微信数据库转子http://blog.csdn.net/qq_24531461/article/details/77624255项目在https://github.com/1998lixin/WeCh
来源:互联网 发布:csol刷芯片软件 编辑:程序博客网 时间:2024/05/22 15:10
由于工作需求破解了微信的数据库 并获取想要的信息上传服务器 都是内部手机 网上大神反编译了微信 发现微信的数据库是通过
手机的IMEI(唯一识别码) + UIN 大写的IMEI + UIN 进行MD5加密 取32位小写 的前7位就是破解数据库的密码
这是核心原理 根据这个 可以手动获取IMEI 加上UIN 通过 http://tool.chinaz.com/Tools/MD5.aspx线上加密
手动破解不用写代码这种
IMEI 应该不用我说 设置里自己去看 下载三方软件也可以看
至于 UIN 是在 data data com.tencent.mm shared_prefs 文件里的
aunt_info_key_prefs.xml 在这个文件里的 value 值就是了 我们要找到Uin
还有一个问题 网上提及的很少 微信的数据库加密是通过getDeviceID 这个函数会随机获取 IMEI 1 IMEI2 和MEID 进行加密 我已经确认了
肯定不会获取 IMEI2 只会通过默认卡1 IMEI1 和MEID进行 加密 如果破解失败可以用MEID 尝试进行破解 我在下面的连接数据库那做了这个机制
失败就走 MEID试一遍 MEID无法直接获取 我们都是手动获取的把MEID放在文件里 进行读取
接下来就是写代码了 微信数据库也是比较火 网上资料不少的 我也是参考了好多
- public static final String WX_ROOT_PATH = "/data/data/com.tencent.mm/";
-
-
- private static final String WX_SP_UIN_PATH = WX_ROOT_PATH + "shared_prefs/auth_info_key_prefs.xml";
-
-
-
- private String mDbPassword;
-
-
-
- private int count=0;
-
- private String IMEI;
-
- private String Uin;
-
- private static final String WX_DB_DIR_PATH = WX_ROOT_PATH + "MicroMsg";
-
- private List<File> mWxDbPathList = new ArrayList<>();
-
- private static final String WX_DB_FILE_NAME = "EnMicroMsg.db";
-
- private String mCurrApkPath = "/data/data/" + MyApplication.getContextObject().getPackageName() + "/";
-
- private static final String COPY_WX_DATA_DB = "wx_data.db";
-
-
-
- d
-
- public void onCreate() {
- super.onCreate();
-
- execRootCmd("chmod -R 777 " + WX_ROOT_PATH);
- execRootCmd("chmod 777 /data/data/com.tencent.mm/shared_prefs/auth_info_key_prefs.xml");
-
- Toast.makeText(this,"开启服务",Toast.LENGTH_LONG).show();
-
- Timer timer = new Timer();
- timer.schedule(new TimerTask() {
-
- @Override
- public void run() {
-
-
- initCurrWxUin();
-
-
-
-
- TelephonyManager phone = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
- IMEI = phone.getDeviceId();
-
- System.out.println("IMEI"+IMEI);
-
-
- initDbPassword(IMEI, Uin);
-
- System.out.println(mDbPassword + "数据库的密码");
-
- System.out.println("开始统计好友数量");
-
-
-
- File wxDataDir = new File(WX_DB_DIR_PATH);
- mWxDbPathList.clear();
- searchFile(wxDataDir, WX_DB_FILE_NAME);
-
- System.out.println("查询数据库文件");
-
- System.out.println(mWxDbPathList+"读取到的数据库");
- try {
- 在
-
-
-
-
-
-
-
-
-
-
-
-
-
- File file = mWxDbPathList.get(mWxDbPathList.size()-1);
-
- File file = mWxDbPathList.get(i);
-
-
-
- String copyFilePath = mCurrApkPath + COPY_WX_DATA_DB;
-
- copyFile(file.getAbsolutePath(), copyFilePath);
- File copyWxDataDb = new File(copyFilePath);
- openWxDb(copyWxDataDb);
-
-
-
-
-
-
- }catch (Exception e){
-
- }
-
-
-
-
- login();
-
- }
- }, 1000, 3600000);
-
- 相关
- 相关工具类 直接复制就行 环境复制就
-
- ------------------------------------------------------------------------------------------
-
-
-
-
-
-
- public void execRootCmd(String paramString) {
- try {
- Process localProcess = Runtime.getRuntime().exec("su");
- Object localObject = localProcess.getOutputStream();
