![]() Two main locations contains encrypted files: Few adjustments later and BOOM !Īnd got a bunch of (key, iv) couples again ! Snaps ? Luckily, we already implemented SQLCipher decryption for the Signal app ( this notebook). ![]() Time to access gallery.encrypteddb ! gallery.encrypteddb (AFU accessible)Īs it names do not say, this one is SQLCipher encrypted. In the ZGALLERYSNAP we found the ZHASLOCATION column… seems interesting but where is the location data?Īfter looking at every blob of this database and finding nothing close to a coordinate, I bet this would be encrypted. ZGALLERYSNAPMINITHUMBNAIL : contains encrypted thumbnails of snaps.ZGALLERYSNAP : contains snaps metadata, especially times.This database contains several tables with 2 of special interest : Well, the tables are not always populated… So no juicy data here in my example. This database contains tables with nice names. Let’s start with arroyo.db (BFU accessible) Documents/gallery///cloudfs : encrypted files sitting there too!.Documents/user_scoped/ : encrypted files sitting there.Documents/user_scoped//contentmanagerV3/contentManagerDb.db.Documents/user_scoped//DocObjects/primary.docobjects.Documents/gallery_encrypted_db///gallery.encrypteddb : contains sensitive data such as decryption keys or location data.Documents/gallery_data_object///scdb-27.sqlite3 : main database of Snapchat.Documents/user_scoped/arroyo/arroyo.db :.Library/Caches/tmp : contains plain text media, just watch !.All the user data of Snapchat is located in the /private/var/mobile/Containers/Data/Application/
0 Comments
Leave a Reply. |