|
|
|
|
|
|
by shittyadmin
2706 days ago
|
|
|
Yeah, this sounds like an interesting reverse engineering challenge, do you need any special accounts to use Mendeley or can it be freely installed by anyone? It'd likely just be a hard-coded key, you wouldn't want to restrict people from copying their own databases around... probably. |
|
|
I ended up adapting some code that scans an OSX process for AES key schedules and prints any keys that it finds (caveat - sqlite3 rolls its own AES and the key schedule ends up byte-swapped in memory).
I also had to write some Go code to decrypt the sqlite3 database file. There is code to read an encrypted database buried in sqlite3's revision history, but it's an old enough version of sqlite3 that it didn't understand dropbox's schema.