[Ubuntu]Sqlcipher命令行下解密微信WCDB数据库

0x01.安装Sqlcipher

Ubuntu下使用SQLCipher命令行对db加密

windows下的安装步骤忽略
自行搜索

0x02.解密数据库

通过sqlcipher打开加密数据库,解密后就可以直接通过SQL语句操作数据库.

➜  sqlcipher-master ./sqlcipher z-cipher.db
SQLCipher version 3.20.1 2017-08-24 16:21:36
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'xxxxxx';
sqlite> SELECT count(*) FROM sqlite_master;
Error: file is not a database
sqlite> PRAGMA cipher_page_size = 4096;
sqlite> SELECT count(*) FROM sqlite_master;
3
sqlite> .tables
_USER_            android_metadata
sqlite> SELECT count(*) FROM _USER_;
80
sqlite> ATTACH DATABASE 'z-uncipher.db' AS plaintext KEY '';
sqlite> .exit

0x03.从加密数据库导出非加密数据库

把加密的数据库导出为非加密数据库.

➜  sqlcipher-master ./sqlcipher z-cipher.db  
SQLCipher version 3.20.1 2017-08-24 16:21:36
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'xxxxxx';
sqlite> PRAGMA cipher_page_size = 4096;
sqlite> ATTACH DATABASE 'z-plaintext.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('z-plaintext');
Error: near "-": syntax error
sqlite> SELECT sqlcipher_export('plaintext');

sqlite> DETACH DATABASE plaintext;
sqlite> ATTACH DATABASE 'plaintext.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('plaintext');

sqlite> DETACH DATABASE plaintext;
sqlite> .exit
➜  sqlcipher-master 

上面导出非加密数据库:plaintext.db

➜  sqlcipher-master ./sqlcipher z-www.db 
SQLCipher version 3.20.1 2017-08-24 16:21:36
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'xxxxxx';
sqlite> PRAGMA cipher_page_size = 4096;
sqlite> ATTACH DATABASE 'z-www-text.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('plaintext');

sqlite> DETACH DATABASE plaintext;
sqlite> .exit
➜  sqlcipher-master 

上面导出了非加密数据库:z-www-text.db

➜  sqlcipher-master ./sqlcipher z-yyy.db
SQLCipher version 3.20.1 2017-08-24 16:21:36
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA key = 'asfjkalsueijfasldkjfalksjfkasjdfaslkdf';
sqlite> PRAGMA cipher_page_size = 4096;
sqlite> ATTACH DATABASE 'z-yyy-txt.db' AS plaintext KEY '';
sqlite> SELECT sqlcipher_export('plaintext');

sqlite> DETACH DATABASE plaintext;
sqlite> .exit
➜  sqlcipher-master 

上面导出了非加密数据库:z-yyy-text.db

通过上面的步骤生成的plaintext.db就可以直接通过sqlitebrowser打开了.

0x04. 解密微信的数据库

密码算法还是之前的算法,但是可视化工具是解密不了了.

➜  sqlcipher-master ./sqlcipher
SQLCipher version 3.20.1 2017-08-24 16:21:36
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
Connected to a transient in-memory database.
Use ".open FILENAME" to reopen on a persistent database.
sqlite> .open EnMicroMsg.db
sqlite> pragma key='xxxxxxx';
sqlite> pragma cipher_use_hmac=off;
sqlite> pragma cipher_page_size=1024;
sqlite> pragma kdf_iter=4000;
sqlite> attach database 'MicroMsg.db' as wc key '';
sqlite> select sqlcipher_export('wc');

sqlite> detach database wc;
sqlite> .quit

https://wormtooth.com/20180417-decrypt-wechat-database/

Sqlcipher相关操作命令

SQLCipher API

WCDB issue

数据库如何解密?

微信数据库密码:
[手机IMEI + 微信uin ]取MD5的前7位
IMEI:手机拨号盘输入:*#06#
uin:/data/data/com.tencent.mm/shared_prefs/system_config_prefs.xml
md5:http://md5jiami.51240.com/
https://blog.csdn.net/foreverhuylee/article/details/52180259
https://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database/

你可能感兴趣的:(手机软件开发笔记,数据库)