- DataOutputStream localDataOutputStream = new DataOutputStream((OutputStream) localObject);
- String str = String.valueOf(paramString);
- localObject = str + "\n";
- localDataOutputStream.writeBytes((String) localObject);
- localDataOutputStream.flush();
- localDataOutputStream.writeBytes("exit\n");
- localDataOutputStream.flush();
- localProcess.waitFor();
- localObject = localProcess.exitValue();
- } catch (Exception localException) {
- localException.printStackTrace();
- }
- }
-
-
-
-
-
-
-
-
- private void initCurrWxUin() {
- Uin = null;
- File file = new File(WX_SP_UIN_PATH);
- try {
- FileInputStream in = new FileInputStream(file);
- SAXReader saxReader = new SAXReader();
- Document document = saxReader.read(in);
- Element root = document.getRootElement();
- List<Element> elements = root.elements();
- for (Element element : elements) {
- if ("_auth_uin".equals(element.attributeValue("name"))) {
- Uin = element.attributeValue("value");
- }
- }
- } catch (Exception e) {
- e.printStackTrace();
- LogUtil.e("获取微信uid失败,请检查auth_info_key_prefs文件权限");
- }
- }
-
-
-
-
-
-
-
- private void initDbPassword(String imei, String uin) {
- if (TextUtils.isEmpty(imei) || TextUtils.isEmpty(uin)) {
- LogUtil.e("初始化数据库密码失败:imei或uid为空");
- return;
- }
- String md5 = getMD5(imei + uin);
- System.out.println(imei+uin+"初始数值");
- System.out.println(md5+"MD5");
- String password = md5.substring(0, 7).toLowerCase();
- System.out.println("加密后"+password);
- mDbPassword = password;
- }
-
- public String getMD5(String info)
- {
- try
- {
- MessageDigest md5 = MessageDigest.getInstance("MD5");
- md5.update(info.getBytes("UTF-8"));
- byte[] encryption = md5.digest();
-
- StringBuffer strBuf = new StringBuffer();
- for (int i = 0; i < encryption.length; i++)
- {
- if (Integer.toHexString(0xff & encryption[i]).length() == 1)
- {
- strBuf.append("0").append(Integer.toHexString(0xff & encryption[i]));
- }
- else
- {
- strBuf.append(Integer.toHexString(0xff & encryption[i]));
- }
- }
-
- return strBuf.toString();
- }
- catch (NoSuchAlgorithmException e)
- {
- return "";
- }
- catch (UnsupportedEncodingException e)
- {
- return "";
- }
- }
-
-
-
-
-
-
-
- private String md5(String content) {
- MessageDigest md5 = null;
- try {
- md5 = MessageDigest.getInstance("MD5");
- md5.update(content.getBytes("UTF-8"));
- byte[] encryption = md5.digest();
- StringBuffer sb = new StringBuffer();
- for (int i = 0; i < encryption.length; i++) {
- if (Integer.toHexString(0xff & encryption[i]).length() == 1) {
- sb.append("0").append(Integer.toHexString(0xff & encryption[i]));
- } else {
- sb.append(Integer.toHexString(0xff & encryption[i]));
- }
- }
- return sb.toString();
- } catch (Exception e) {
- e.printStackTrace();
- return null;
- }
- }
-
-
-
-
-
-
-
- private void searchFile(File file, String fileName) {
-
- if (file.isDirectory()) {
-
- File[] files = file.listFiles();
- if (files != null) {
- for (File childFile : files) {
- searchFile(childFile, fileName);
- }
- }
- } else {
- if (fileName.equals(file.getName())) {
