WhatsApp E2E Decryption not successful

[JSchimmelpfennig]

I created a new WhatsApp E2E backup on my phone. I used the 64-digit key and get an error, that the decryption is not successful.

julian@julian-ubuntu-vm:~$ file  /home/julian/Downloads/msgstore.db.crypt15
/home/julian/Downloads/msgstore.db.crypt15: data
julian@julian-ubuntu-vm:~$ ls -liha /home/julian/Downloads/msgstore.db.crypt15
1073397 -rw-rw-r-- 1 julian julian 58M Dez 10 23:10 /home/julian/Downloads/msgstore.db.crypt15

Program output using -v and -f

julian@julian-ubuntu-vm:~$ decrypt14_15 64charkeyinplaintexthere /home/julian/Downloads/msgstore.db.crypt15 -v
[V] Reading keyfile...
[I] Crypt15 / Raw key loaded
[V] Key(key: 64bitkeyinplaintexthere )
[V] Not a Crypt12 file, or corrupted
[V] Parsing database header...
[V] WhatsApp version: 2.23.14.79
[V] Your phone number ends with XX
[I] Database header parsed
[V] Checksum OK (dd6b374b10514d6b6f280cabed52dd33). Decrypting...
[E] Authentication tag mismatch: MAC check failed.
    This probably means your backup is corrupted.
To bypass checks, use the "--force" parameter
julian@julian-ubuntu-vm:~$ decrypt14_15 64charkeyinplaintexthere/home/julian/Downloads/msgstore.db.crypt15 -f
[I] Crypt15 / Raw key loaded
[I] Database header parsed
[E] Authentication tag mismatch: MAC check failed.
    This probably means your backup is corrupted.
[E] I can't recognize decrypted data. Decryption not successful.
    The key probably does not match with the encrypted file.
    Or the backup is simply empty. (check with --force)
[I] Done

**Hexdump of the encrypted DB

85 01 08 01 1A 12 0A 10 BA 0A 14 82 90 F6 74 0F 71 24 1A F0 58 9F A7 DA 22 6D 0A 0A 32 2E 32 33 2E 31 34 2E 37 39 1A 02 35 30 20 00 28 01 30 01 38 01 40 01 48 01 50 01 58 01 60 01 68 01 70 01 78 01 80 01 01 88 01 01 90 01 01 98 01 01 A0 01 01 A8 01 01 B0 01 01 B8 01 01 C0 01 01 C8 01 01 D0 01 01 D8 01 01 E0 01 01 E8 01 01 F0 01 01 F8 01 01 80 02 01 88 02 01 90 02 00 98 02 01 A0 02 01 A8 02 01 B8 02 01 32 E6 C4 3C 93 12 19 44 F1 98 9B 2E 50 56 A6 EF C9 16 C7 5B AA 03 D6 18 2A 8A CD D4 59 81 85 21 D4 B2 97 5D 30 67 4E 4D 5B FC 45 65 DC 0A 70 9F D6 B8 A1 26 F1 B0 9A 62 60 78 DF FD 9A A0 BB C9 04 EB EC D3 83 77 35 54 DA 30 73 45 96 63 53 2F DD F2 54 CF 25 F3 D8 47 B2 BE F7 3A DF 39 50 A6 09 8C 74 FE B9 DE B3 42 C3 86 54 D6 FD 15 7D 5A 2E E7 13 25 2F 58 37 40 1E

Additional context I'm 100% that the key works. I deleted the old Google Drive Backup and created a new one to avoid that something is wrong with the key (because was there for the backup of my old phone as well.

Thank you in advance for any help!

[aviv926]

It seems that your Whatsapp version is old WhatsApp version: 2.23.14.79 This is a version from 6 months ago Have you tried updating a version and taking a backup? Maybe it's related? In addition, have you tried with -force?

[JSchimmelpfennig]

I tried it now again and it worked. WhatsApp was up-to-date two weeks ago as well, but now it is shown in the database file as well. Thank you!

julian@julian-Virtual-Machine:~/.local/bin$ ./decrypt14_15 -v 64charkeyinplaintexthere/home/julian/Downloads/msgstore.db.crypt15 [V] Reading keyfile... [I] Crypt15 / Raw key loaded [V] Key(key: 64charkeyinplaintexthere) [V] Not a Crypt12 file, or corrupted [V] Parsing database header... [V] WhatsApp version: 2.23.25.83 [V] Your phone number ends with XX [I] Database header parsed [V] Checksum OK (4aba32258471142ab7ac52c1e50c0f10). Decrypting... [I] Done

[ElDavoo]

That's strange anyway