The sqlite database used by the db file of the mobile phone QQ chat record, the name of the general library file is {user QQ number}.db
To get the db file, you need to root the phone or the phone supports app backup. I use a Xiaomi phone, which supports direct backup of app data without rooting. There are many online tutorials on this.
The db file itself is not encrypted, but the field content is encrypted. The encryption method generally uses the XOR operation of the mobile phone IMEI value and the character value to be encrypted .
The following solves how to deduce the IMEI value for encryption if the IMEI cannot be found when there is only a db file.
1. Deriving the IMEI value
Analyze the Friens table in the db file , and find that the encrypted IMEI value can be deduced by using the correspondence between the friend's remark ( remark ) and the pinyin field ( mCompareSpell )
The mCompareSpell field is the pinyin correspondence of the remark field (if the remark is empty, it will correspond to the name field)
Knowing the corresponding relationship, we can use the number 0-9 as the key to decrypt the two field values, compare the pinyin value of the remark field with the decrypted mCompareSpell value, and then select the correct digital value according to the comparison, and cycle in turn until Find all the values that are the IMEI you are looking for
I wrote a python script to realize this process, operating environment: mobile phone QQ v8.3 export db file, win10, Xiaomi Android phone
2. Manual operation steps
First, start from the first digit. From the above figure, we can see that [this] and [c] [step] and [b] are the correct pinyin correspondence, so the first digit IMEI value is 8 or 9 (9 will be found later. is the wrong value), choose 8 here
Then continue the evaluation of the second digit, the pinyin of [this] is ci, so select 6 for the second digit, one Chinese character corresponds to multiple letters, so just select the correct pinyin according to the order of Chinese characters
Last IMEI value
3. Automatic operation steps
You can derive the IMEI value by directly specifying the db path
4. Script source address
If a data display is not obvious, you can also set multiple data display comparisons
λ py find_qq_db_imei.py -h
usage: find_qq_db_imei.py [-h] [-l KEY_LENGTH] [-m MODEL] [-n LIMIT_ROWS]
[-i INIT_IMEI | -q USER_QQ]
db_file
QQ聊天记录db文件获取解密key(IMEI)
positional arguments:
db_file db文件路径(必输)
optional arguments:
-h, --help show this help message and exit
-l KEY_LENGTH 需要推导的IMEI长度值(默认15)
-m MODEL 操作模式:1 自动(默认) 2 手动
-n LIMIT_ROWS 需要查看的组数(默认2)
-i INIT_IMEI 初始前几位IMEI值
-q USER_QQ db文件所属用户qq号,以求解前几位IMEI