Update the new crypt 14 offset!

B16f00t / whapa

WhatsApp Parser Toolset v1.59

1.1k stars 258 forks source link

Update the new crypt 14 offset! #147

Closed mrmc-mc closed 2 years ago

mrmc-mc commented 2 years ago

I think in the new version of whatsapp[my version: 2.21.23.23], encoding of key and database files has been changed. As a result, the offset position has also changed.

I use latest version of repository for decrypt .crypt14 file (several times) and every time I got an error . I'm sure the files are correct

Error ;

Error -3 while decompressing data: incorrect header check

Eligio-Cazo commented 2 years ago

The encryption of crypt14 is not correct, I have it done in python in case you are interested.

mrmc-mc commented 2 years ago

The encryption of crypt14 is not correct, I have it done in python in case you are interested.

Yes, Sure. Please let us know how you did

Eligio-Cazo commented 2 years ago

In def encrypt14 You need change header = db_cript_data[0:191] iv = db_cript_data[67:83] and remove 'iv' in fh.write(header +iv+ aes.encrypt(zlib.compress(data)) + footer)

in def decryp14 only chage header = db_cript_data[0:191] iv = db_cript_data[67:83]

mrmc-mc commented 2 years ago

In def encrypt14 You need change header = db_cript_data[0:191] iv = db_cript_data[67:83] and remove 'iv' in fh.write(header +iv+ aes.encrypt(zlib.compress(data)) + footer)

in def decryp14 only chage header = db_cript_data[0:191] iv = db_cript_data[67:83]

in the current decrypt14 function :

        data = db_data[191:]
        iv = db_data[67:83]
        aes = AES.new(key, mode=AES.MODE_GCM, nonce=iv)
        with open(path, "wb") as fh:
            fh.write(zlib.decompress(aes.decrypt(data)))

header detached in the 191-byte positon Where it should change according to you?

B16f00t commented 2 years ago

If the scripts works, you can propose to make a pull request to fix the issue

Eligio-Cazo commented 2 years ago

Changes must be made in whacipher.py file The encrypt14 function is missing, the code can be copied from the decryp12 function and make the changes so that encrypt with crypt14 works as well

mrmc-mc commented 2 years ago

Changes must be made in whacipher.py file The encrypt14 function is missing, the code can be copied from the decryp12 function and make the changes so that encrypt with crypt14 works as well

The file I am trying to decrypt was created and encrypted by WhatsApp itself and taken from the database folder: /sdcard/Whatsapp/Databases/msgstore.db.crypt14. If your code works properly And decrypts .crypt14 file correctly, please share it with us with more details

Eligio-Cazo commented 2 years ago

I have posted a version to encrypt and decrypt crypt14, it is a compilation of several versions that I found to encrypt and decrypt crypt14. In May 2021 the offset of the file was changed. The comments on the file are in Spanish, sorry.

https://github.com/Eligio-Cazo/Desencriptar_crypt14

Mrakobes666 commented 2 years ago

I replaced a piece of code in the file "whacipher.py" but still

Error -3 while decompressing data: incorrect header check

Baneeishaque commented 2 years ago

The issue remains, please reopen.