Originally Posted by Frantch
Well yes that's a good news . I will have some free time tho weekend. I will try to go through Whatsapp code and play around with the key to understand how it get generate.
The actual cipher key (for encryption and decryption) is not generated locally. It's generated by WhatsApp's server. The generation process is clearly not random and is being hashed using the information contained within the first 67 bytes of the database. Bytes 0-3 is padding. Bytes 3-35 contain a challenge key which is randomly generated by the app. Bytes 35-51 contain a sha generation key that is seeded against your gmail to create a sha (comparison) challenge. Bytes 51-67 contain the IV (again this is randomly generated, but one half of the crypto challenge at least).
As far as I can tell the sha challenge is for internal use only and is what prevents you from importing a crypt file belonging to another account (similar to crypt5, but instead of md5 they use sha-256).
private static byte getRandom(int i) throws NoSuchAlgorithmException
byte B = new byte[i];
Calling this and asking for 16 bytes will give you a randomly generated seed which is one half of the sha challenge (this is what is stored in bytes 51-67). The other half is your gmail.
private static byte getShaChallenge(String gMail, byte challengeSha) throws NoSuchAlgorithmException, UnsupportedEncodingException
MessageDigest locMessageDigest = null;
MessageDigest shaMessageDigest = MessageDigest.getInstance("SHA-256");
locMessageDigest = shaMessageDigest;
byte challengeBytes = gMail.getBytes("UTF-8");
int i = challengeBytes.length;
byte challengeFinalBytes = new byte[i + challengeSha.length];
System.arraycopy(challengeBytes, 0, challengeFinalBytes, 0, challengeBytes.length);
System.arraycopy(challengeSha, 0, challengeFinalBytes, i, challengeSha.length);
Call the above and feed in your gmail and sha seed. This will produce the sha challenge. If you move a database from one device to another the gmail will be different so the resulting hash will not match up. As I said, the above challenge is for internal use only, but the seed itself may perhaps being used to keygen the cipher key along with the challenge key and / or iv. Unfortunately, we have no access to WhatsApp's server so we have no idea what their hashing routines are, or if they're seeding or not (and if they are, what that seed is). What I can tell you is that your telephone number and/or jabber id (more or less the same thing) is not being used to seed. This is because I manipulated two installs of WhatsApp to return the same cipher, based on the information in the backup file only. This was in crypt6 so I may have to re-test with crypt7 though I think crypt7 is just the final version of crypt6 ready for the next stable release. In a nutshell, if you want to figure out how the cipher keys are being generated you will a) have to get very lucky (several billion hashes later my luck is still out) or b) hack WhatsApp's server for the hashing routines (not recommended). The first 67 bytes of the crypt file are all WhatsApp's server need to generate the valid cipher. Unless you, I or anybody else can reproduce what they're doing online then crypt6 and crypt7 will remain secure for non-rooted users of WhatsApp.
Just thought I would save you some time getting lost in smali this weekend.