[guardian-dev] forensic analysis of WeChat's use of SQLCipher on Android

Hans-Christoph Steiner hans at guardianproject.info
Tue Jan 13 17:30:19 EST 2015


The big Chinese chat app WeChat uses SQLCipher-for-Android to store its
messages. But unfortunately, they just generate a password with local, public
info.  Here's a good example of how not to implement SQLCipher!

http://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20150113/5c735017/attachment.sig>


More information about the Guardian-dev mailing list