Error -3 while decompressing data: incorrect header check (after crypt14 update)

[maiqueg]

Around 1 May, Whatsapp began to use crypt14 instead of crypt12 on the msgstore.db backup.

Since then I'm getting this error when trying to decrypt:

[i] Starting to decrypt...
[e] An error has ocurred decrypting 'msgstore.db.crypt14' -  Error -3 while decompressing data: incorrect header check

I saw that the key is exactly the same used for crypt12, maybe only the decrypt method that changed? Any ideas?

[Roly855]

I have exactly the same problem, some help please. Thank you very much in advance

[ElDavoo]

Offsets need to be updated. Take a look at:

andreas-mausch/whatsapp-viewer#114 (comment)

the following code results:

andreas-mausch/whatsapp-viewer@7035b9c

[Roly855]

Thanks a million ElDavoo!!!!

[maiqueg]

I've opened a pull request with the new offsets, but only for decryption.

97

[B16f00t]

Thanks to @ElDavoo for look for the problem and @maiqueg for the fix.

[ElDavoo]

Did your offset change again in this night's backup? I noticed IV now starts at byte 67, but don't know about the rest.

[ElDavoo]

The new offsets are:

data = db_data[191:] iv = db_data[67:83]

"Server salt" also changes from byte 14 to byte 15, but... you don't use server salt in your code ?? wtf? Can someone explain plz?

Not opening a pull request because I think this needs to be further improved: Format may change again in the future, users might be able to input their own offsets, there should be a list of offsets to try, and so on.

[ElDavoo]

The new offsets are:

data = db_data[191:] iv = db_data[67:83]

@B16f00t