decrypt mac kakaotalk database :)

mac_ktalk_dec.py

import hashlib
import base64

def pbkdf2(password: bytes, salt: bytes):
    return hashlib.pbkdf2_hmac("sha256", password, salt, 100000, 128)


def hashedDeviceUUID(uuid: str):
    uuid = uuid.encode("ascii")
    return base64.b64encode(hashlib.sha1(uuid).digest() + hashlib.sha256(uuid).digest()).decode("ascii")


def getDatabaseName(userId: int, uuid: str):
    hawawa = ".".join([
        ".",
        "F",
        str(userId),
        "A",
        "F",
        "".join(reversed(uuid)),
        ".",
        "|",
    ])

    return pbkdf2(
        hawawa.encode("ascii"),
        "".join(reversed(hashedDeviceUUID(uuid))
    ).encode("ascii")).hex()[28:28+78]


def getSecureKey(userId: int, uuid: str):
    hawawa = "F".join([
        "A",
        hashedDeviceUUID(uuid),
        "|",
        "F",
        uuid[:5],
        "H",
        str(userId),
        "|",
        uuid[7:]
    ])
    
    return pbkdf2(
        "".join(reversed(hawawa)).encode("ascii"),
        uuid[int(len(uuid) * 0.3):].encode("ascii")
    ).hex()

## EXAMPLE
#
# import os.path
# from pysqlcipher3 import dbapi2 as sqlite3

# userId = 0
# uuid = ""

# basepath = '~/Library/Containers/com.kakao.KakaoTalkMac/Data/Library/Application Support/com.kakao.KakaoTalkMac/'
# basepath = os.path.expanduser(basepath)

# conn = sqlite3.connect(basepath + getDatabaseName(userId, uuid))
# c = conn.cursor()
# c.execute("PRAGMA cipher_default_compatibility = 3;")
# c.execute("PRAGMA KEY='%s'" % getSecureKey(userId, uuid))
# c.execute("SELECT message from NTChatMessage;")
# for i in c.fetchall():
#     print(i)

uuid: ioreg -d2 -c IOPlatformExpertDevice | awk -F" '/IOPlatformUUID/{print $(NF-1)}'
userId: bruteforce