Signal database acquisition and decryption.
Unlike other applications, such as Whatsapp, Telegram, Messenger, etc., SIGNAL keeps its local database (signal.db) encrypted in AES-GCM mode, that is, even if it is possible to collect such a base through a collection physical (ROOT and others) or logical (DOWNGRADE), nothing can be done while it is not decrypted. For this, we have to obtain three values to decrypt the database, the first is the value of the key that is in the USERKEY_SignalSecret file, in HEXADECIMAL format, located in the KEYSTORE of the device. The other values are present in the XML file, org.thoughtcrime.securesms_preferences.xml, located in Signal's root folder, being the CIFREADED TEXT with AUTHTAG (authentication TAG) + IV, all in BASE64 format.
/data/misc/keystore/user_0/10123_USRSKEY_SignalSecret
/data/user/0/org.thoughtcrime.securesms/databases/signal.db
/data/user/0/org.thoughtcrime.securesms/shared_prefs/org.thoughtcrime.securesms_preferences.xml
“The Android Keystore system allows you to store cryptographic keys in a container to make it difficult to extract from the device. When the keys are in the Keystore, they can be used for cryptographic operations, and the material in them remains non-exportable. Furthermore, this feature provides facilities for restricting how and when the keys can be used, for example, requiring user authentication to use the keys or restricting the use of the keys only in certain cryptographic modes.”
https://developer.android.com/training/articles/keystore
- https://drive.google.com/file/d/17O4pv0sZF-zGLxS5aM2wYJKr-xyvtQe8/view?usp=sharing
- SHA256: 1D7CB73BE2B366F63A7CEEA7F038C95F45724EB4CC82AD39F1DB21F703DAA1AC
-
CHAVE PIX: 3901d8ea-22ca-4ba8-a0fb-2615e5485b2c
-
Donate Pypal:
-
Link: https://www.paypal.com/donate/?hosted_button_id=PCMBCJFU2T4CG (Fernanda Santos)
- C#.
- Free Software.