KnugiHK
commented
9 months ago You mean iCloud Advanced Data Protection or the WhatsApp built-in E2E encryption?
Open FiloSottile opened 9 months ago
KnugiHK
commented
9 months ago You mean iCloud Advanced Data Protection or the WhatsApp built-in E2E encryption?
FiloSottile
commented
9 months ago ADP is transparent from a macOS client. ChatStorage.sqlite.enc is encrypted by WhatsApp's built-in E2E encryption.
KnugiHK
commented
9 months ago Thanks! Will look into it when I have access to Mac.
laky
commented
1 month ago I'd love this as well!
@FiloSottile, did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
ivoidcat
commented
1 week ago +1
nnathan
commented
1 week ago did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
The WhatsApp encryption key is derived from the password or the generated key they provide you.
It's unclear the format of the encrypted data, I don't think it is specified anywhere. Might need to reverse engineer WhatsApp or hook it with Frida to see exactly what it is doing.
ivoidcat
commented
1 week ago did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
The WhatsApp encryption key is derived from the password or the generated key they provide you.
It's unclear the format of the encrypted data, I don't think it is specified anywhere. Might need to reverse engineer WhatsApp or hook it with Frida to see exactly what it is doing.
I have already tried it, it's not a 64 bit key
nnathan
commented
1 week ago I have already tried it, it's not a 64 bit key
First, 64 byte key, and I did say derive. That is there's an algorithm (which we don't know what it is), that transforms the secret (password or generated key) into a decryption key.
ivoidcat
commented
1 week ago I have already tried it, it's not a 64 bit key
First, 64 byte key, and I did say derive. That is there's an algorithm (which we don't know what it is), that transforms the secret (password or generated key) into a decryption key.
Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
nnathan
commented
1 week ago Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
I'm not sure I understand. As OP stated you can access and copy (download) the encrypted backups. It's just a matter of deriving the decryption key from password/generated key and performing the decryption. But unfortunately at the moment these are two unknowns. I do recall that the E2EE backups also involving an OPRF, so it might be that the decryption key is stored on WhatsApp servers.
ivoidcat
commented
1 week ago Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
I'm not sure I understand. As OP stated you can access and copy (download) the encrypted backups. It's just a matter of deriving the decryption key from password/generated key and performing the decryption. But unfortunately at the moment these are two unknowns. I do recall that the E2EE backups also involving an OPRF, so it might be that the decryption key is stored on WhatsApp servers.
Thanks
KnugiHK
commented
6 days ago I couldn't get the backup to appear in /Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?
nnathan
commented
6 days ago Three thoughts:
cd /Users/...~Whatsapp, I think certain directory has to incrementally load/sync the directory and file list.ivoidcat
commented
5 days ago I couldn't get the backup to appear in
/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?我无法让备份出现在/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/。我按照Apple 讨论线程中概述的步骤进行操作,但仍然没有成功。有什么想法吗?
Back up through your phone and view from it
ivoidcat
commented
5 days ago I couldn't get the backup to appear in
/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?我无法让备份出现在/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/。我按照Apple 讨论线程中概述的步骤进行操作,但仍然没有成功。有什么想法吗?Back up through your phone and view from it通过手机备份并查看
Just that's how I did it
If an iOS client enables end-to-end encrypted backups, the chats are not stored in device backups anymore, but only in iCloud.
From a Mac it's very convenient to access the encrypted iCloud backup at
I imagine this can be decrypted with the 64 character E2E key. It would be nice to add support to WhatsApp-Chat-Exporter.