SnapChat My Eyes Only PIN Bruteforce #255
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Script to brute-force SnapChat My Eyes Only PIN
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Script to brute-force SnapChat My Eyes Only PIN
Memories.db stores the PIN hash in the 'memories_meo_confidential' table - 'hashed_passcode' column as a bcrypt hash.
Memories.db will only be available/contain a hashed passcode if the user has entered the MEO PIN code while connected to the internet. During my testing, when logging out of SnapChat, the memories.db database was deleted/no longer accessible.
Memories.db was re-created upon login, but the hashed_passcode column was empty until I entered the MEO PIN code
while connected to the internet.
It seems that once the PIN code is verified online initially, and a bcrypt hash is created and stored offline within Memories.db,
the user may then enter the PIN to access MEO folder offline (the hash will be cached for an undetermined period of time - this may be the same as the 60 day timeout reported on the Forensics Discord server for media).
memories.db/hash is persistent through power off/on states. Logout and x days is the only thing that appears to remove the hash. However, may still be handy if device is seized and examined early.
Example bcrypt hash [PIN - 1234]: $2a$06$hJJsu8Yb5tlJtsQzMX3ZJu9u6JIiZaoq60U2AbBpx57CImBDrx15q
Iterations = 6
Salt = $2a$06$hJJsu8Yb5tlJtsQzMX3ZJu
Password hash = 9u6JIiZaoq60U2AbBpx57CImBDrx15q
I have some test memories.db so that you can test the script (one db which contains the hash, and one without for error checking via script).
My Discord is AeroDai#1361 and I'm on the Forensic Discord server.