WARNING: The following procedures are unofficial and dangerous. Be aware that you might break your Threema installation.
NEVER leave your private key on a public computer. Keep it private!
Update: I wrote a short wrap blog post about my insights.
- *nix system
On a Debian-like system it should be as easy as:
sudo apt-get install sqlcipher sqlite
- Clone this repository
Download this code to your computer
git clone https://github.com/greenify/threema-decrypt cd threema-decrypt
- Obtaining your key
threema.db to your computer (root is needed) in this folder.
- Create plain-text key
We first need to convert the binary key to its string version.
javac ThreemaDecrypt.java && java ThreemaDecrypt key.dat > key.plain
key.plain should look roughly like this. It's a 64 character hex string which
SQLCipher will automatically convert to its 32bytes (256 bits) representation.
- Decrypt database
Now using our fresh plain-text key, we can decrypt the database.
./decrypt.sh threema key.plain
You now can use any tool like
sqlite3 (CLI) or SQLiteBrowser (GUI)
to browse through the encrypted database.
Warning: Newer versions of Threema might change the database layout.
If you need to make changes, I recommend to work on the encrypted database directly by opening it with sqlcipher.
To encrypt it enter your full hexadecimal key (with 'x').
PRAGMA cipher_default_kdf_iter = 4000;PRAGMA key='x"your-key"';
- Encrypt database
You can also encrypt the database. However if you plan to push it make to your device, I recommend you to use the previous approach and open it directly in sqlcipher as you might loose your indexes by this procedure.
./encrypt.sh threema key.plain
You can find the referenced media files in
They are hidden files and the suffix
_T is obviously for thumbnails.
Once you have copied your desired file to your computer, you can decrypt it with:
javac ThreemaDecrypt.java && java ThreemaDecrypt 7bc0df74ca2e40af897152bcf7836624
7bc... is the to encrypted filename)
Most image viewer should recognize the file format automatically, otherwise
This procedure and part of its source code resulted from decompiling Threema android source. I am not the owner nor legal representative of their intellectual property. Happy hacking!