Open FiloSottile opened 9 months ago
You mean iCloud Advanced Data Protection or the WhatsApp built-in E2E encryption?
ADP is transparent from a macOS client. ChatStorage.sqlite.enc is encrypted by WhatsApp's built-in E2E encryption.
Thanks! Will look into it when I have access to Mac.
I'd love this as well!
@FiloSottile, did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
+1
did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
The WhatsApp encryption key is derived from the password or the generated key they provide you.
It's unclear the format of the encrypted data, I don't think it is specified anywhere. Might need to reverse engineer WhatsApp or hook it with Frida to see exactly what it is doing.
did you find some solution here? And how can you find the WhatsApp encryption key to use to read this file?
The WhatsApp encryption key is derived from the password or the generated key they provide you.
It's unclear the format of the encrypted data, I don't think it is specified anywhere. Might need to reverse engineer WhatsApp or hook it with Frida to see exactly what it is doing.
I have already tried it, it's not a 64 bit key
I have already tried it, it's not a 64 bit key
First, 64 byte key, and I did say derive. That is there's an algorithm (which we don't know what it is), that transforms the secret (password or generated key) into a decryption key.
I have already tried it, it's not a 64 bit key
First, 64 byte key, and I did say derive. That is there's an algorithm (which we don't know what it is), that transforms the secret (password or generated key) into a decryption key.
Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
I'm not sure I understand. As OP stated you can access and copy (download) the encrypted backups. It's just a matter of deriving the decryption key from password/generated key and performing the decryption. But unfortunately at the moment these are two unknowns. I do recall that the E2EE backups also involving an OPRF, so it might be that the decryption key is stored on WhatsApp servers.
Regrettably, the key problem is that if icloud backup is turned on, the original files will not be obtained
I'm not sure I understand. As OP stated you can access and copy (download) the encrypted backups. It's just a matter of deriving the decryption key from password/generated key and performing the decryption. But unfortunately at the moment these are two unknowns. I do recall that the E2EE backups also involving an OPRF, so it might be that the decryption key is stored on WhatsApp servers.
Thanks
I couldn't get the backup to appear in /Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/
. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?
Three thoughts:
cd /Users/...~Whatsapp
, I think certain directory has to incrementally load/sync the directory and file list.I couldn't get the backup to appear in
/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/
. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?我无法让备份出现在/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/
。我按照Apple 讨论线程中概述的步骤进行操作,但仍然没有成功。有什么想法吗?
Back up through your phone and view from it
I couldn't get the backup to appear in
/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/
. I followed the steps outlined in this Apple discussion thread, but still no luck. Any ideas?我无法让备份出现在/Users/<user>/Library/Mobile Documents/57T9237FN3~net~whatsapp~WhatsApp/
。我按照Apple 讨论线程中概述的步骤进行操作,但仍然没有成功。有什么想法吗?Back up through your phone and view from it通过手机备份并查看
Just that's how I did it
If an iOS client enables end-to-end encrypted backups, the chats are not stored in device backups anymore, but only in iCloud.
From a Mac it's very convenient to access the encrypted iCloud backup at
I imagine this can be decrypted with the 64 character E2E key. It would be nice to add support to WhatsApp-Chat-Exporter.