Using a manually transcribed hex key to decrypt my files doesn't work

[julienthevenoz]

Hi. I'm trying to decrypt my cryp14 files here. I got the key from whatsapp (screenshot) which I then transcribed in a whatsapp_hex.txt file.

When I try to run from the terminal wadecrypt 'cat whatsapp_hex.txt' WA_Backups/Databases/msgstore-2024-11-06.1.db.crypt14 chats.db I get keyfactory.py:43 : [C] The keyfile is not a valid Java object: Invalid file magic: 0x3763 keyfactory.py:55 : [C] Unrecognized key file format. Traceback (most recent call last): File "/home/julien/.local/bin/wadecrypt", line 8, in sys.exit(main()) File "/home/julien/.local/lib/python3.10/site-packages/wa_crypt_tools/wadecrypt.py", line 238, in main cipher = AES.new(key.get(), AES.MODE_GCM, db.get_iv()) AttributeError: 'NoneType' object has no attribute 'get'

I have read the following issue https://github.com/ElDavoo/wa-crypt-tools/issues/42 and tried to apply the answers, but the script utils/hex_string_to_encrypted_backup_key.py brings me to "404 - page not found" I also can't find an example of using the key directly in the command line.

Finally when I try to use the third option (shell trick to read the file and use it as it was a parameter) from the terminal like this : wadecrypt 'cat whatsapp_hex.txt' WA_Backups/Databases/msgstore-2024-11-06.1.db.crypt14 chats.db I get keyfactory.py:23 : [C] The key file specified does not exist. If you tried to specify the key directly, note it should be 64 characters long and not 21 characters long. Traceback (most recent call last): File "/home/julien/.local/bin/wadecrypt", line 8, in sys.exit(main()) File "/home/julien/.local/lib/python3.10/site-packages/wa_crypt_tools/wadecrypt.py", line 238, in main cipher = AES.new(key.get(), AES.MODE_GCM, db.get_iv()) AttributeError: 'NoneType' object has no attribute 'get'

and yes I checked my hex key, it is 64 characters long, not 21.

[julienthevenoz]

Update : I tried wadecrypt $(cat whatsapp_hex2.txt) WA_Backups/Databases/msgstore-2024-11-06.1.db.crypt14 chats.db and I get keyfactory.py:46 : [I] The keyfile could not be opened. key15.py:54 : [I] Crypt15 / Raw key loaded db14.py:232 : [E] Authentication tag mismatch: MAC check failed. This probably means your backup is corrupted. wadecrypt.py:261 : [E] I can't recognize decrypted data. Decryption not successful. The key probably does not match with the encrypted file. Or the backup is simply empty. (check with --force) wadecrypt.py:271 : [I] Done

(same output with --force)

But I doubt that it is actually corrupted since when I log out and back in of whatsapp on my phone, it manages to reload all the chats. Help ? Also, I wouldn't mind sending you my files over telegram to see if you could decrypt them for me

[hahn23]

Hi,

as for my understanding, what you are trying is the way to decrypt an crypt15 db file. Because when you set the end to end hex hash in whatsapp as your backup protection key, it afterwards creates the crypt15 db files.

To decrypt crypt14 files you would need the key file from the (protected if no root) data folder of whatsapp. Or basicly with an trick using an older apk file and adb backup function (google it, it works still very good).

But honestly, for the simplest way, create an end to end backup key and pull the crypt15 db files from your phone and you are good to go. It is in my opinion the best way so far with very little afford.

[julienthevenoz]

@hahn23 Thanks for your answer. I'm surprised by what you said, because I did create an end to end backup key and when I went into the Backups folder of my phone, I only saw crypt14 files, not crypt15. Are the crypt15 files supposed to be in a different location on the phone ?

[ElDavoo]

I did create an end to end backup key

But you didn't backup after you created the key.