Skip to content

Instantly share code, notes, and snippets.

@stek29
Last active November 7, 2024 23:27
Show Gist options
  • Save stek29/8a7ac0e673818917525ec4031d77a713 to your computer and use it in GitHub Desktop.
Save stek29/8a7ac0e673818917525ec4031d77a713 to your computer and use it in GitHub Desktop.
Extract Telegram messages from db_sqlite PostBox – made for Telegram for macOS, but should work with Telegram for iOS
Display the source blob
Display the rendered blob
Raw
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@chazer
Copy link

chazer commented Mar 31, 2023

@stek29 Thanks. it's in ~/Library/Group Containers/6N38VWS5BX.ru.keepcoder.Telegram/stable now but I did manage to decrypt it. Alas the messages I was trying to recover are not in the db. Kind of sad Telegram allows other parties to nuke the history with no possibility of recovery.

@chicocvenancio
TimeMachine helps me here)

@stek29
Copy link
Author

stek29 commented Apr 2, 2023

there’s a tool called iLEAPP which now includes this code, but it’s targeted on iOS backup forensics

https://github.com/abrignoni/iLEAPP

@rohitcoder
Copy link

rohitcoder commented Apr 5, 2023

@chazer @stek29

I was trying to recover my message from postbox/db/db_sqlite and i followed all steps, it also generated a 40 MB file plaintext.db but when i tried to open that with https://inloop.github.io/sqlite-viewer/

I'm getting this kind of data, I was expecting plain text messages. Any suggestions here? I am using Telegram on my Mac

image

@stek29
Copy link
Author

stek29 commented Apr 6, 2023

@rohitcoder suggestion is to use the code literally in this gist to decode the database. they’re not in plaintext, they’re encoded in custom format

@DreadfulBot
Copy link

aww, I've got:
raise Exception (f'hash mismatch: {dbHash} != {calcHash}")
and mine crypted file was by path
/Group\ Containers/6N38VWS5BX.ru.keepcoder.Telegram/appstore/.tempkeyEncrypted
Anybody knows how to handle this?

@chazer
Copy link

chazer commented May 19, 2023

@DreadfulBot
Maybe you setup password for Telegram?
Try change 'no-matter-key' to it.

@DaveBombadil
Copy link

@stek29 @chazer

This is awesome!

I followed the instructions and managed to get a 90Mb "plaintext.db" file, and the instruction:

con = sqlite3.connect('plaintext.db')

does connect to the DB, But it crashes when trying to access any of the tables. For example:

OperationalError Traceback (most recent call last)
Input In [31], in <cell line: 1>()
----> 1 for idx, msg in get_all_messages(f=lambda idx: idx.timestamp > 1443989880):
2 if MessageFlags.Incoming in msg['flags'] and 'web versions of Telegram' in msg['text']:
3 print_message(idx, msg)

Input In [9], in get_all_messages(f, decode)
2 cur = con.cursor()
3 try:
----> 4 cur.execute("SELECT key, value FROM t7 ORDER BY key")
5 for key, value in cur:
6 idx = MessageIndex.from_bytes(key)

OperationalError: no such table: t7

Any ideas?

@fr0zenrain
Copy link

I see that passcode is not discussed here. If the user sets passcode, will it affect the generation of the key and the decryption of the final sqlite?

@stek29
Copy link
Author

stek29 commented Nov 8, 2023

@fr0zenrain local passcode is used instead of no-matter-key, if it’s set. This is different from 2FA password set on servers.
I’m not sure about iOS App digit passcode though.

@yunasc
Copy link

yunasc commented Feb 21, 2024

I wonder, is there a way to get tempkey on Windows?

@stek29
Copy link
Author

stek29 commented Mar 6, 2024

@yunasc what do you mean? there's only telegram desktop for windows, and it has no local database

@yunasc
Copy link

yunasc commented Mar 14, 2024

It has an encrypted sqlite DB. I'm using Unigram client which uses tdlib which has local database.

@VityaSchel
Copy link

You're lifesaver
saved my channel content from telegram who deleted it without warning and never responded to any of communication channels

@wirokemproh
Copy link

By running the script above, I can only find one participant of the conversation.
When it is outgoing, there is no information about the sender.
When it is incoming, there is no information about the recipient.
It seems that the information of the owner of the phone is not available.

How to get the account details of the owner?

@farzadmf
Copy link

Does anyone know by any chance if there's a way to know if the auto-delete feature is enabled in a chat/conversation or not?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment