[guardian-dev] forensic analysis of WeChat's use of SQLCipher on Android
Hans-Christoph Steiner
hans at guardianproject.info
Wed Jan 14 04:45:52 EST 2015
Nathan of Guardian:
>
>
> On Tue, Jan 13, 2015, at 05:30 PM, Hans-Christoph Steiner wrote:
>>
>> The big Chinese chat app WeChat uses SQLCipher-for-Android to store its
>> messages. But unfortunately, they just generate a password with local,
>> public
>> info. Here's a good example of how not to implement SQLCipher!
>>
>>
>> http://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database
>>
>
> I really do wish the article ended here: "Although this mobile phone
> model is supported by XRY (a mobile phone forensics tool), but it could
> not extract the WeChat chat messages. Only Whatsapp, and other text
> messages were successfully extracted."
Yes indeed. The good news is that it is purely a matter of the password here,
and it sounds like the person who reverse engineered the password process did
it by snooping on non-encrypted network connections. So perhaps their
security through obscurity would have lasted longer if WeChat had obscured the
network traffic as well ;-)
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
More information about the Guardian-dev
mailing list