Wire Messenger on Android

Good Morning All,

I am currently looking into Wire Messenger on several Android devices, which a physical has been obtained on each occasion, so I have access to the related files / folders '/data/data/com.wire' and 'media/0/Android/data/com.wire'.

The messages stored are not encrypted and I can extract them from the relevant database within '/data/data/com.wire/databases' which is fine and I am able to identify which messages are multimedia messages etc. Details relating specifically to the multimedia messages and their local storage location are stored within a database named 'ZGlobal.db' (in the same location as above).

'ZGlobal.db' consists of the following columns I am interested in;

key - The message ID which can be linked to the messages database.
file - The file name as stored on the handset.
path - The path of the file on the local handset (as far as I have seen)
enc_key - Appears to be a base64 encryption key for each file.

So, I can locate what media files I am interested in through the use of both databases and successfully locate the files within 'media/0/Android/data/com.wire', however, the files are encrypted. What I cannot do currently is identify a way to apply the relevant encryption key to the file in order to decrypt it.

Is anyone able to comment as to the possibility of using the encryption key to decrypt the files and if so how to go about it. At this time I am happy for suggestions on completing the task on a single file with a view at a later date to automate the process.

Just to confirm XRY and UFED have been used to decode the extractions and has not been able to achieve this.

Hopefully it all makes sense, but happy to expand on any points above or provide further details.

Thanks in advance.

J.