SQLite mischief (password stealing) via custom DLL

Published on August 20th, 2011 by Hypn. Filed under hacks, programming

There’s a (Windows) program I use that stores it’s data in SQLite files… password protected SQLite files… and I’d really like to take a look inside of them. I’ve tried looking for the password as an embedded text string, I’ve tried decompiling the .Net code (with Reflector – but it’s obfuscated), and I’ve tried attaching a debugger and stepping through tons of ASM code, but still haven’t been able to find the password.

During a mild case of insomnia I had another thought on cracking/bypassing SQLite password protection: what if (in the case where the app uses a .dll file, rather than statically linking the library) I just downloaded the SQLite source code, added “logging” of sorts to each of the main functions (“login”, executing queries, etc), compiled it, and replaced the application’s version with mine – the DLL would basically just output the database’s password for me, in plain text, perfect for opening it with something like SQLiteSpy :D

About

2 Responses to “SQLite mischief (password stealing) via custom DLL”

  1. kioskzone

    November 15th, 2011 at 3:24 am

    Did it work ? Can you send me the dll ?
    Best regards

    JM

  2. Hypn

    December 22nd, 2011 at 11:35 pm

    Nope, I’m afraid I never got around to it :/

Leave a Reply

You must be logged in to post a comment.

Copyright © 2012 Hypn.za.net

CSS Template By RamblingSoul | WordPress Theme by Theme Lab and Best Hosting.