Signal database dec...
 
Notifications
Clear all

Signal database decryption

4 Posts
3 Users
0 Likes
1,911 Views
LeGioN
(@legion)
Posts: 51
Trusted Member
Topic starter
 

Hey!

I was just quickly dropping by to check if anyone has had any luck with decrypting the Signal messenger database?

I have tried using the signal2john.py script.. But I am unfortunatly not smart enough to know what the heck I am to do next.

#Signal2john.py \org.thoughtcrime.securesms\shared_prefs\SecureSMS-Preferences.xml
SecureSMS-Preferences.xml$signal$1$4032$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Is the output I get (Thought the X's the usual hash-value-format) and that I would like to decrypt to open up the signal.db.

Any thoughts?

)

 
Posted : 07/11/2018 11:31 am
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

# ./signal2john.py \org.thoughtcrime.securesms\shared_prefs\SecureSMS-Preferences.xml > hash.txt
# ./john hash.txt
wait…?

 
Posted : 07/11/2018 2:53 pm
LeGioN
(@legion)
Posts: 51
Trusted Member
Topic starter
 

Hey! )

John tells me that no passwordhashes are loaded.. So think something might be missing in my rather excelent plan of getting out the content of the database @

 
Posted : 08/11/2018 7:14 am
(@deefir)
Posts: 49
Eminent Member
 

Hey! )

John tells me that no passwordhashes are loaded.. So think something might be missing in my rather excelent plan of getting out the content of the database @

Your hash.txt file will contain the following;

SecureSMS-Preferences.xml$signal$1$4032$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$XXXXXXXXXXX

The hash itself is everything following the after SecureSMS-Preferences.xml.

The file loaded by JTR should be in the following format;

$signal$1$4032$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX$XXXXXXXXXXX

 
Posted : 15/07/2019 4:44 am
Share: