How to decode WhatsApp crypt8 db-files..

Search This thread

cyb3r

Member
Jun 7, 2004
7
3
get the key from "data/data/com.whatsapp/files/key" once and latest db-backup from "sdcard/Whatsapp/Databases/msgstore.db.crypt8", then execute in bash:

hexdump -e '2/1 "%02x"' key | cut -b 253-316 > tmp/aes.txt
hexdump -e '2/1 "%02x"' key | cut -b 221-252 > tmp/iv.txt
dd if=msgstore.db.crypt8 of=tmp/msgstore.db.crypt8.nohdr ibs=67 skip=1 &> /dev/null
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
gzip -cdq tmp/msgstore.gz >msgstore.db

source: http://party3d.com/2014/12/16/nachste-whatsapp-version-bereits-geknackt/
 

mac_see

Member
Dec 7, 2013
32
0
get the key from "data/data/com.whatsapp/files/key" once and latest db-backup from "sdcard/Whatsapp/Databases/msgstore.db.crypt8", then execute in bash:

hexdump -e '2/1 "%02x"' key | cut -b 253-316 > tmp/aes.txt
hexdump -e '2/1 "%02x"' key | cut -b 221-252 > tmp/iv.txt
dd if=msgstore.db.crypt8 of=tmp/msgstore.db.crypt8.nohdr ibs=67 skip=1 &> /dev/null
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
gzip -cdq tmp/msgstore.gz >msgstore.db

source: http://party3d.com/2014/12/16/nachste-whatsapp-version-bereits-geknackt/

I dont know if I am doing it right. This is what I did:
1. Created a tmp folder in /sdcard
2. Opened adb shell and tried to execute the above
3. Executed the first three commands

On the 4th command, I got an error sh: openssl: not found
When I checked the tmp directory I made, I was able to see the aes.txt (65.00B), iv.txt (33.00B), msgstore.db.crypt8.nohdr (485KB) and msgstore.gz (0.00B)
Screenshots attached.

Appreciate some clarity on the topic. Thank you.
 

Attachments

  • ssl.png
    ssl.png
    11.4 KB · Views: 9,147
  • ssl2.png
    ssl2.png
    34.5 KB · Views: 9,377

albenex

Senior Member
Mar 14, 2013
115
30
Caltagirone (Catania)
Somehow I copied the data/local/ssl to /data/local/ssl on the device.
But not data/local/bin to /system/bin. it says operation failed and in adb shell also it is unable to copy with the CAT command.
Please advice.
i've successfuly made these steps on my rooted 4.4 slimkat rom nexus 5 using Es File Explorer with root (supersu) permissions. check your root and/or your file manager.
 

mac_see

Member
Dec 7, 2013
32
0
i've successfuly made these steps on my rooted 4.4 slimkat rom nexus 5 using Es File Explorer with root (supersu) permissions. check your root and/or your file manager.
Which steps are you referring to? copying data/local/bin to /system/bin or the initial steps in post1 of cyb3r?

---------- Post added at 06:38 AM ---------- Previous post was at 06:35 AM ----------

Your database will most probably be corrupt for the new crypt 8 format. It's not working even if you get the resultant db file after executing the above commands. Sqlite doesn't open the database after decryption.
No. That should not be the reason. I got the resultant db file but with zero bytes. I got msgstore.db.crypt8.nohdr (485KB) and msgstore.gz (0.00B). Please refer the attachment I posted before. For some reason, I am not able to execute the openssl command and for this, I installed the tool suggested by albenex and for that too I am having issues copying data/local/bin to /system/bin. The ssl folder got copied but not the bin
 

mac_see

Member
Dec 7, 2013
32
0
The initial steps in post1 of cyb3r. :) If you know how to do it, please tell me. The resultant database doesn't open in sqlite. You can check it for yourself.

I am confused now and not getting you.

I did the first three steps and when I executed the last step, I got an error sh: openssl: not found on below statement
Code:
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz

dont know how to get this done
 

manowarkdt

Member
Jan 6, 2008
9
0
Doesn't work for me, after all the process the gz file is wrong:

Code:
[email protected]:~# gzip -cdq msgstore.gz >msgstore.db                               
gzip: msgstore.gz: unexpected end of file
Note: I'm working in one PC, uploaded crypt8 file to a folder and NOT working with /tmp/ so my paths are corrects.