- mWxDbPathList.add(file);
- }
- }
- }
-
-
-
-
-
-
-
-
-
-
-
- public void copyFile(String oldPath, String newPath) {
- try {
- int byteRead = 0;
- File oldFile = new File(oldPath);
- if (oldFile.exists()) {
- InputStream inStream = new FileInputStream(oldPath);
- FileOutputStream fs = new FileOutputStream(newPath);
- byte[] buffer = new byte[1444];
- while ((byteRead = inStream.read(buffer)) != -1) {
- fs.write(buffer, 0, byteRead);
- }
- inStream.close();
- }
- } catch (Exception e) {
- System.out.println("复制单个文件操作出错");
- e.printStackTrace();
-
- }
- }
-
- ------------------------------------------------------------------------------------------------------------
-
-
- 密码正确 成功进入数据库 获取表信息 我下面获取的是好友的总人数 误差在 + -2 直接大部分这个
- 这个需要自己观察表 进行查询
-
-
-
-
-
-
-
-
- private void openWxDb(File dbFile) {
- Context context = MyApplication.getContextObject();
- SQLiteDatabase.loadLibs(context);
- SQLiteDatabaseHook hook = new SQLiteDatabaseHook() {
- public void preKey(SQLiteDatabase database) {
- }
-
- public void postKey(SQLiteDatabase database) {
- database.rawExecSQL("PRAGMA cipher_migrate;");
- }
- };
-
- try {
-
- SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbFile, mDbPassword, null, hook);
-
-
-
- Cursor c1 = db.rawQuery("select * from rcontact where username not like 'gh_%' and verifyFlag<>24 and verifyFlag<>29 and verifyFlag<>56 and type<>33 and type<>70 and verifyFlag=0 and type<>4 and type<>0 and showHead<>43 and type<>65536",null);
-
- while (c1.moveToNext()) {
- String type = c1.getString(c1.getColumnIndex("type"));
- System.out.println(type+"参数");
- count++;
-
-
-
- }
-
- System.out.println("总共参数"+count);
-
- c1.close();
- db.close();
- } catch (Exception e) {
- LogUtil.e("读取数据库信息失败");
-
-
-
-
- String MEID=readFileSdcard("/mnt/sdcard/meid.txt");
- String dMEID=MEID.replace("\r\n","");
- initDbPassword(dMEID.toUpperCase(),Uin);
- System.out.println(mDbPassword+"MEID---密码");
- count=0;
- SQLiteDatabase db = SQLiteDatabase.openOrCreateDatabase(dbFile, mDbPassword, null, hook);
-
-
-
-
- Cursor c1 = db.rawQuery("select * from rcontact where username not like 'gh_%' and verifyFlag<>24 and verifyFlag<>29 and verifyFlag<>56 and type<>33 and type<>70 and verifyFlag=0 and type<>4 and type<>0 and showHead<>43 and type<>65536",null);
-
- while (c1.moveToNext()) {
- String type = c1.getString(c1.getColumnIndex("type"));
- System.out.println(type+"参数");
- count++;
-
-
-
- }
-
-
- System.out.println("总共参数"+count);
- c1.close();
- db.close();
-
-
-
-
-
- }
- }
-
-
-
-
- public String readFileSdcard(String fileName){
-
- String res="";
-
- try{
-
- FileInputStream fin = new FileInputStream(fileName);
-
- int length = fin.available();
-
- byte [] buffer = new byte[length];
-
- fin.read(buffer);
-
- res = EncodingUtils.getString(buffer, "UTF-8");
-
- fin.close();
-
- }
-
- catch(Exception e){
-
- e.printStackTrace();
-
- }
-
- return res;
-
- }
相关博客 我也是参考他完成的需求 http://m.blog.csdn.net/article/details?id=54024442 写的更详细 破解成功LOG 会打印相关 信息可以进行查询 也可以下载个 sqlcipher 数据库可视化工具 进行查看