{"id":23357477,"url":"https://github.com/cs-magic-open/wechat-dbcracker","last_synced_at":"2025-04-05T23:05:37.061Z","repository":{"id":162561237,"uuid":"456256123","full_name":"cs-magic-open/wechat-dbcracker","owner":"cs-magic-open","description":"MacOS 微信数据库破解（不用找了，整个github都没比这份更清晰的了！）","archived":false,"fork":false,"pushed_at":"2025-01-07T03:48:05.000Z","size":879,"stargazers_count":126,"open_issues_count":0,"forks_count":18,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-29T22:04:23.717Z","etag":null,"topics":["dtrace","macos","sqlcipher","wechat"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cs-magic-open.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-06T19:52:38.000Z","updated_at":"2025-03-27T10:38:51.000Z","dependencies_parsed_at":"2023-06-03T15:00:30.369Z","dependency_job_id":"2736d120-bc3d-4998-a3af-f2f7e6784b55","html_url":"https://github.com/cs-magic-open/wechat-dbcracker","commit_stats":null,"previous_names":["markshawn2020/wechat-dbcracker","cs-magic-open/wechat-dbcracker"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs-magic-open%2Fwechat-dbcracker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs-magic-open%2Fwechat-dbcracker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs-magic-open%2Fwechat-dbcracker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cs-magic-open%2Fwechat-dbcracker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cs-magic-open","download_url":"https://codeload.github.com/cs-magic-open/wechat-dbcracker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247411226,"owners_count":20934653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dtrace","macos","sqlcipher","wechat"],"created_at":"2024-12-21T10:29:13.880Z","updated_at":"2025-04-05T23:05:37.039Z","avatar_url":"https://github.com/cs-magic-open.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 微信聊天记录获取之数据库破解\n\n\n\n## 项目目标\n\n破解某宿主环境的微信数据库，从而获取其聊天历史记录\n\n## 项目逻辑与原理\n\n### 为什么要从数据库角度出发\n\n如果使用 `wechaty` 之类的微信机器人，只可以 hook 每条实时消息，无法完整获得历史聊天记录。\n\n不过如果在 `wechaty` 的框架内，再加上获取聊天记录的 api，也许是可行的。\n\n而由于微信聊天记录都是存在数据库的，因此可以从数据库角度进行获取。\n\n### 为什么涉及到数据库的破解\n\n因为微信聊天记录是存储在 `sqlcipher` 的，它是支持加密的 `sqlite` 数据库，需要秘钥才能打开，因此我们要首先拿到数据库的秘钥。\n\n### 如何获取数据库的秘钥\n\n以 MacOS 为例，我们可以使用一些逆向手段（`dtrace`）hook 程序的数据库活动，由于程序打开数据库涉及到密钥的读取，我们可以解析这个读取动作，从而获得明文秘钥。\n  \n### 为什么选择 MacOS 平台\n\n理论上任何平台都可以实现，尤其是 Android、Windows 等平台，逆向工程师更多、破解起来难度可能更小，但我个人的主力机是 Mac/iOS，因此暂时没有考虑兼容 Windows/Android 生态。\n\n其次，PC端的工程能力比移动端要丰富，因此，优先考虑在PC端突破，是性价比较高的选择。\n\n## 环境要求\n\n### 微信版本\n\n目前我们的 dtrace 脚本 以及整个 hook 的逻辑，需要确保 MacOS 微信客户端的版本在 **3.6以下**。\n\n- 3.8以上 不可以（TODO: 微信使用了多进程以及其他技术进行了重构）\n- 3.7 未测试\n\n微信往期版本的下载地址：[Older versions of WeChat (Mac) | Uptodown](https://wechat-for-mac.en.uptodown.com/mac/versions) \n\n### sqlcipher 依赖\n\nMacOS 上要配置好能读写 sqlcipher 的环境。\n\n```shell\n# 1. check where is your `libcrypto.a`\nbrew list openssl | grep libcrypto.a\n# 或者 find /usr/local/Cellar -name libcrypto.a\n\n# 2. use the libcrypto.a with openssl version \u003e= 3\nLIBCRYPTO={YOUR-libcrypto.a}\n\n# 3. install sqlcipher\ngit submodule add https://github.com/sqlcipher/sqlcipher\ncd sqlcipher\n./configure --enable-tempstore=yes CFLAGS=\"-DSQLITE_HAS_CODEC\" \\\n\tLDFLAGS=$LIBCRYPTO --with-crypto-lib=none\nmake\n# need password\nsudo make install\n```\n\n### 关闭 SIP，otherwise the dtrace can't be used\n\n\u003e 需要按住 cmd + shift + R 进入安全模式（Mac Studio 上长按电源键即可）\n\n```shell\n# check SIP\ncsrutil status\n\n# disable SIP, need in recovery mode (hold on shift+R when rebooting)\ncsrutil disable\n```\n\n## 运行，获取秘钥\n\n### 1. 打开mac微信，保持登录页面\n\n### 2. 运行监控程序（注意运行的微信的版本与程序地址）\n\n![wechat-version](assets/wechat-version.png)\n\ntip: 需要确保运行正确的、版本对应的微信程序\n\n```shell\n# comparing to `wechat-decipher-macos`, I make the script more robust.\n# 由于key是固定的，也可以把输出内容持久化，只需要在命令后面加上 `\u003e data/dbcracker.log`\npgrep -f /Applications/WeChat-3.6.0.app/Contents/MacOS/WeChat | xargs sudo core/dbcracker.d -p \u003e .keys\n```\n\n### 3. 登录账号，确认是否有各种数据库键的输出\n\ntip: 对键的读取动作，会在登录时产生，因此需要先运行程序，再登录。\n\n![sqlcipher-track](assets/sqlcipher-track.png)\n\n## 程序化\n\n由于我们已经得到了各个数据库的存储地址、秘钥、版本等，我们便可以程序化的读取所有数据。\n\n- python: 可以使用 `pysqlcipher`\n- nodejs: 可以使用 `node-sqlcipher`\n\n## 项目 todo\n\n- [ ] 尝试破解 3.8+ 的微信版本\n- [ ] 支持 iOS 端的破解（毕竟基于聊天记录的备份系统，移动端数据会更全）\n- [ ] 将整个流程更轻松的自动化\n- [ ] 做一个聊天记录展示的UI或者仿微信界面（已经正在进行，但是更希望解耦，可能会另外开个项目，以及需要最终确定是用什么技术栈实现，electron, flutter ?）\n\n## 参考\n\n- 核心破解参考： nalzok/wechat-decipher-macos: DTrace scripts to extract chat history from WeChat on macOS, https://github.com/nalzok/wechat-decipher-macos/tree/main\n- D 语言：The D Programming Language, https://docs.oracle.com/en/operating-systems/oracle-linux/dtrace-guide/dtrace-ref-TheDProgrammingLanguage.html#dt_dlang\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=cs-magic-open/wechat-dbcracker\u0026type=Date)](https://star-history.com/#cs-magic-open/wechat-dbcracker\u0026Date)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcs-magic-open%2Fwechat-dbcracker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcs-magic-open%2Fwechat-dbcracker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcs-magic-open%2Fwechat-dbcracker/lists"}