Possible decrypt compatibility problem
gousaiyang opened this issue · comments
Hi, I want to share a potential decryption compatibility problem. Initially your decrypt-db.py did not successfully decrypt my EnMicroMsg.db, so I thought my key was wrong and ended up using SQLCipher-Password-Cracker-OpenCL to brute force the key. Surprisingly, the result is that my original key (md5('1234567890ABCDEF' + uin)[:7]) was exactly the correct key and I didn't really have to brute force. So the problem is that your do_decrypt function didn't successfully decrypt the DB even when the key is correct, while the relevant function in SQLCipher-Password-Cracker-OpenCL can decrypt the DB when the correct key is given.
I used the following code to reproduce on my DB:
from pysqlcipher3 import dbapi2 as sqlite
filename = 'EnMicroMsg.db'
key = 'MYKEY'
PBKDF2_ITER = 4000 # sqlcipherv2 standard is 4000
PAGE_SIZE = 1024 # value varies on application specification, we assume db is encrypted by each page, of 1024 byte
conn = sqlite.connect(filename)
c = conn.cursor()
c.execute("PRAGMA key = '" + key + "';")
# c.execute("PRAGMA cipher_compatibility = 1;")
# c.execute("PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;")
c.execute("PRAGMA cipher_use_hmac = OFF;")
# c.execute("PRAGMA cipher_page_size = "+str(PAGE_SIZE)+";")
c.execute("PRAGMA kdf_iter = "+str(PBKDF2_ITER)+";")
# c.execute("ATTACH DATABASE '" + 'temp.out.db' + "' AS db KEY '';")
c.execute("select count(*) from message;")
print(c.fetchall())The code above can decrypt my DB. For the two lines PRAGMA cipher_use_hmac = OFF and PRAGMA kdf_iter = ..., if I comment out either one of them, it will fail with pysqlcipher3.dbapi2.DatabaseError: file is encrypted or is not a database. Probably this is a compatibility problem of SQLite. Anyway, thanks for developing this tool!
According to sqlcipher/sqlcipher@e4b66d6,
setting cipher_compatibility=1 should have the same effect of setting cipher_use_hmac=off, kdf_iter=4000.
Does your sqlcipher version include the above commit? If so, it's strange why this would happen.
OK maybe this is the problem. I got SQLCipher via apt install libsqlcipher-dev and the version is 3.4.1-1build1, while the commit you mentioned was released since version 4.0.1. Probably it will be good if I build SQLCipher from source.
I should read your README.md more carefully as it already said sqlcipher >= 4.1. Thanks!
I just added a check for version.
Would be nice to also fallback to the old params when using old versions.
