application program of Android system | |
CN110034926B (en) | Internet of things dynamic password generation and verification method and system and computer equipment | |
US11695740B2 (en) | Anonymization method and apparatus, device, and storage medium | |
CN107257349A (en) | Cipher encrypting method and system based on unidirectional and public key encryption algorithm | |
KR101805878B1 (en) | Disrupting password attack using compression | |
US11082205B2 (en) | Methods for securing data | |
CN110071917B (en) | User password detection method, device, apparatus and storage medium | |
KR20140011534A (en) | Generating and verifying the alternative data in a specified format | |
CN111475543A (en) | Fuzzy search method and device, computer equipment and storage medium | |
CN105827582A (en) | Communication encryption method, device and system | |
CN110166644A (en) | Data processing method, device, computer equipment and storage medium | |
CN109583209A (en) | It is a kind of for defending to extort the computer security protection system and method for virus | |
CN114710274A (en) | Data calling method and device, electronic equipment and storage medium | |
KR100803357B1 (en) | Method and apparatus for enhancing the security of database | |
CN109995526A (en) | A kind of storage method of key and the call method and device of device, key | |
CN104778406A (en) | Method for uniformly naming malicious codes based on file fingerprint and system thereof | |
CN109145645B (en) | Method for protecting short message verification code in android mobile phone | |
Ying et al. | A novel rainbow table sorting method | |
CN106027563A (en) | Sensitive data encryption and decryption device and method, and transaction system | |
CN108701195B (en) | Data security protection method and device | |
CN104010296A (en) | Mobile terminal network protection system and method based on SD card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 641000 Sichuan province Neijiang City Songshan Road No. 183 Applicant after: Sichuan Miwu Traceless Science and Technology Co., Ltd. Address before: 641000 Sichuan province Neijiang City Songshan Road No. 183 Applicant before: SICHUAN MWH INFORMATION SAFETY TECHNOLOGY CO., LTD. |
|
CB02 | Change of applicant information | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |
|
RJ01 | Rejection of invention patent application after publication |