Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

除了msg3.0.db以外还能解密其他数据库吗 #6

Open
abuelogato opened this issue Jul 23, 2023 · 12 comments
Open

除了msg3.0.db以外还能解密其他数据库吗 #6

abuelogato opened this issue Jul 23, 2023 · 12 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@abuelogato
Copy link

这个程序除了msg3.0.db以外还能解密其他数据库吗?我想从本地数据库中获取所有好友和群列表(包括昵称、备注、账号id等),但msg.3.0中似乎没有。
@Young-Lord
Copy link
Member

Young-Lord commented Jul 23, 2023
edited
Loading

不确定,你可以自行修改代码试试(大概率不行) 少部分不行,比如 Info.db
以及,你确认Msg3.0.db中没有吗? 确实没有

@apple2099
Copy link

能破解msgex.db吗?就是2.0之前的版本

@Young-Lord
Copy link
Member

能破解msgex.db吗?就是2.0之前的版本

并不能,不过你为什么不直接用现有的工具呢?Python并不适合实现这个。
https://www.xitongzhijia.net/soft/85431.html
https://blog.csdn.net/sahusoft/article/details/4342345

@Young-Lord
Copy link
Member

能破解msgex.db吗?就是2.0之前的版本

请问您愿意提供一份数据库样本吗?版本太老了,我这边没有文件用于测试。

@Young-Lord
Copy link
Member

能破解msgex.db吗?就是2.0之前的版本

请尝试 https://github.com/QQBackup/MsgEx/actions/runs/6821457336 这里下面的文件能否用于解密并导出。你需要在命令行里运行。

@Young-Lord
Copy link
Member

这个程序除了msg3.0.db以外还能解密其他数据库吗?我想从本地数据库中获取所有好友和群列表(包括昵称、备注、账号id等),但msg.3.0中似乎没有。

经过测试,另外几个数据库是可以打开的,但我也没找到好友/群列表信息在哪里…

@Young-Lord Young-Lord added the help wanted Extra attention is needed label Nov 10, 2023
@Young-Lord
Copy link
Member

Young-Lord commented Nov 10, 2023
edited
Loading

像是Info.db,但那个可能不是SQLite3
hook CreateFileW的话可以看到:

C:\Users\Administrator\Documents\Tencent Files\1234561234\Info.db
0x62991024 QQ.exe!CStream::LogObjReleaseError
0x77276c40 QQ.exe!CreateFileW
0x62984898 QQ.exe!AsyncTask::RefCountedThreadSafe<CStorageIterator,AsyncTask::destruct::RefCountedThreadPtrDestruct<CStorageIterator> >::Release
0x62985f55 QQ.exe!TXOpenStorage
0x6298294e QQ.exe!AsyncTask::RefCountedThreadSafe<CStorageIterator,AsyncTask::destruct::RefCountedThreadPtrDestruct<CStorageIterator> >::Release
0x629817b9 QQ.exe!AsyncTask::RefCountedThreadSafe<CStorageIterator,AsyncTask::destruct::RefCountedThreadPtrDestruct<CStorageIterator> >::Release
0x6296ef89 QQ.exe!FS::DelErrorSink
0x62965e38 QQ.exe!FS::CreateFileW
0x6ff215b9 QQ.exe!Util::Encrypt::CreateDataStorage
0x6ff216ea QQ.exe!Util::Encrypt::CreateDataStorage
0x6ff22a08 QQ.exe!Util::Encrypt::CreateDataStorage
0x6ff23fd5 QQ.exe!Util::Encrypt::CreateDataStorage
0x5b938c16 QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b936a4b QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b92ee2a QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b9299a1 QQ.exe!UtilCSProcessor::CreateDRCSProcessor

与之相对的,Msg3.0.db一类会有CppSQLite3DB的backtrace:


C:\Users\Administrator\Documents\Tencent Files\1234561234\Msg3.0.db
0x6fe2c855 QQ.exe!Util::Msg::CheckObjMsg
0x77276c40 QQ.exe!CreateFileW
0x6fe61add QQ.exe!Util::Msg::CheckObjMsg
0x6fe62823 QQ.exe!Util::Msg::CheckObjMsg
0x6fe52f72 QQ.exe!Util::Msg::CheckObjMsg
0x6fe47c74 QQ.exe!Util::Msg::CheckObjMsg
0x6fe265e1 QQ.exe!Util::Msg::CheckObjMsg
0x6ff20f62 QQ.exe!CppSQLite3DB::open
0x6ff25cc3 QQ.exe!Util::Encrypt::CreateDataStorage2
0x6ff25e96 QQ.exe!Util::Encrypt::CreateDataStorage2
0x6ff22a08 QQ.exe!Util::Encrypt::CreateDataStorage
0x6ff23fd5 QQ.exe!Util::Encrypt::CreateDataStorage
0x5b938dcc QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b9369f9 QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b92ee2a QQ.exe!UtilCSProcessor::CreateDRCSProcessor
0x5b9299a1 QQ.exe!UtilCSProcessor::CreateDRCSProcessor

hook代码:

Interceptor.attach(Module.findExportByName("kernel32.dll", 'CreateFileW'), {
  onEnter(args) {
    console.log(args[0].readUtf16String());
    console.log(Thread.backtrace(this.context, Backtracer.ACCURATE).map(DebugSymbol.fromAddress).join('\\n')+'\\n');
  }
});

@Young-Lord
Copy link
Member

从文件头D0 CF 11 E0 A1 B1 1A E1可以看得出来这是个CDF V2 Document,但可能是因为加密过,用oletools等读取不出来

@apple2099
Copy link

能破解msgex.db吗?就是2.0之前的版本

请尝试 https://github.com/QQBackup/MsgEx/actions/runs/6821457336 这里下面的文件能否用于解密并导出。你需要在命令行里运行。

喔,太感谢了!我试试看,如果要提供样本该如何联系您?

@Young-Lord
Copy link
Member

能破解msgex.db吗?就是2.0之前的版本

请尝试 https://github.com/QQBackup/MsgEx/actions/runs/6821457336 这里下面的文件能否用于解密并导出。你需要在命令行里运行。

喔,太感谢了!我试试看,如果要提供样本该如何联系您?

这里有写 https://github.com/QQBackup/MsgEx
邮件 [email protected]

@hyqinglan
Copy link

msgex.db和msg2.0.db是不同的。我这有一个3g多的msg2.0目前不知道怎么打开,头疼

@Young-Lord Young-Lord added the enhancement New feature or request label Feb 27, 2024
@L1yp
Copy link

L1yp commented Jun 26, 2024

这个程序除了msg3.0.db以外还能解密其他数据库吗?我想从本地数据库中获取所有好友和群列表(包括昵称、备注、账号id等),但msg.3.0中似乎没有。

如果您还没有解决可以试试用web接口获取,可以抓包,比如群管理相关界面,QQ邮箱、QQ空间等,如果id不是QQ号可以考虑用bot插件获取

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@L1yp @Young-Lord @apple2099 @hyqinglan @abuelogato