SnapChat My Eyes Only PIN Bruteforce

[InvertReality]

Script to brute-force SnapChat My Eyes Only PIN

Memories.db stores the PIN hash in the 'memories_meo_confidential' table - 'hashed_passcode' column as a bcrypt hash.

Memories.db will only be available/contain a hashed passcode if the user has entered the MEO PIN code while connected to the internet. During my testing, when logging out of SnapChat, the memories.db database was deleted/no longer accessible. Memories.db was re-created upon login, but the hashed_passcode column was empty until I entered the MEO PIN code while connected to the internet.

It seems that once the PIN code is verified online initially, and a bcrypt hash is created and stored offline within Memories.db, the user may then enter the PIN to access MEO folder offline (the hash will be cached for an undetermined period of time - this may be the same as the 60 day timeout reported on the Forensics Discord server for media).

memories.db/hash is persistent through power off/on states. Logout and x days is the only thing that appears to remove the hash. However, may still be handy if device is seized and examined early.

Example bcrypt hash [PIN - 1234]: $2a$06$hJJsu8Yb5tlJtsQzMX3ZJu9u6JIiZaoq60U2AbBpx57CImBDrx15q

Iterations = 6 Salt = $2a$06$hJJsu8Yb5tlJtsQzMX3ZJu Password hash = 9u6JIiZaoq60U2AbBpx57CImBDrx15q

I have some test memories.db so that you can test the script (one db which contains the hash, and one without for error checking via script).

My Discord is AeroDai#1361 and I'm on the Forensic Discord server.