Join Us!

Wire Messenger on A...
 
Notifications
Clear all

Wire Messenger on Android  

  RSS
jjh2320
(@jjh2320)
New Member

Good Morning All,

I am currently looking into Wire Messenger on several Android devices, which a physical has been obtained on each occasion, so I have access to the related files / folders '/data/data/com.wire' and 'media/0/Android/data/com.wire'.

The messages stored are not encrypted and I can extract them from the relevant database within '/data/data/com.wire/databases' which is fine and I am able to identify which messages are multimedia messages etc. Details relating specifically to the multimedia messages and their local storage location are stored within a database named 'ZGlobal.db' (in the same location as above).

'ZGlobal.db' consists of the following columns I am interested in;

key - The message ID which can be linked to the messages database.
file - The file name as stored on the handset.
path - The path of the file on the local handset (as far as I have seen)
enc_key - Appears to be a base64 encryption key for each file.

So, I can locate what media files I am interested in through the use of both databases and successfully locate the files within 'media/0/Android/data/com.wire', however, the files are encrypted. What I cannot do currently is identify a way to apply the relevant encryption key to the file in order to decrypt it.

Is anyone able to comment as to the possibility of using the encryption key to decrypt the files and if so how to go about it. At this time I am happy for suggestions on completing the task on a single file with a view at a later date to automate the process.

Just to confirm XRY and UFED have been used to decode the extractions and has not been able to achieve this.

Hopefully it all makes sense, but happy to expand on any points above or provide further details.

Thanks in advance.

J.

Quote
Posted : 25/09/2019 11:40 am
pcook8198
(@pcook8198)
New Member

Good afternoon

I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.

Where I work we recently purchased new software

MD Next
and
MD RED

Works a treat on android. My preferred tool now.

ReplyQuote
Posted : 11/10/2019 12:55 pm
armresl
(@armresl)
Senior Member

Is MD only working with really old phones?

Good afternoon

I've had quite a lot of wire chat myself recently. I previously came across the same issue and had problems with image decryption and association.

Where I work we recently purchased new software

MD Next
and
MD RED

Works a treat on android. My preferred tool now.

ReplyQuote
Posted : 12/10/2019 12:23 am
jjh2320
(@jjh2320)
New Member

Thanks pcook8198, I will take a look.

armresl, I believe it supports a variety of devices, both old and new.

Thanks

J.

ReplyQuote
Posted : 16/10/2019 8:41 am
Angel.7
(@angel-7)
New Member

Good information to know,

Wire Messenger on Android supports a variety of old and new devices. However, like XRY and UFED it can decode the extraction, but has not been able to apply the relevant encryption key to the file in order to decrypt it. Is that what you are saying??

Have you found a software to address this?

ReplyQuote
Posted : 17/10/2019 5:10 am
pcook8198
(@pcook8198)
New Member

HancomGMD provide software for mobile device acquisition and analysis

I have been using it for about 9 months now

I have to say, it is my go to tool for android devices

It decodes a wide variety of comms apps, wire included.

Also it will retrieve chat data from the likes of Telegram and Whats App via a logical along as you have the password / code for the handset

Feel free to message me if you have any questions

ReplyQuote
Posted : 21/10/2019 1:39 pm
Share: