ElDavoo / wa-crypt-tools

Manage WhatsApp .crypt12, .crypt14 and .crypt15 files.
GNU General Public License v3.0
636 stars 80 forks source link

What if I deleted my whatsapp account and create a new one with the same number? Decryptable? #89

Closed Emporea closed 1 year ago

Emporea commented 1 year ago

I am struggling to access an old crypt12 file that I backed up when I was younger and since then I have not had WhatsApp in between because I even deleted the account a few years ago.

I just have found the crypt12 backup file (and several crypt1 settings files) on an old drive and have created a new WhatsApp account with the same number but on a different phone that I no longer have. As expected, although I was very disappointed, my attempt to access it failed outright.

The required key is probably not the correct one because the phone and account have changed, even though the number is the same.

Is there a solution? I ask for your help.

decrypt14_15 --force ./key ./msgstore.db.crypt12 ./msgstore.db
[I] Crypt12/14 key loaded
[E] WhatsApp version not found
[E] The phone number end is not 2 characters long
[E] Could not parse the IV from the protobuf message. Please report a bug.
[I] WhatsApp version not found (Crypt12?)
[F] Could not create a decryption cipher
Emporea commented 1 year ago

Heureka!

I don't believe it.... Shame on Meta. But who expected anything else? And in the end it was good for me too:

I just put the crypt12 file into the 'WhatsApp/Database/' directory, reinstalled Whatsapp and whoosh; I was able to hit 'restore' and now I have all my messages from at least 5 years ago back.

I deleted my account at the time. New phone. But I still have a working chat backup...

The only way whatsapp could decrypt my backup is if they still had the key even though I deleted the account to it. Or they achieved this by some other kryptographic trick I am too stupid to understand. Anyway.

Shame on the "deletion policy", but heureka!

One last question, why do you think the restore failed earlier when I tried to use wa-crypt-tools by creating a new whatsapp account and extracting the key? Either I did something wrong, or they gave me a different key just for the crypt12 restore... Crazy... I know why I deleted whatsapp. And if I export my chats the right way this time, I will delete the account immediately and never touch it again. Which doesn't mean that Meta will delete what it has. Which is nothing new. Sorry for the spam, but I had to say that for now.

ElDavoo commented 1 year ago

They probably have all of your keys in the server. I've documented up to 3 key versions. You can see which key version you have with -v.

Would you like to try with the development version and -v flag?

Emporea commented 1 year ago

I have deleted my WhatsApp account again after successfully decrypting the new backed up crypt14 with the valid key. So the tool works. But I am not going back just to test this, sorry. :)

kmontag commented 2 months ago

@ElDavoo I'm running into a similar issue trying to restore an old crypt12 backup (though my account wasn't deleted in the meantime). The original key was lost, but I obtained one by logging in to WhatsApp again on the same phone where the backup was made.

wadecrypt -v shows key_version: 02, and the program correctly identifies the last two digits of my phone number, but then fails with Authentication tag mismatch: MAC check failed.. WhatsApp also sees the backup but fails to restore it during initial login.

I don't think the backup is corrupt, so I suppose this must be a mismatch in the key version. Is the verdict that it's simply impossible to obtain other key versions from the WhatsApp servers?

ElDavoo commented 2 months ago

From what you described, it looks like that. I don't know the answer to these questions, I don't know how WA and its servers manage keys.

kmontag commented 2 months ago

Got it, thanks for the response.