Created
August 15, 2018 20:48
-
-
Save simon816/b2491a17f7bce7009f3ae5094a975094 to your computer and use it in GitHub Desktop.
Decrypt HTC LucyNotes data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# copy /sdcard/.data/LucyNotes and /data/data/com.htc.lucy/databases/htcnotes.db | |
# into a directory with this script and run it | |
key=$(sqlite3 htcnotes.db "select v from kv where k='k'" | sed '/^$/d' | base64 -d | xxd -ps | paste -sd '' -) | |
iv=$(sqlite3 htcnotes.db "select v from kv where k='iv'" | sed '/^$/d' | base64 -d | xxd -ps | paste -sd '' -) | |
find LucyNotes/ -type f -name '*_e.*' | while read file; do | |
out=$(echo $file | sed s/_e././ | sed s/LucyNotes/LucyNotes.decrypted/) | |
mkdir -p $(dirname "$out") | |
openssl enc -d -aes-256-cbc -K $key -iv $iv -in "$file" -out "$out" | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@oh-oh-seven This script was written for the M9. Are there other app's data in the
/data/data
directory? You'll probably need root to access it.If you had disk encryption enabled, you'll need to make sure the passcode has been entered on the device before being able to see
/data/data
.Some other places of interest:
/data/user/0
(normally just a symlink to/data/data
),/data/user_de/0
. Basically anything in/data
. you could even rungrep
andfind
on the whole/data
partition to see if anything turns up.If we assume the encryption scheme is the same as what my phone had (aes-256-cbc), then you'll need to look for the key and IV (initialisation vector). Try looking through all files in
/data/data/com.htc.lucy/
for references to these,shared_prefs
may have it.If you can't find anything there's a chance that the key and IV are hard-coded in the app. Even if that were the case, I'd expect there to still be a database for user settings etc.