Search

CN-122020714-A - Data decryption method, device, equipment, medium and program product of application

CN122020714ACN 122020714 ACN122020714 ACN 122020714ACN-122020714-A

Abstract

The invention discloses a data decryption method, a device, equipment, a medium and a program product of an application, which relate to the technical field of data decryption and comprise the steps of obtaining process memory data of a target application and at least one target data template pair; for each target data template pair, extracting target database configuration data from the process memory data and target key configuration data associated with the target database configuration data according to a target database configuration data template and a target key configuration data template in the target data template pair respectively to obtain a target data pair; and searching the encrypted database files matched with the target data pairs in the user storage data of the target application according to the target database configuration data in the target data pairs aiming at each target data pair, and decrypting the matched encrypted database files according to the target data pairs. The embodiment of the invention improves the efficiency of decrypting the encrypted data.

Inventors

  • XIE QINGQUAN
  • Zhu Huabai
  • WU XINGDE
  • Ye hanxiao
  • DONG FENG

Assignees

  • 苏州龙信信息科技有限公司

Dates

Publication Date
20260512
Application Date
20260127

Claims (10)

  1. 1. A method of decrypting data for an application, the method comprising: The method comprises the steps of acquiring process memory data of a target application and at least one target data template pair, wherein the data template pair comprises a target database configuration data template and a target key configuration data template associated with the target database configuration data template; For each target data template pair, extracting target database configuration data from the process memory data according to a target database configuration data template in the target data template pair, and extracting target key configuration data associated with the target database configuration data from the process memory data according to a target key configuration data template in the target data template pair to obtain a target data pair; and searching an encrypted database file matched with the target data pair in user storage data of the target application according to target database configuration data in the target data pair aiming at each target data pair, and decrypting the matched encrypted database file according to the target data pair.
  2. 2. The method of claim 1, wherein the extracting the target database configuration data from the process memory data according to the target database configuration data template in the target data template pair, and extracting the target key configuration data associated with the target database configuration data from the process memory data according to the target key configuration data template in the target data template pair, to obtain the target data pair, comprises: Extracting candidate database configuration data from the process memory data according to the target database configuration data template in the target data template pair, and extracting candidate key configuration data from the process memory data according to the target key configuration data template in the target data template pair to obtain candidate data pairs, wherein the candidate data pairs comprise candidate database configuration data and candidate key configuration data associated with the candidate database configuration data; For each candidate data pair, carrying out validity check on the candidate data pair according to candidate database configuration data and candidate key configuration data in the candidate data pair to obtain a check result of the candidate data pair; And determining the candidate data pair passing the verification as a target data pair.
  3. 3. The method of claim 2, wherein the process memory data includes at least one memory block, wherein the extracting candidate database configuration data from the process memory data according to a target database configuration data template in the target data template pair comprises: Extracting a memory offset address of a fixed field and first byte data in the target database configuration data template, wherein the memory offset address of the fixed field is a fixed value, and the first byte data is a fixed value; extracting second byte data according to the memory offset address and the byte size of the fixed field for each memory block; comparing whether the first byte data is consistent with the second byte data; and if the first byte data is consistent with the second byte data, extracting candidate database configuration data from the memory block according to the memory offset address and the byte size of each field in the target database configuration data template.
  4. 4. The method of claim 2, wherein extracting candidate key configuration data from the process memory data according to the target key configuration data template in the target data template pair comprises: Extracting a memory offset address of a fixed field and third byte data in each target key configuration data template, wherein the memory offset address of the fixed field is a fixed value, and the third byte data is a fixed value; extracting fourth byte data according to the memory offset address and the byte size of the fixed field for each memory block; Comparing whether the third byte data is consistent with the fourth byte data; and if the third byte data is consistent with the fourth byte data, extracting candidate key configuration data from the memory block according to the memory offset address and the byte size of each field in the target key configuration data template.
  5. 5. The method according to claim 2, wherein the verifying the validity of the candidate data pair according to the candidate database configuration data and the candidate key configuration data in the candidate data pair to obtain the verification result of the candidate data pair includes: Comparing whether the address pointed by the key data reading pointer is consistent with the address pointed by the key data writing pointer in the candidate database configuration data, so as to obtain a first comparison result; reading the pointer according to the key data, acquiring auxiliary key configuration data, and comparing the auxiliary key configuration data with the candidate key configuration data to obtain a second comparison result; determining whether a key combination string in the candidate key configuration data is consistent with a combination result of a data key in the candidate key configuration data and a key derivative salt value in the candidate database configuration data, so as to obtain a third comparison result; And if the first comparison result, the second comparison result and the third comparison result are all consistent, determining the verification result of the candidate data pair as verification passing.
  6. 6. The method of claim 1, further comprising, prior to retrieving the in-process memory data of the target application and the at least one target data template pair: obtaining at least one database configuration version, and at least one processor instruction set architecture; generating at least one template version according to each database configuration version and each processor instruction set architecture, wherein the database configuration versions among the template versions are different and/or the processor instruction set architectures are different; Transmitting each template version to a technician, so that the technician writes and runs an example application according to each template version, and extracts and transmits a database configuration data template and a key configuration data template in the process memory data of each example application; and receiving each database configuration data template and each key configuration data template.
  7. 7. An apparatus for decrypting data for an application, the apparatus comprising: the system comprises an acquisition module, a target application and a target key configuration module, wherein the acquisition module is used for acquiring process memory data of the target application and at least one target data template pair, and the data template pair comprises a target database configuration data template and a target key configuration data template associated with the target database configuration data template; The extraction module is used for extracting target database configuration data from the process memory data according to the target database configuration data template in the target data template pair and extracting target key configuration data associated with the target database configuration data from the process memory data according to the target key configuration data template in the target data template pair aiming at each target data template pair to obtain a target data pair; And the decryption module is used for searching an encrypted database file matched with the target data pair in the user storage data of the target application according to the target database configuration data in the target data pair aiming at each target data pair, and decrypting the matched encrypted database file according to the target data pair.
  8. 8. An electronic device, the electronic device comprising: at least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the data decryption method of an application of any one of claims 1-6.
  9. 9. A computer readable storage medium storing computer instructions for causing a processor to execute the data decryption method of an application according to any one of claims 1-6.
  10. 10. A computer program product, characterized in that the computer program product comprises a computer program which, when executed by a processor, implements the data decryption method of an application of any one of claims 1-6.

