±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36228
New Yesterday: 5 Visitors: 200

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Wire Messenger on Android

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

jjh2320
Member
 

Wire Messenger on Android

Post Posted: Sep 25, 19 10:40

Good Morning All,

I am currently looking into Wire Messenger on several Android devices, which a physical has been obtained on each occasion, so I have access to the related files / folders '/data/data/com.wire' and 'media/0/Android/data/com.wire'.

The messages stored are not encrypted and I can extract them from the relevant database within '/data/data/com.wire/databases' which is fine and I am able to identify which messages are multimedia messages etc. Details relating specifically to the multimedia messages and their local storage location are stored within a database named: 'ZGlobal.db' (in the same location as above).

'ZGlobal.db' consists of the following columns I am interested in;

key - The message ID which can be linked to the messages database.
file - The file name as stored on the handset.
path - The path of the file on the local handset (as far as I have seen)
enc_key - Appears to be a base64 encryption key for each file.

So, I can locate what media files I am interested in through the use of both databases and successfully locate the files within 'media/0/Android/data/com.wire', however, the files are encrypted. What I cannot do currently is identify a way to apply the relevant encryption key to the file in order to decrypt it.

Is anyone able to comment as to the possibility of using the encryption key to decrypt the files and if so how to go about it. At this time I am happy for suggestions on completing the task on a single file with a view at a later date to automate the process.

Just to confirm XRY and UFED have been used to decode the extractions and has not been able to achieve this.

Hopefully it all makes sense, but happy to expand on any points above or provide further details.

Thanks in advance.

J.  
 
  

pcook8198
Member
 

Re: Wire Messenger on Android

Post Posted: Oct 11, 19 11:55

Good afternoon

I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.

Where I work we recently purchased new software

MD Next
and
MD RED

Works a treat on android. My preferred tool now.  
 
  

armresl
Senior Member
 

Re: Wire Messenger on Android

Post Posted: Oct 11, 19 23:23

Is MD only working with really old phones?

- pcook8198
Good afternoon

I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.

Where I work we recently purchased new software

MD Next
and
MD RED

Works a treat on android. My preferred tool now.

_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

jjh2320
Member
 

Re: Wire Messenger on Android

Post Posted: Oct 16, 19 07:41

Thanks pcook8198, I will take a look.

armresl, I believe it supports a variety of devices, both old and new.

Thanks

J.  
 
  

Angel.7
Member
 

Re: Wire Messenger on Android

Post Posted: Oct 17, 19 04:10

Good information to know,

Wire Messenger on Android supports a variety of old and new devices. However, like XRY and UFED it can decode the extraction, but has not been able to apply the relevant encryption key to the file in order to decrypt it. Is that what you are saying??

Have you found a software to address this?  
 
  

pcook8198
Member
 

Re: Wire Messenger on Android

Post Posted: Oct 21, 19 12:39

HancomGMD provide software for mobile device acquisition and analysis

I have been using it for about 9 months now

I have to say, it is my go to tool for android devices


It decodes a wide variety of comms apps, wire included.

Also it will retrieve chat data from the likes of Telegram and Whats App via a logical along as you have the password / code for the handset

Feel free to message me if you have any questions  
 

Page 1 of 1