-
-
Save stek29/8a7ac0e673818917525ec4031d77a713 to your computer and use it in GitHub Desktop.
@chicocvenancio notificationsKey is per account, you need instance level file .tempkeyEncrypted (notice the dot -- it's a hidden file).
~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/beta/account-*/notificationsKey -- the file you have found
~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/beta/.tempkeyEncrypted -- the file you need
@stek29 Thanks. it's in ~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/stable now but I did manage to decrypt it. Alas the messages I was trying to recover are not in the db. Kind of sad Telegram allows other parties to nuke the history with no possibility of recovery.
Where did you find that seed value of -137723950 ?
I can't get the hash to match for a binlog file generated with tdlib-1.8.5.so
@drzraf this is for native telegram clients for iOS/macOS/*OS, no idea on how tdlib does it.
And do you remember where in GitHub did you encountered the reference to this seed's value (or was it done using bitwise operators in a loop)? Would help to later spot its counterpart of TG Desktop and TDLib.
@stek29 Thanks. it's in
~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/stablenow but I did manage to decrypt it. Alas the messages I was trying to recover are not in the db. Kind of sad Telegram allows other parties to nuke the history with no possibility of recovery.
@chicocvenancio
TimeMachine helps me here)
there’s a tool called iLEAPP which now includes this code, but it’s targeted on iOS backup forensics
I was trying to recover my message from postbox/db/db_sqlite and i followed all steps, it also generated a 40 MB file plaintext.db but when i tried to open that with https://inloop.github.io/sqlite-viewer/
I'm getting this kind of data, I was expecting plain text messages. Any suggestions here? I am using Telegram on my Mac
@rohitcoder suggestion is to use the code literally in this gist to decode the database. they’re not in plaintext, they’re encoded in custom format
aww, I've got:
raise Exception (f'hash mismatch: {dbHash} != {calcHash}")
and mine crypted file was by path
/Group\ Containers/6N38VWS5BX.ru.keepcoder.Telegram/appstore/.tempkeyEncrypted
Anybody knows how to handle this?
@DreadfulBot
Maybe you setup password for Telegram?
Try change 'no-matter-key' to it.
This is awesome!
I followed the instructions and managed to get a 90Mb "plaintext.db" file, and the instruction:
con = sqlite3.connect('plaintext.db')
does connect to the DB, But it crashes when trying to access any of the tables. For example:
OperationalError Traceback (most recent call last)
Input In [31], in <cell line: 1>()
----> 1 for idx, msg in get_all_messages(f=lambda idx: idx.timestamp > 1443989880):
2 if MessageFlags.Incoming in msg['flags'] and 'web versions of Telegram' in msg['text']:
3 print_message(idx, msg)
Input In [9], in get_all_messages(f, decode)
2 cur = con.cursor()
3 try:
----> 4 cur.execute("SELECT key, value FROM t7 ORDER BY key")
5 for key, value in cur:
6 idx = MessageIndex.from_bytes(key)
OperationalError: no such table: t7
Any ideas?
I see that passcode is not discussed here. If the user sets passcode, will it affect the generation of the key and the decryption of the final sqlite?
@fr0zenrain local passcode is used instead of no-matter-key, if it’s set. This is different from 2FA password set on servers.
I’m not sure about iOS App digit passcode though.
I wonder, is there a way to get tempkey on Windows?
@yunasc what do you mean? there's only telegram desktop for windows, and it has no local database
It has an encrypted sqlite DB. I'm using Unigram client which uses tdlib which has local database.
You're lifesaver
saved my channel content from telegram who deleted it without warning and never responded to any of communication channels
By running the script above, I can only find one participant of the conversation.
When it is outgoing, there is no information about the sender.
When it is incoming, there is no information about the recipient.
It seems that the information of the owner of the phone is not available.
How to get the account details of the owner?
Does anyone know by any chance if there's a way to know if the auto-delete feature is enabled in a chat/conversation or not?
I can't find the
tempkeyEncryptedin the current app, there is anotificationsKeyfille but it is json and using either it directly or just the data field did not yield results, gettingValueError: Data must be padded to 16 byte boundary in CBC modeinstead.Thanks for the script btw.