search

ElDavoo / wa-crypt-tools

Manage WhatsApp .crypt12, .crypt14 and .crypt15 files.
GNU General Public License v3.0
636 stars 82 forks source link

Can't decrypt #135

Closed SS-035 closed 3 months ago

SS-035 commented 3 months ago

Hexdump of your key file

0000000 edac 0500 7275 0200 425b f3ac f817 0806
0000010 e054 0002 7800 0070 0000 0e20 3bd7 fcf4
0000020 1a7a 6283 2f90 11d0 1c4c 3d67 1d7f d936
0000030 3ac7 32f2 9b2e a17a 4320 000e
000003b

**Hexdump of the encrypted DB

0000000 0184 0108 121a 100a 0412 bb1f 13dc 50cf
0000010 ef65 524e 0436 ccbb 6c22 090a 2e32 3432
0000020 362e 372e 1a37 3302 2039 2801 3001 3801
0000030 4001 4801 5001 5801 6001 6801 7001 7801
0000040 8001 0101 0188 9001 0101 0198 a001 0101
0000050 01a8 b001 0101 01b8 c001 0101 01c8 d001
0000060 0101 01d8 e001 0101 01e8 f001 0101 01f8
0000070 8001 0102 0288 9001 0102 0298 a001 0102
0000080 02a8 b801 0102 b1e1 62f6 b43a 7f53 89b0
0000090 3ad3 bdc7 6ab0 f335 74c0 2606 c4cd 5fcd
00000a0 614f aa16 58c1 b97c 67b8 afba 5988 c505
00000b0 1b09 9c6f fb73 88c5 436b da61 ac42 8659
00000c0 8d89 5b9e 2f4c be1b dd7f 9133 ce35 c7da
00000d0 aafd 26c7 d487 c107 4b1b d75e 9e68 ea0c
00000e0 f1f5 5263 2e90 a067 0a6b 0449 10e3 05d2
00000f0 e47f fedd 404c b80c 81b9 1108 5f0d f81d
0000100

Screenshots NA

Program output using -v and -f

keyfactory.py:31        : [D] Reading keyfile...
key15.py:47     : [D] Root key: 0ed73bf4fc7a1a8362902fd0114c1c673d7f1d36d9c73af2322e9b7aa120430e
key15.py:51     : [I] Crypt15 / Raw key loaded
wadecrypt.py:235        : [D] Key15(key: 0ed73bf4fc7a1a8362902fd0114c1c673d7f1d36d9c73af2322e9b7aa120430e)
dbfactory.py:41         : [D] Parsing database header...
dbfactory.py:75         : [D] WhatsApp version: 2.24.6.77
dbfactory.py:78         : [D] Your phone number ends with 39
dbfactory.py:128        : [D] Crypt15 info:
Header information in your crypt15 file:IV: 12041fbbdc13cf5065ef4e523604bbcc
Key type: 1
WhatsApp version: 2.24.6.77
The last two numbers of the user's Jid: 39
Backup version: 1
Features: [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39]
Max feature number: 39

db15.py:132     : [D] Checksum OK (a2c5e721d41dcf4ad632b6d50fcaa61a). Decrypting...
db15.py:155     : [E] Authentication tag mismatch: MAC check failed.
    This probably means your backup is corrupted.
wadecrypt.py:260        : [E] I can't recognize decrypted data. Decryption not successful.
    The key probably does not match with the encrypted file.
    Or the backup is simply empty. (check with --force)
wadecrypt.py:271        : [I] Done

Additional context I used a password for E2E. Whenever I tried to restore using Whatsapp UI, it always failed after some time. I got the key but still can't decrypt it. I had some legal documents within those messages. 😭

ElDavoo commented 3 months ago

Hi, sorry but

Whenever I tried to restore using Whatsapp UI, it always failed after some time.

This confirms your backups are corrupted.

I can't recognize decrypted data.

Means that nothing is recoverable.

I had some legal documents within those messages. 😭

The attachments themselves are not stored in the msgstore.db file, only messages are there.