Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
app
 
 
bin
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

SqlCipherHook

SqlCipherHook is an Xposed Framework module that will attempt to capture crypto keys from applications using the SQLCipher library. If it is successful, it will print the keys to the Android log buffers (viewable with logcat). SqlCipherHook is known to work up through version 3.5.7. Feel free to open a ticket if it is not working for your specific version.

Installing & Usage

You will need to root your test device and install the Xposed Framework. Next, you can:

$ git clone https://github.com/jakev/SqlCipherHook
$ cd SqlCipherHook
$ ./gradlew installDebug

Optionally, you can install the pre-built copy to avoid using Gradle:

$ git clone https://github.com/jakev/SqlCipherHook
$ cd SqlCipherHook
$ adb install ./bin/com.jakev.sqlcipherhook-debug.apk

Once installed, you can interact with your test application while running the following filtered logcat command:

$ adb logcat SqlCipherHook:D *:S

You should see SqlCipher interactions, including the keys used. More information is available in my blog post from 2015.

License

SqlCipherHook is released under the Apache Software License 2.0.

Motivation

Thanks to @MDSecLab for doing the research on which methods to hook in the SQLCipher library, and for creating a CydiaSubstrate tweak.

About

Xposed module for obtaining SQLCipher crypto keys

Resources

License

Packages

No packages published

Languages

You can’t perform that action at this time.