Home>Programming related>AI Source Code
Download

wechat history export

Export WeChat chat records to csv.

Currently, it is only tested on macOS . I am not sure if the chat records on other platforms are also in the AES-encrypted sqlite3 database. If the same, this method should also be used. PRs are welcome.

demo

A demo is provided, in demo.py , this is not a script that comes out of the box , you may need to do it yourself.

Maybe you can use pysqlcipher later.

some information

Assume that WeChat information is stored in the relevant AES encrypted sqlite3 database file under the directory wechat_root=~/Library/Containers/com.tencent.xinWeChat/Data/Library/Application Support/com.tencent.xinWeChat/xxx_version/xxx :

  • Contact: wechat_root/Contanct/wccontact_new2.db
  • Group chat: wechat_root/Group/group_new.db
  • Chat history: wechat_root/Message/msg_xxx.db

Find a way to decrypt the database file to get the information you want.

rely

  • sqlcipher

AES Key acquisition

macOS

  • Open the WeChat client, do not log in yet
  • lldb -p $(pgrep WeChat)
    • br set -n sqlite3_key
    • continue
  • Log in
  • Return lldb memory read --size 1 --format x --count 32 $rsi
  • What is printed above is the 256-bit aes key

You will see output similar to the following 

 0x60000243xxxx: 0xe8 0x8d 0x4a 0xd0 0x82 0x6a 0xe2 0x8f
0x60000243xxxx: 0x77 0x70 0x54 0xd4 0x8e 0x72 0x3a 0x1b
0x60000243xxxx: 0x0a 0xe7 0x9c 0x89 0x5f 0x49 0xb0 0xec
0x60000243xxxx: 0x79 0xdf 0x2a 0x68 0xd5 0x9c 0xb8 0xf5

Then assign the value of wechat_raw_key to 'e88d4ad0826ae28f777054d48e723a1b0ae79c895f49b0ec79df2a68d59cb8f5' in demo.py

other

You should be able to find some other methods online. If you try it and it works, PRs are welcome.

Database file decryption 

 # open encrypted database by sqlcipher
sqlcipher wccontact_new2.db

# set decryption parameter in sqlcipher
PRAGMA key = " x'your_aes_key_here' " ;
PRAGMA cipher_page_size = 1024 ;
PRAGMA kdf_iter = ' 64000 ' ;
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1 ;
PRAGMA cipher_hmac_algorithm = HMAC_SHA1 ;

# check decryption succeed or not
SELECT COUNT( * ) FROM sqlite_master ;

# dump decrypted database to xxx_dec.db
ATTACH DATABASE ' xxx_dec.db ' AS plaintext KEY ' ' ;
SELECT sqlcipher_export( ' plaintext ' ) ;
DETACH DATABASE plaintext ;

Write Ahead Log merge

Use the above method to export the decrypted database. Some of the latest data may not be in the database. Later, I found that WeChat has enabled wal and can be merged through checkpoint. Take msg_0.db as an example: 

mkdir wd
cp msg_0.db msg_0.db-shm msg_0.db-wal wd/
cd wd

# open encrypted database by sqlcipher
sqlcipher msg_0.db

# set decryption parameter in sqlcipher
PRAGMA key = " x'your_aes_key_here' " ;
PRAGMA cipher_page_size = 1024 ;
PRAGMA kdf_iter = ' 64000 ' ;
PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1 ;
PRAGMA cipher_hmac_algorithm = HMAC_SHA1 ;

# check decryption succeed or not
# SELECT COUNT(*) FROM sqlite_master;

# merge wal
PRAGMA wal_checkpoint ;

# dump decrypted database to xxx_dec.db
ATTACH DATABASE ' xxx_dec.db ' AS plaintext KEY ' ' ;
SELECT sqlcipher_export( ' plaintext ' ) ;
DETACH DATABASE plaintext ;
Expand
Additional Information
Related Applications
Recommended for You
Related Information All