stickers.db.crypt14 decryption support

[DareDreamer]

Hi,

I was able to decrypt almost all crypt14 files, but one important one called "stickers.db.crypt14" is not possible. For example, the files "chatsettingsbackup.db.crypt14", "commerce_backup.db.crypt14" and "msgstore.db.crypt14" were decrypted successfully, but stickers not.

The verbos log tells this (with and without "force" option): [V] Reading keyfile... [V] Keyfile loaded [V] Parsing database header... [V] t1 found at offset 14 [V] WhatsApp version: 2.22.2.73 [F] Could not find IV or data start offset

I'm sorry, but how can I answer the following? Please also report if your offsets are too far (+-5) from the default ones, which are: t1 offset: 15 IV offset: 67 Data offset: 190 (or 191)

First 512 bytes of this file (stickers.db.crypt14): 62 08 00 12 4D 0A 02 00 01 12 01 32 1A 20 58 39 D3 3E E3 09 C6 3B D3 D5 5E CE AC C0 53 AB F2 0F D1 B9 83 BE 82 01 8D 19 EE 55 46 5A B4 B9 22 10 09 7A E3 50 CF 9B E5 9A 4B 8C 1C 1A FD 57 B7 8E 2A 10 CF 98 2B D8 92 F2 2C 6D F0 BF F4 22 16 F0 6B 56 22 0F 0A 09 32 2E 32 32 2E 32 2E 37 33 1A 02 38 33 32 4B 26 9C 5B BD F6 D6 7F 2A 2B 94 5F 63 E4 D0 B0 D4 5D 1A C1 4C 06 68 2C F9 B7 A5 97 2E 0B 77 AB 55 FE 77 7E CF 05 17 04 AE FD 1C 2C D7 4F F1 F6 F8 EA C0 90 69 83 57 74 CD 3B 2D 31 45 44 4C 1D A5 2D D3 4F F4 F0 F7 63 1B 13 4C EC 5D BB 47 1D 1E EA 07 6C AB 36 5C 7C E0 66 4C 37 A0 02 85 6B D6 C0 C7 C6 8E AE E3 33 93 D8 8E 63 23 4A CF 49 6A 21 1B 4D 2C 2C FA 14 9A AA A6 C0 5B 9B AF 98 37 83 31 66 5D A6 08 35 71 6C 8D 52 FB 20 A9 FA F7 41 6B 59 CE DC 7C 09 7F D9 B0 03 BC 6D FF CB 97 90 4A 7D 85 B7 CE 64 CF E4 F8 7F 24 42 59 57 85 04 1F 4B D0 27 04 37 B3 1C 9D 7A 03 A2 2B 51 DA BA 6C C3 B6 19 6C FD 81 21 22 09 7E D2 57 A0 79 E0 AF CF 49 F5 49 18 E4 DC 4F A1 C7 5D 5F 00 79 26 20 6E 7C 14 C5 2C 0F ED 5D D9 40 A3 72 64 C4 45 E7 F0 12 75 13 1B 40 0B 84 A9 70 34 9F E0 3C 05 3B 72 26 84 49 0A D6 1B 87 6B 6C 90 83 0B 1C A9 97 BD 87 A5 28 46 35 0A 90 CC C9 5C C5 04 40 F2 5E B8 3F 28 DB 09 CA CD 20 2F D4 8D F1 9E 02 41 EC 09 3A 4C E9 E7 D5 0B F1 1F 67 F8 EC DC 87 DF B4 AF 82 7D D3 03 22 6F 1F AB 8A DE B1 60 CD FA DF DB 8F A6 A6 51 CB 47 E7 43 E1 07 56 33 8F 9D E5 BE 49 6C 86 45 19 3D D9 EC E6 FD 72 24 5B 93 C7 1E B6 CB E5 33 0C 1B 13 7A 9F 77 BA 97 95 17 C4 90 A6 71 CB 15 9B 3B 51 11 6B 03 5E 36 C9 48 F7 6F 94 01 0B 58 B9 F9 3B 9A

Will posting my "key" file content reveal something personal?

Thanks a lot!

[ElDavoo]

hi, I never actually investigated other files other than msgstore (my bad, I didn't write this into the readme!). I'm glad to know that chatsettings and commerce_backup can be decrypted, I did not expect it to work!!

Will posting my "key" file content reveal something personal?

Posting your key should not harm, but it's better if you do not post it. I will take a look at my stickers.db.crypt14.

I'm sorry, but how can I answer the following? Please also report if your offsets are too far (+-5) from the default ones, which are: t1 offset: 15 IV offset: 67 Data offset: 190 (or 191)

The program tries all the possible data offsets starting from 190 (the default), and going around it, so trying 189,191,188.... After that it will change the IV offset with the same logic and try all the possible data offsets again... So it is a o(n^2).

I made it this way because if WhatsApp decides, for example, to move the IV 30-40 bytes forward, the program will still work, but it will be slower, because it will try a lot of offset combination before getting it right. So if someone tells me "hey the offsets changed and now they are x and y", i will update the default and the program will be fast again.

[DareDreamer]

OK, thank you very much! Is there a way to receive the slow version? I don't care waiting for the decrypting, as long as it will be possible. Thanks again!

[ElDavoo]

You already have it. At the moment it is not possible to decrypt it because it is encrypted in a different way. Any help is welcome

[ElDavoo]

Hello, I managed to get the decryption working, however the decrypted data is not a zlib stream. On Monday I will update the program to handle this case, but you are on your own to figure out how is the decrypted data structured.

[DareDreamer]

Hi, Thanks! What do you mean by "not a zlib stream"? Does it mean I won't be able to actually use it on WhatsApp?

[ElDavoo]

Hi, There are two types of backup: single-file backup, which is a zlib stream, and multi-file backup, which is a ZIP file. The multi-file logic has to be used on stickers and wallpapers. The previous (and now fallback) offset-guessing logic can not detect multi-file backups as it is only looking at zlib header, not zip headers. This is why the program used to fail: It could not understand whenever a decryption was successful. Now the header is completely parsed so we do not need to guess: We decrypt and that's it. So I could now take a look on how the decrypted data is structured (as I said earlier). And, it's easier then expected: It's just a ZIP file. So just use the program and use an archive manager to unpack the data.

Note that at the moment I've only made these changes to the crypt15 version. Crypt14 will be done shortly.

[DareDreamer]

Hi, Those are really good news! Thank you very much! Awaiting your update so that I'll be able to check. Thanks again!

[ElDavoo]

Done, plz test

[DareDreamer]

Hi, Works great! Thank you so-so much!

[Winia7070]

chatsettingsbackup.db.crypt14 Puedes desencriptar

[Winia7070]

chatsettingsbackup.db.crypt14

Puedes