Description

Data decryption method, device, equipment, medium and program product of application Technical Field The present invention relates to the field of data decryption technologies, and in particular, to a data decryption method, device, apparatus, medium, and program product for an application. Background SQLCIPHER (SQL encryption database) is an open source database encryption solution, which adds a strong encryption function on the basis of SQLite (embedded lightweight database), supports full database encryption, uses 256-bitAES (Advanced Encryption Standard ) encryption algorithm, and is suitable for mobile, embedded and desktop applications. Most common desktop applications adopt SQLCIPHER schemes, which store keys in a server, and only after a user makes a login request, the data keys are issued, and then software uses the data keys to access user data. In view of the data evidence-taking requirements, the current common approach is to use reverse means, such as static analysis and dynamic debugging, to analyze the acquired data key and decryption algorithm, and then decrypt the data, which consumes a lot of time, money and labor costs. Disclosure of Invention The invention provides a data decryption method, device, equipment, medium and program product for an application, so as to improve the decryption efficiency of database files of the application. In a first aspect, an embodiment of the present invention provides a data decryption method for an application, including: The method comprises the steps of acquiring process memory data of a target application and at least one target data template pair, wherein the data template pair comprises a target database configuration data template and a target key configuration data template associated with the target database configuration data template; For each target data template pair, extracting target database configuration data from the process memory data according to a target database configuration data template in the target data template pair, and extracting target key configuration data associated with the target database configuration data from the process memory data according to a target key configuration data template in the target data template pair to obtain a target data pair; and searching an encrypted database file matched with the target data pair in user storage data of the target application according to target database configuration data in the target data pair aiming at each target data pair, and decrypting the matched encrypted database file according to the target data pair. In a second aspect, an embodiment of the present invention further provides an apparatus for decrypting data of an application, including: the system comprises an acquisition module, a target application and a target key configuration module, wherein the acquisition module is used for acquiring process memory data of the target application and at least one target data template pair, and the data template pair comprises a target database configuration data template and a target key configuration data template associated with the target database configuration data template; The extraction module is used for extracting target database configuration data from the process memory data according to the target database configuration data template in the target data template pair and extracting target key configuration data associated with the target database configuration data from the process memory data according to the target key configuration data template in the target data template pair aiming at each target data template pair to obtain a target data pair; And the decryption module is used for searching an encrypted database file matched with the target data pair in the user storage data of the target application according to the target database configuration data in the target data pair aiming at each target data pair, and decrypting the matched encrypted database file according to the target data pair. In a third aspect, an embodiment of the present invention further provides an electronic device, including: at least one processor, and A memory communicatively coupled to the at least one processor, wherein The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the data decryption method of the application provided by any one of the embodiments of the present invention. In a fourth aspect, embodiments of the present invention further provide a computer readable storage medium storing computer instructions for causing a processor to execute a data decryption method for implementing an application of any of the embodiments of the present invention. In a fifth aspect, embodiments of the present invention also provide a computer program product, characterized in that the computer program product comprises a computer program which, when executed by a processor, implements the data decryption method of the ap