Hi! I use a hexedit tool to open a sqlcipher database, and change a little information in Hex mode.I found even a little information has been tampered, the whole databases can not been used! I know sqlcipher use hmac to hash every encrypted pages, so I am thinking that if I execute a SQL comand that doesn’t need to traverse the tampered pages, can I get the expected result？
note:I have tried some SQL commands, but all report “file is not a database”
Hello @yep_zhang, that is correct, if you execute a statement that does not load a tampered page SQLCipher will not trigger an error.
The most likely reason you are seeing an error with your test is that you are manipulating the front of the database:
- The first 16 bytes are used for KDF salt, corruption in that segment can render the entire database unreadable, since an incorrect encryption key will be derived for the database.
- The first few pages are accessed every time a database is opened because they contain metadata, schema, indexes, etc. Corruption of those pages will therefore always result in an HMAC check failure.
Thanks! You are right, and I find I manipulate the first page.