[guardian-dev] forensic analysis of WeChat's use of SQLCipher on Android

Nathan of Guardian nathan at guardianproject.info
Tue Jan 13 17:34:11 EST 2015

On Tue, Jan 13, 2015, at 05:30 PM, Hans-Christoph Steiner wrote:
> The big Chinese chat app WeChat uses SQLCipher-for-Android to store its
> messages. But unfortunately, they just generate a password with local,
> public
> info.  Here's a good example of how not to implement SQLCipher!

I really do wish the article ended here: "Although this mobile phone
model is supported by XRY (a mobile phone forensics tool), but it could
not extract the WeChat chat messages. Only Whatsapp, and other text
messages were successfully extracted."

> http://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database

  Nathan of Guardian
  nathan at guardianproject.info

More information about the Guardian-dev mailing list