Good Morning All,
I am currently looking into Wire Messenger on several Android devices, which a physical has been obtained on each occasion, so I have access to the related files / folders '/data/data/com.wire' and 'media/0/Android/data/com.wire'.
The messages stored are not encrypted and I can extract them from the relevant database within '/data/data/
'ZGlobal.db' consists of the following columns I am interested in;
key - The message ID which can be linked to the messages database.
file - The file name as stored on the handset.
path - The path of the file on the local handset (as far as I have seen)
enc_key - Appears to be a base64 encryption key for each file.
So, I can locate what media files I am interested in through the use of both databases and successfully locate the files within 'media/0/Android/data/com.wire', however, the files are encrypted. What I cannot do currently is identify a way to apply the relevant encryption key to the file in order to decrypt it.
Is anyone able to comment as to the possibility of using the encryption key to decrypt the files and if so how to go about it. At this time I am happy for suggestions on completing the task on a single file with a view at a later date to automate the process.
Just to confirm XRY and UFED have been used to decode the extractions and has not been able to achieve this.
Hopefully it all makes sense, but happy to expand on any points above or provide further details.
Thanks in advance.
J.
Good afternoon
I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.
Where I work we recently purchased new software
MD Next
and
MD RED
Works a treat on android. My preferred tool now.
Is MD only working with really old phones?
Good afternoon
I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.
Where I work we recently purchased new software
MD Next
and
MD REDWorks a treat on android. My preferred tool now.
Thanks pcook8198, I will take a look.
armresl, I believe it supports a variety of devices, both old and new.
Thanks
J.
Good information to know,
Wire Messenger on Android supports a variety of old and new devices. However, like XRY and UFED it can decode the extraction, but has not been able to apply the relevant encryption key to the file in order to decrypt it. Is that what you are saying??
Have you found a software to address this?
HancomGMD provide software for mobile device acquisition and analysis
I have been using it for about 9 months now
I have to say, it is my go to tool for android devices
It decodes a wide variety of comms apps, wire included.
Also it will retrieve chat data from the likes of Telegram and Whats App via a logical along as you have the password / code for the handset
Feel free to message me if you have any questions