search

ElDavoo / wa-crypt-tools

Manage WhatsApp .crypt12, .crypt14 and .crypt15 files.
GNU General Public License v3.0
583 stars 78 forks source link

Can't decrypt #16

Closed martinodonnell closed 2 years ago

martinodonnell commented 2 years ago

Hexdump of the encrypted DB

od -t x1 -N 256 msgstore.db.crypt14
0000000    bc  01  08  00  12  4d  0a  02  00  01  12  01  33  1a  20  41
0000020    48  94  ac  88  da  17  a4  b9  49  22  08  c9  1d  86  d8  ba
0000040    b0  95  b5  b0  b0  0f  20  bf  5f  73  ae  20  4c  c5  e4  22
0000060    10  c6  96  d0  e8  1f  eb  db  3a  f8  1e  2f  f7  77  29  0b
0000100    f0  2a  10  9f  72  e1  cd  97  e5  33  d4  69  97  40  eb  a7
0000120    24  9b  8e  22  69  0a  09  32  2e  32  32  2e  37  2e  37  31
0000140    1a  02  32  35  20  00  28  01  30  01  38  01  40  01  48  01
0000160    50  01  58  01  60  01  68  01  70  01  78  01  80  01  01  88
0000200    01  01  90  01  01  98  01  01  a0  01  01  a8  01  01  b0  01
0000220    01  b8  01  01  c0  01  01  c8  01  01  d0  01  01  d8  01  01

Program output using -v and -f

Normal

➜  WhatsApp2iOS python3 WhatsApp-Crypt14-Decrypter/decrypt14_15.py key msgstore.db.crypt14 msgstore.db -vf

[V] Reading keyfile...
[E] Invalid keyfile: Unsupported key version 03
[I] Crypt12/14 key loaded
Traceback (most recent call last):
  File "./coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 652, in <module>
    main()
  File "./coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 627, in main
    print(key)
  File "/.coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 156, in __str__
    self.key_version.hex(), self.googleid.hex())
AttributeError: 'NoneType' object has no attribute 'hex'

Force

➜  WhatsApp2iOS python3 WhatsApp-Crypt14-Decrypter/decrypt14_15.py key msgstore.db.crypt14 msgstore.db -vf --force

[V] Reading keyfile...
[E] Invalid keyfile: Unsupported key version 03
[I] Crypt12/14 key loaded
Traceback (most recent call last):
  File "/.coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 652, in <module>
    main()
  File "./coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 627, in main
    print(key)
  File "./coding/WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 156, in __str__
    self.key_version.hex(), self.googleid.hex())
AttributeError: 'NoneType' object has no attribute 'hex'

Additional context My android phone doesn't connect to a laptop so I used an emulator from android studio to spin up a Pixel_3a_API_30_x86 device.

I installed version 2.22.7.71 of WhatsApp on the device by downloading it from their website and dragging it onto the emulator. I then logged in and took my backup from google drive.

To get the key and msgstore.db.crypt14 file off the emulator, I used android studio and used the device file explorer - stackoverflow post

I am using Python 3.9.6

I am following the guide by @tim25651 from here to use @residentsummer watio tool

ElDavoo commented 2 years ago

Whoops. Did I really forget to delete print(key) from main?

You can just use a previous commit https://github.com/ElDavoo/WhatsApp-Crypt14-Crypt15-Decrypter/tree/2e146c69e3dfdda3b17a1ddac4962130b8d75c37 while I fully wake up and fix whatever I've done

ElDavoo commented 2 years ago

Or, easier, delete lines 627 and 628 (i forgot to remove them before committing!!!)

ElDavoo commented 2 years ago

There you go. Apologies for any disruption. This is why #10 is needed haha

martinodonnell commented 2 years ago

@ElDavoo Thanks. That worked!

How can I go about buying you a coffee?

ElDavoo commented 2 years ago

Thank you! ❤️ Just a star is enough for now :) I also have no idea on how to as I never donated/received on github

martinodonnell commented 2 years ago

@ElDavoo I'll come back and write some tests for you once I work out how to get media from android to IOS

Thanks!

ElDavoo commented 2 years ago

Thanks! I still have to fix str() properly though

martinodonnell commented 2 years ago

Sorry, got carried away!

ElDavoo commented 2 years ago

Ok I am fully operative now.

@ElDavoo Thanks. That worked!

Did it? It... shouldn't :)

self.key_version.hex(), self.googleid.hex()) AttributeError: 'NoneType' object has no attribute 'hex'

That means that your key_version and/or your googleid is None, which means you must have had some warnings about the key (?) Did you have to use --force? Can you plz send logs?

ElDavoo commented 2 years ago

That means that your key_version and/or your googleid is None

Only the key_version actually as the googleid is checked before

ElDavoo commented 2 years ago

Can you also send the first 32 bytes of your key file please? od -t x1 -N 32 key That will be: 1) The Java bytes[] deserialization header, just to see if it's the same with standard ones 2) Cipher version 3) Key version 4) First two bytes of server salt (just in case the key got somehow longer than usual)

So no sensitive material

Thank you very much

ElDavoo commented 2 years ago

Ok, looks like you posted it and then edited the post. Be more careful next time: the post history is public! I've deleted the revisions containing the key for you.
So it looks like Whatsapp started pushing version 3 of the key. However, nothing changes, and you said the program worked, so I think just adding \x03 to supported_key_versions will be enough. Thank you for the issue :)

ElDavoo commented 2 years ago

Ok Martin please confirm that the program works in the latest commit without using --force, thank you.

martinodonnell commented 2 years ago

Sorry for the delay, different time zones

Did it? It... shouldn't :)

I think I may have been wrong. I used the previous commit rather than delete the lines and the msgstore.db was created. Looking back now, the file was empty!

