Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

数据库解密失败 #51

Open
chainpost opened this issue Aug 15, 2023 · 2 comments
Open

数据库解密失败 #51

chainpost opened this issue Aug 15, 2023 · 2 comments

Comments

@chainpost
Copy link

版本:3.9.6.33
成功获取数据库密钥,但是解密数据库提示密码错误
图片

@taytay-swift
Copy link

taytay-swift commented Aug 15, 2023

版本:3.9.6.33
成功获取数据库密钥,但是解密数据库提示密码错误
我在想是不是获取key的那边出了问题,我在使用SQLite解密数据库的时候也无法解密,无论是SQLCipher还是WxSQLite3下的 AES256加密算法或 SQLCipher:AES256加密算法都提示MSG1.db:file is not a database。,这通常表示着密码错误。

@taytay-swift
Copy link

taytay-swift commented Aug 15, 2023

我已经找到了解决方案。
1.请确保msgx.db对应你的微信key(因为我都电脑里就有3个账户,获取的key可能不对应解码的db)
2.尝试使用以下脚本代替你的decode脚本(来源:https://blog.csdn.net/weixin_44495599/article/details/130030309 十分感谢他5555,日期很新2023-7,该脚本有注意事项,请查看)

============代码如下================

input_pass = '63......................7'
input_dir = './'

import ctypes
import hashlib
import hmac
from pathlib import Path

from Crypto.Cipher import AES

SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
IV_SIZE = 16
HMAC_SHA1_SIZE = 20
KEY_SIZE = 32
DEFAULT_PAGESIZE = 4096
DEFAULT_ITER = 64000

password = bytes.fromhex(input_pass.replace(' ', ''))


def decode_one(input_file):
    input_file = Path(input_file)

    with open(input_file, 'rb') as (f):
        blist = f.read()
    print(len(blist))
    salt = blist[:16]
    key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
    first = blist[16:DEFAULT_PAGESIZE]
    mac_salt = bytes([x ^ 58 for x in salt])
    mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
    hash_mac = hmac.new(mac_key, digestmod='sha1')
    hash_mac.update(first[:-32])
    hash_mac.update(bytes(ctypes.c_int(1)))

    if hash_mac.digest() == first[-32:-12]:
        print('Decryption Success')
    else:
        print('Password Error')
    blist = [
        blist[i:i + DEFAULT_PAGESIZE]
        for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)
    ]

    with open(input_file.parent / f'decoded_{input_file.name}', 'wb') as (f):
        f.write(SQLITE_FILE_HEADER)
        t = AES.new(key, AES.MODE_CBC, first[-48:-32])
        f.write(t.decrypt(first[:-48]))
        f.write(first[-48:])
        for i in blist:
            t = AES.new(key, AES.MODE_CBC, i[-48:-32])
            f.write(t.decrypt(i[:-48]))
            f.write(i[-48:])


if __name__ == '__main__':
    input_dir = Path(input_dir)
    for f in input_dir.glob('*.db'):
        decode_one(f)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants