Passively read messages from Snapchat Android databases. This has worked since at the latest 2021 and works as of 20230609 for groups as well as individual conversations. As protocol buffers are designed with forward-compatibility in mind, it is unlikely that this will stop working for quite a while.
On Android, Snapchat stores all messages, read or not, in a binary field containing a protobuf message in a SQLite3 database. Using protobuf-inspector, I reversed the message format so I could get a readout of Snapchat messages in my terminal.
To read messages yourself, you will need to copy the following files from your phone. This will almost certainly require root access.
/data/data/com.snapchat.android/databases/arroyo.db* # messages
/data/data/com.snapchat.android/databases/main.db* # contactsTemporary files (*-shm, *-wal) can be cleaned up with
$ sqlite3 arroyo.db 'vacuum;'To dump your contact/friend data to a JSON file, run
$ python research/dump-contacts main.dbTo actually display a conversation, you'll need the conversation_client_id associated with it.
Browse the conversation table in arroyo.db with sqlite3 or sqlitebrowser
to find the appropriate UUID.
Once you have your contacts.json and client conversation id, simply run
$ python -m snapreader arroyo.db contacts.json <CCID>I've only reversed and implemented the bare minimum subset of the conversation message protobuf description
necessary for my own ends. If you'd like to continue reversing where I left off, install protobuf-inspector and dump all your message content blobs with research/dump-message-blobs. Then, in the same directory as protobuf_config.py, run
$ protobuf_inspector < BLOB_PATH
Read more about the process on the protobuf-inspector homepage. After identifying more fields, you can update
content.proto, an actual protobuf message definition and compile it for any language with protoc.
You can also find already-decrypted picture and video snaps here:
/data/data/com.snapchat.android/files/native_content_manager/* # decrypted snap videos/images