Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES Key可以确定是dbEncryptKey #1

Closed
Mas0nShi opened this issue Jun 3, 2022 · 3 comments
Closed

AES Key可以确定是dbEncryptKey #1

Mas0nShi opened this issue Jun 3, 2022 · 3 comments

Comments

@Mas0nShi
Copy link

Mas0nShi commented Jun 3, 2022

hook得到的aes key来自-[AuthSectResp init]中的置入的SetCliDbencryptKey,提取对应目录下的聊天记录msg_*.db可以使用此key解开得到聊天记录。
@TinyNiko
Copy link
Owner

TinyNiko commented Jun 4, 2022

看了一下确实是数据库的key, 数据库用了32个字节的key, 小程序这边使用的是前16个字节

@TinyNiko
Copy link
Owner

TinyNiko commented Jun 4, 2022

image

从图上看,感觉是从通过请求获取的key, 如果是这样的话,这个key 算法就无法逆向了...

@Mas0nShi
Copy link
Author

Mas0nShi commented Jun 4, 2022

dbEncryptKey确实是来源于server
目前猜测是server通过设备的一些指纹以及uid计算得到固定的dbEncryptKey
唯一值得欣慰的是在同一设备上反复登录,dbEncryptKey不会改变...不必反复hook获取key🤣

@TinyNiko TinyNiko closed this as completed Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TinyNiko @Mas0nShi