Regards
 
Last edited:

louisdraft

Member
Dec 20, 2014
7
0
doubt

I lay on the subject. Where should I put the key and msgstore.db using Cygwin64 on windows? When I try to use the commands , I get the following message: hexdump : key : No such file or directory . If you can help this noob , I would be eternally grateful .
 

louisdraft

Member
Dec 20, 2014
7
0
doubt

Hi , Mali . Thank you for answer. I put in the bin folder and keeps giving error. Is it coz I'm using Windows on the Mac , through bootcamp ? If so , you know you have another way to do this ? by mac maybe.
thank you very much once again.
 

louisdraft

Member
Dec 20, 2014
7
0
doubt

Open command prompt and navigate to the bin folder and execute those commands. Don't do it through cygwin terminal. Do it through command prompt. Make sure openssl is inside the bin folder. Good luck.


I just try the windows prompt and keeps giving error. The openssl is inside the folder, but can not get past the first line.

When you say to navigate to the folder , it would be using the command: "cd C: \ cygwin64 \ bin " and then the commands mentioned in the topic ? they did it and did not work.

Excuse my ignorance and thanks for the help .
 

louisdraft

Member
Dec 20, 2014
7
0
doubt

Yes,
cd C:\cygwin64\bin
without spaces.

What command are you running after this and what error are you getting?

I'm using this: hexdump -e '2/1 "%02x"' key | cut -b 253-316 > tmp/aes.txt

See the images using the 2 programs.
 

Attachments

  • IMG_20141221_243112938.jpg
    IMG_20141221_243112938.jpg
    78.1 KB · Views: 626
  • IMG_20141221_242835492.jpg
    IMG_20141221_242835492.jpg
    79.3 KB · Views: 618

louisdraft

Member
Dec 20, 2014
7
0
doubt

That's why you're getting the error. Do this one by one, copy and paste. :)
hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
hexdump -e '2/1 "%02x"' key | cut -b 221-252 > iv.txt
dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K aes.txt -iv iv.txt > msgstore.gz
gzip -cdq msgstore.gz > msgstore.db

Let me know of the results. :)

Yay! Now is working. Funny, was doing copying the first post . I did not notice any change.

Now it is giving error in this line :
openssl enc -AES -256 - cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K aes.txt -iv iv.txt > msgstore.gz

"non -hex digit
invalid hex iv value "

thank you !!!!!!
 

louisdraft

Member
Dec 20, 2014
7
0
doubt

Giving still the same error .

I'm typing this : openssl enc -AES -256 - cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K aes.txt -iv a9d97adc77efaf9773c6602048d50fa0 > msgstore.gz


this:
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K aes.txt -iv a9d97adc77efaf9773c6602048d50fa0 > msgstore.gz
 
Last edited:

mac_see

Member
Dec 7, 2013
32
0
Do it on your computer. Use cygwin and install openssl. It will work.
I have not cygwin so far but what i tries is this. I Installed openssl-0.9.8k_X64.zip from https://code.google.com/p/openssl-for-windows/downloads/list and then tried the below command and I got an error unknown option 'aex.txt'
Code:
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
error is
Code:
unknown option 'aex.txt'
screenshot attached

What am i doing wrong?
 

Attachments

  • cmd.png
    cmd.png
    93.6 KB · Views: 591

manowarkdt

Member
Jan 6, 2008
9
0
I have not cygwin so far but what i tries is this. I Installed openssl-0.9.8k_X64.zip from and then tried the below command and I got an error unknown option 'aex.txt'
Code:
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
error is
Code:
unknown option 'aex.txt'
screenshot attached

What am i doing wrong?

You forgot the $ before (cat tmp/aes.txt) that's because you get "unknown option 'aes.txt)

Regards
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    get the key from "data/data/com.whatsapp/files/key" once and latest db-backup from "sdcard/Whatsapp/Databases/msgstore.db.crypt8", then execute in bash:

    hexdump -e '2/1 "%02x"' key | cut -b 253-316 > tmp/aes.txt
    hexdump -e '2/1 "%02x"' key | cut -b 221-252 > tmp/iv.txt
    dd if=msgstore.db.crypt8 of=tmp/msgstore.db.crypt8.nohdr ibs=67 skip=1 &> /dev/null
    openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
    gzip -cdq tmp/msgstore.gz >msgstore.db

    source: http://party3d.com/2014/12/16/nachste-whatsapp-version-bereits-geknackt/