One of my friend came to me with an Android phone. She saild somehting wrong with the hardware of her friend's phone, and her friend are eager to backup his data,especially  WeChat chat messages..unfortunatelly her friend forgot the accoutn/password to logon WeChat....What can I say..she is one of my best firend..I should do her a favor...

I took a look at this phone, and I found it "Rooted" already. That is a good news~ Some people root his/her phone in order to gain full access,but..guest what..There is an old saying:"Water is a boon in ther desert, but the drowning man cursed it". Rooted phones are easier to do physical extraction because Root privilege has been realeased. Those who try to operate full function of smartphones by Rooting his/her Android phone actually make smartphones more insecure..but to forensic guys, couldn't be better...

First I interviewed her to gather some basic info about the case. The scenario was that the version of WeChat is 6.0.1, but she had no WeChat account/password to logon to...That's all what I know about this case, and now I'd like to explain what I'm going to do.

1.Locate the WeChat EnMicromsg.db and export it to the forensics workstation you use.

2.Take a look at EnMicromsg.db..It's an encrypted database..we could not see what is inside..so we have to decrypt it...

3.Let me explian the encryption algorithm of WeChat EnMicromsg.db. The pragma key is the first 7 character of MD5(IMEI+WeChat UIN). That is it,very easy to calculate it. first figure out the IMEI,you have to options:

a. Dial *#06#

b. Take off back cover and battery and you could see some info including IMEI

4.Find out the WeChat UIN. UIN is the unique id# of WeChat account. The UIN is inside the file system_config_prfs.xml

5.Get the UIN value

6.Input the IMEI and UIN string,be carefully there is no need to add any symbol between these two string...Generate the MD5 value.. the key is the first 7 character as below: 9C751DC

7.Now the most import step. You need a tool - SQLCipher to decrypte the EnMicromsg.db with the pragma key we found. Since the SQLCipher is opensource, you could find some resource by searching the Gurdian Project on the internet. I show you the Windwos solution first. Notice that the version is 2.1

8. Use SQLCipher 2.1 to open EnMicromsg.db and input the pragam key

9.You could see the chat messages now...

10.You also could export those chat messages so you don't have to open database more often.

Finally, I encrypted the WeChat Enmicromsg.db for her. She's very happy with that. Couple days later I realized that it's her boy friend's smartphone...What a tradegy, I did not do it on purpose...Sorry buddy..Hope you will be alright this time...I think she will kill you if she found some ambigious chat messages in you phone..God bless you...

how to extract and decrypt WeChat EnMicromsg.db on Android phone的更多相关文章

  1. 微信破解,解密?How To Decrypt WeChat EnMicroMsg.db Database?

    20元现金领取地址:http://jdb.jiudingcapital.com/phone.html内部邀请码:C8E245J (不写邀请码,没有现金送) 国内私募机构九鼎控股打造,九鼎投资是在全国股 ...

  2. 【转】Android动态破解微信本地数据库(EnMicroMsg.db)

    最近在公司接了一个任务,需要在几百台手机上安装一个app,目的是获取微信里面的通讯录,并且定时的把他发送到我们的服务器上.当时依次尝试的如下几个方案: 1.通过群控,将好友截图发送到服务端(pytho ...

  3. 大型博彩公司招聘 .net,DB,tester,android

    大型博彩公司招聘 .net,DB,tester,android,ios等. 等拿完年终奖的朋友,可以先发简历给我,先面试,年后上班. emai:sjchen1203@126.com 要求: 1. 全职 ...

  4. Ubuntu下编译SqlCipher以及解密微信数据库EnMicroMsg.db过程和坑

    wget https://codeload.github.com/sqlcipher/sqlcipher/zip/v3.4.2 ./configure --enable-tempstore=yes C ...

  5. 通过settings.db自定义Android系统默认设置

    Android的系统设置数据存放在/data/data/com.android.providers.settings/databases/settings.db 中 数据库结构如下: 数据库中的默认数 ...

  6. 移动安全初探:窃取微信聊天记录、Hacking Android with Metasploit

    在这篇文章中我们将讨论如何获取安卓.苹果设备中的微信聊天记录,并演示如何利用后门通过Metasploit对安卓设备进行控制.文章比较基础.可动手性强,有设备的童鞋不妨边阅读文章边操作,希望能激发大家对 ...

  7. A look at WeChat security

    原文地址:http://blog.emaze.net/2013/09/a-look-at-wechat-security.html TL;DR: Any (unprivileged) applicat ...

  8. 凡聊过必留下痕迹-破解加密的WeChat数据库

    有个朋友上门寻求协助,带着她朋友的朋友的手机,说是手机硬件有问题,想把手机内的资料都备份出来,尤其是WeChat的聊天内容…我跟她说,那iTool等工具不就可以帮上忙了吗?没想到她早就试过了, 说iT ...

  9. Dig out WeChat deleted chat messages on Android Phone

    As we know that WeChat will wipe deleted chat messages. That's why forensic guys could  not dig out ...

随机推荐

  1. [复变函数]第10堂课 3.2 Cauchy 积分定理

    0. 引言 (1) $\dps{\int_{|z-a|=\rho}\frac{1}{z-a}\rd z=2\pi i\neq 0}$: 有奇点 (在 $|z|>0$: 二连通区域内解析), 周线 ...

  2. python 最长公共子序列

    网上有很多,但有bug,特别是这个:http://www.oschina.net/code/snippet_16840_2015 好大的坑... get length def lcs_len(a,b) ...

  3. Java线程新特性--- Lock

    在Java5中,专门提供了锁对象,利用锁可以方便的实现资源的封锁,用来控制对竞争资源并发访问的控制,这些内容主要集中在java.util.concurrent.locks包下面,里面有三个重要的接口C ...

  4. sql server中的锁 事务锁 更新锁 保持锁 共享锁 你知道吗?

    锁定数据库的一个表 SELECT * FROM table WITH (HOLDLOCK) 注意: 锁定数据库的一个表的区别 SELECT * FROM table WITH (HOLDLOCK) 其 ...

  5. 栅格系统不是要包裹在container里面吗

    栅格系统不是要包裹在container里面吗 为什么直接设置col-sm 在form表单中 不是应该这样么 <form> <div class="container&quo ...

  6. Mingyang.net:hibernate.hbm2ddl.auto配置详解【转】

    原文地址:http://www.cnblogs.com/feilong3540717/archive/2011/12/19/2293038.html hibernate.cfg.xml 中hibern ...

  7. iframe 跨域自适应 纯css解决方法

    <style type="text/css">body{background:#f00;}body, html,#ifm1{width:100%;height:100% ...

  8. .NET类型转换的常用方式

    第一.隐式转换 byte, short, int, long, fload, double 等,根据这个排列顺序,各种类型的值依次可以向后自动进行转换 如果需要逆转换,则需要进行强制转化.同时考虑溢出 ...

  9. java环境变量完整版

    jdk默认安装 Key: JAVA_HOME(新建) Value: C:\Program Files\Java\jdk1.8.0_25 Key: Path(编辑) Value: %JAVA_HOME% ...

  10. 【Base64&UrlEncode】

    base641.包含A-Z a-z 0-9 和加号“+”,斜杠“/” 用来作为开始的64个数字. 等号“=”用来作为后缀用途.2.2进制的.3.要比源数据多33%.4.常用于邮件.5.  = 号的个数 ...