Ok, looks like you posted it and then edited the post. Be more careful next time: the post history is public! I've deleted the revisions containing the key for you. So it looks like Whatsapp started pushing version 3 of the key. However, nothing changes, and you said the program worked, so I think just adding \x03 to supported_key_versions will be enough. Thank you for the issue :)

I did post it and decided to remove it as I didn't think you would need it. I knew it was easy enough to create a new one and didn't really know how to send it the correct way.

Might be a good idea to add the od -t x1 -N 32 key command to your issues template

Current Key File

0000000    ac  ed  00  05  75  72  00  02  5b  42  ac  f3  17  f8  06  08
0000020    54  e0  02  00  00  78  70  00  00  00  83  00  01  03  41  48
0000040

Ok Martin please confirm that the program works in the latest commit without using --force, thank you.

I have updated main and ran the new code. This error occurred

WhatsApp2iOS python3 WhatsApp-Crypt14-Decrypter/decrypt14_15.py key msgstore.db.crypt14 msgstore.db -vf

[V] Reading keyfile...
[I] Crypt12/14 key loaded
[V] Parsing database header...
[V] WhatsApp version: 2.22.7.71
[V] Your phone number ends with ..
[I] Database header parsed
Traceback (most recent call last):
  File "./WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 658, in <module>
    main()
  File "./WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 640, in main
    cipher = parse_protobuf(key=key, encrypted=args.encrypted)
  File "./WhatsApp2iOS/WhatsApp-Crypt14-Decrypter/decrypt14_15.py", line 525, in parse_protobuf
    return AES.new(key.key, AES.MODE_GCM, iv)
AttributeError: module 'Crypto.Cipher.AES' has no attribute 'MODE_GCM'

Looking through some docs, I found that that MODE_GCM is no longer supported (MODE_GCM)

I installed pycryptodomex and changed line 10 to from Cryptodome.Cipher import AES

When I ran the script again, I got this result with a populated msgstore.db file

python3 WhatsApp-Crypt14-Decrypter/decrypt14_15.py key msgstore.db.crypt14 msgstore.db -vf

[V] Reading keyfile...
[I] Crypt12/14 key loaded
[V] Parsing database header...
[V] WhatsApp version: 2.22.7.71
[V] Your phone number ends with ..
[I] Database header parsed
[V] Decrypting...
[I] Done

I will test if I can get the files to IOS later tonight.

ElDavoo commented 2 years ago

Hi Martin, As written multiple times, you need to install pycryptodome, not pycryptodomex (EDIT: pycryptodomex is fine, pycrypto is the problem). I might add a check about that.

The important thing is that your key file (the first seen in the wild with version 3) is decoded correctly. (E.g. no errors like "unsupported key version" or similar)

ElDavoo commented 2 years ago

I also see that you have no phone number (?) I will check more in detail when I get home

martinodonnell commented 2 years ago

I also see that you have no phone number (?) I will check more in detail when I get home

I removed that. The number came up correct

martinodonnell commented 2 years ago

As written multiple times, you need to install pycryptodome, not pycryptodomex. I might add a check about that.

I deleted all the python packages and and reinstalled them with the versions in the requirements.txt.

The important thing is that your key file (the first seen in the wild with version 3) is decoded correctly. (E.g. no errors like "unsupported key version" or similar)

The output from script looks good and msgstore.db file has data. I will let you know later when I finish work if I can get the data over to my iPhone

ElDavoo commented 2 years ago

the msgstore.db was created. Looking back now, the file was empty!

Yeah, the way it works is that the argparse library automatically creates the filestream for you, on a "wb" mode that means the file will be created and it will be empty if the program errors out before writing anything

Might be a good idea to add the od -t x1 -N 32 key command to your issues template

I don't think so, the part that i need to see really depends on which part of the parsing fails, so it's better to just send the whole thing directly

When I ran the script again, I got this result with a populated msgstore.db file I will test if I can get the files to IOS later tonight.

This script checks if the decrypted output makes sense so you 99% have a valid msgstore.db. If you want to be sure, open it with a sqlite3 viewer. If you can't import it in iOS i'm afraid you'll have to open an issue at whatsapp2ios.

ElDavoo commented 2 years ago 
AttributeError: module 'Crypto.Cipher.AES' has no attribute 'MODE_GCM'

I guess this happens when you install pycrypto and not pycryptodome. Pycrypto is old and unsupported.

Looking through some docs, I found that that MODE_GCM is no longer supported (MODE_GCM)

That's MODE_CCM , not MODE_GCM .

I added some informative messages for this kind of errors, I know it can be confusing

To save you some headaches I suggest you to use venv . Virtual environments are very nice: They are a way to make a project's libraries and the system's libraries separate from each other. From the project's directory, run: python -m venv venv This will create a virtual environment in the venv folder. Check this table to see the command you need to run to activate the venv (it's like "entering inside it"). After that, you can install the libraries as usual with pip. The important concept is that the libraries installed will be stored in the venv folder and will be separate from your system! :)

ElDavoo commented 2 years ago

Ok, that should be it! Let me know if you have other problems

martinodonnell commented 2 years ago

To save you some headaches I suggest you to use venv

Good idea, been a while since I did python

@ElDavoo Thanks very much for your help! I'll be back next week to write some tests

I was able to use SQLite on the terminal to open the msgstore.db and see all the messages.

For the next person Installing SQLite Common Commands

Run 

sqlite3 msgstore.db
select * from message;
ElDavoo commented 2 years ago

or just use sqlite browser