WeChat 8 ?

[rom1504]

Is this working for wechat8?

The decryption is failing for me, I wonder if something might have changed

[rom1504]

trying to figure out from https://github.com/tsuzcx/qq_apk/blob/afe46ef5640d0ba6850cdefd3c11badbd725a3f6/com.tencent.mm/classes.jar/com/tencent/wcdb/database/SQLiteDatabase.java

[rom1504]

https://reao.io/347

[rom1504]

https://zhuanlan.zhihu.com/p/616008078

[rom1504]

https://github.com/greycodee/wechat-backup

[rom1504]

https://blog-greycode-top.translate.goog/posts/android-wechat-bak/?_x_tr_sl=zh-CN&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp#%E8%8E%B7%E5%8F%96-db-%E8%AE%BF%E9%97%AE%E5%AF%86%E7%A0%81

[rom1504]

solved by using frida. I think the problem is sometimes the imei comes from some other device number (like the one from another previous device)

I recommend using frida -U -n Wechat -l wechatdbpass.js https://github.com/ellermister/wechat-clean/blob/main/wechatdbpass.js

see basic instructions for frida at https://blog.greycode.top/posts/android-wechat-bak/

in english:

You can also obtain the access password through Frida. If you have a python environment on your computer, it is recommended to use this method, because this method can directly obtain the password without having to try the spliced ​​passwords one by one, and it is absolutely correct. First, install the Frida package on your computer using the following command:

copy
$ pip install frida
$ pip install frida-tools
Then use adb to view the mobile phone architecture:

copy
$ adb shell getprop ro.product.cpu.abi

arm64-v8a
What you get is arm64-v8a, then go to https://github.com/frida/frida/releases page to download the corresponding frida-server--arm64.xz package, and then unzip it. Note: The version number of frida-server here must be consistent with the version number of frrida installed on the computer above, otherwise additional errors may occur. Transfer frida-server to the phone through adb:

copy
$ adb push frida-server-<版本号>-android-arm /data/local/tmp
Then run frida-server on your phone:

copy
$ adb shell
$ su
$ cd /data/local/tmp
$ chmod 777 frida-server-<版本号>-android-arm
$ ./frida-server-<版本号>-android-arm
After running, do not close the terminal interface. In addition, start a terminal and enter:

copy
$ adb forward tcp:27042 tcp:27042
$ adb forward tcp:27043 tcp:27043
$ frida-ps -U
If the terminal outputs some processes, it means that the environment has been set up successfully. After the setup is successful, run the following Python script on your computer:

[rom1504]

ah interesting actually the method to compute from the imei and uin actually also produced the same password
I think the above frida method is useful anyway because it provides the passwords for the other DBs as well (which have different passwords apparently)

what was missing here are these 2 lines:
c.execute("PRAGMA cipher_use_hmac = off;")
c.execute("PRAGMA kdf_iter = 4000;")

without those, it doesn't work

they are not strictly needed but I think we should also add
c.execute("PRAGMA cipher_page_size = 1024;")
c.execute("PRAGMA cipher_hmac_algorithm = HMAC_SHA1;")
c.execute("PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;")

as recommended in other places, for example https://blog.greycode.top/posts/android-wechat-bak/

opening a PR

[rom1504]

https://github.com/chg-hou/EnMicroMsg.db-Password-Cracker also worked but only the python version and after changing the prefix, will PR that there

[rom1504]

chg-hou/EnMicroMsg.db-Password-Cracker#18

[rom1504]

#97 PR for proposing alternative method frida

always good to have several alternatives

[rom1504]

so actually the new db params were not needed, I just needed to update sqlcipher properly (eg uninstall libsqlcipher0 and libsqlcipher-dev ubuntu package and install https://github.com/sqlcipher/sqlcipher/releases via make + make install )

[rom1504]

So everything works fine.
Maybe one last thing to note here : most of the resources are now in the data folder instead of sdcard folder