FORUMS

Decrypting WhatsApp crypt8 >= v2.12.38

171 posts
Thanks Meter: 156
 
By TripCode, Senior Member on 16th April 2015, 03:09 AM
Post Reply Email Thread
Since WhatsApp v2.12.38, it's no longer possible to take the initialization vector from the key file, in order to decrypt crypt8 backup files. This is because the iv now gets replaced with zeros. You should instead extract the iv from the crypt8 file itself.

Purpose: Decrypting WhatsApp crypt8 >= v2.12.38
By: TripCode
Date: 15th April 2015

Example:

Code:
hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
hexdump -n 67 -e '2/1 "%02x"' msgstore.db.crypt8 | cut -b 103-134 > iv.txt
dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K $(cat aes.txt) -iv $(cat iv.txt) > msgstore.gz
gzip -cdq msgstore.gz > msgstore.db
Source: http://pastebin.com/YCqBASrR
The Following 4 Users Say Thank You to TripCode For This Useful Post: [ View ] Gift TripCode Ad-Free
16th April 2015, 03:40 AM |#2  
Abinash Bishoyi's Avatar
Junior Member
Thanks Meter: 4
 
Donate to Me
More
Thanks man, I was about to reach you for the same. You just read my mind!
16th April 2015, 03:44 AM |#3  
OP Senior Member
Thanks Meter: 156
 
More
Quote:
Originally Posted by Abinash Bishoyi

Thanks man, I was about to reach you for the same. You just read my mind!

No worries! As this is in the betas this could be the future crypt9. Time will tell.
16th April 2015, 03:49 AM |#4  
Abinash Bishoyi's Avatar
Junior Member
Thanks Meter: 4
 
Donate to Me
More
I'm getting lots of complain about the Samsung mobile is not able to use this tool. As I have analyzed it is because of the Samsung encrypt the adb backup, do you have any work around for the same? Please let me know, there are lots of pending email to reply

---------- Post added at 02:49 AM ---------- Previous post was at 02:45 AM ----------

Quote:
Originally Posted by TripCode

No worries! As this is in the betas this could be the future crypt9. Time will tell.

Yeah, day by day life is getting harder with all these WhatsApp updates.
16th April 2015, 03:54 AM |#5  
OP Senior Member
Thanks Meter: 156
 
More
Do you mean the device is encrypted so the backups are also?
16th April 2015, 05:19 AM |#6  
Junior Member
Thanks Meter: 1
 
More
sample me
17th April 2015, 05:17 AM |#7  
Abinash Bishoyi's Avatar
Junior Member
Thanks Meter: 4
 
Donate to Me
More
Quote:
Originally Posted by TripCode

Since WhatsApp v2.12.38, it's no longer possible to take the initialization vector from the key file, in order to decrypt crypt8 backup files. This is because the iv now gets replaced with zeros. You should instead extract the iv from the crypt8 file itself.

Purpose: Decrypting WhatsApp crypt8 >= v2.12.38
By: TripCode
Date: 15th April 2015

Example:

Code:
hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
hexdump -n 67 -e '2/1 "%02x"' msgstore.db.crypt8 | cut -b 103-134 > iv.txt
dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K $(cat aes.txt) -iv $(cat iv.txt) > msgstore.gz
gzip -cdq msgstore.gz > msgstore.db
Source: http://pastebin.com/YCqBASrR

Have you update the Omni-Crypt to the same? or do you still need these work around. Today I have updated the Omni-Crypt and it is able to decrypt the db using the old key.
17th April 2015, 09:06 AM |#8  
Eshi's Avatar
Member
Thanks Meter: 18
 
More
Quote:
Originally Posted by Abinash Bishoyi

Have you update the Omni-Crypt to the same? or do you still need these work around. Today I have updated the Omni-Crypt and it is able to decrypt the db using the old key.

I also updated the app and it is working for me too.
17th April 2015, 10:27 AM |#9  
OP Senior Member
Thanks Meter: 156
 
More
Quote:
Originally Posted by Abinash Bishoyi

Have you update the Omni-Crypt to the same? or do you still need these work around. Today I have updated the Omni-Crypt and it is able to decrypt the db using the old key.

Quote:
Originally Posted by Eshi

I also updated the app and it is working for me too.

Omni-Crypt was updated for this change in version 1.7. The latest version is now 1.9.
The Following 3 Users Say Thank You to TripCode For This Useful Post: [ View ] Gift TripCode Ad-Free
17th April 2015, 03:20 PM |#10  
Abinash Bishoyi's Avatar
Junior Member
Thanks Meter: 4
 
Donate to Me
More
Quote:
Originally Posted by TripCode

Omni-Crypt was updated for this change in version 1.7. The latest version is now 1.9.

You're awesome!
The Following 2 Users Say Thank You to Abinash Bishoyi For This Useful Post: [ View ] Gift Abinash Bishoyi Ad-Free
19th April 2015, 08:15 PM |#11  
Junior Member
Thanks Meter: 0
 
More
Smile Decrypt database
They can use this application to display messages directly on your phone..

Decrypt database for whatsapp in the play store
Post Reply Subscribe to Thread

Tags
crypt8, decode, decrypt, extract, whatsapp

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes