WhatsDump.py won't proceed after verification code

[grifaz]

So I am trying to decrypt WhatsApp's database file on a PC with Windows 10 64-bit running Python 2.7.16 to run WhatsDump.py from a freshly dumped .zip package of the whatsdump-master branch.

I could successfully initialise all components as well as the Android SDK and the most basic command "whatsdump.py --wa-phone {number} --wa-verify sms --msgstore {path} seems to work just fine - up to the point where the "6-Digit Verification Code" is sent and needs to be entered. The application then enters an infinite waiting sequence saying "[INFO] Dialog message: Verifying". Nothing happens after this. I have waited for several hours for something to happen to no avail.

I also tried 1) fetching the database straight from my phone 2) from prior archives 3) using the precompiled Windows build

with the same outcome. Any ideas?

[simoneraffaelli]

The app version used in the emulator is too old and considered by Whatsapp obsolete (you can see this if you show the emulator). Newer app versions have a different layout/step so the script won't success, and also if you try to change data in the emulator, at the moment of the sms verification, the app says that the verson is too old. In my opinion the only possible solution is to update the apk version and also the script to work with newer versions.

[grifaz]

So, does that mean that there is nothing that can be done at this point to proceed after this issue from the user end?

In the meantime, I tried updating the emulator from both the full Android SDK installation on my PC as well as the slimmed down version that WhatsDump is using. Both didn't work as using the full Android SDK for the programme resulted in "[WARNING] Several files have been modified. Checksum error" and nothing else happens afterwards; the WhatsDump environment itself didn't react to an update call.

[simoneraffaelli]

~~Well, I dont know if you can do something, you surely need to inspect the script (Whatsdump.py) and then maybe you can rearrange the steps to make it work or also you can find the command usef to extract your key and then do it manually from the emulator. And again I only gave a first look to the code maybe I'm totally wrong, I only gave my opinion on the cause of this error, if you can't dig on the code the best thing you can do is wait @MarcoG3 or someone else to look at this problem and then (if possible) solve it. Unfortunately I do not have time to do this, if you do please reply to this issue if you make advacements.~~

[simoneraffaelli]

ye I'm stupid, just install whatsapp on the emulator and then you can access the folder /data/data/com/whatsapp/files where the key is stored. You can "download" the key with adb or device file explorer in android studio.

WhatCrypt or WAViewer do not work with the key I extracted in this way though

[ostafen]

I also have this ussue. Please, can you fix this?

[simoneraffaelli]

While waiting for a fix you can extract your key manually: Start the emulator manually, install one valid WhatsApp APK (go to apkmirror directly with the emulator) and then go through all verification steps. After this you can easily access /data/data/com/whatsapp/files folder where the key is stored. (eg: adb pull) Note: It seems that backups are also device-related, it gives me an error when I try to decrypt the DB on my smartphone with the key extracted in this way. To solve this just upload your backup to Google drive and then restore it during the installation process. not sure of this, this doesn't make much sense to me but it's what I got from my testing

[ostafen]

I tried to log in in a rooted phone with my wa account, and experimented the same thing, that is to say, the extracted key can only decrypt backups which have been made with the rooted phone. I don't understand why uploading backups to Google Drive should fix the problem, since the same key should have been used to crypt the files. Old posts on the web say that wa key is generated only according to phone number, but this doesn't seem to be true anymore. Somehow, wa server is using device emai or mac address to generate the key. If we can find a fix, I would be happy to contribute to the project

[simoneraffaelli]

Well, didn't try that, but I think that if you upload your backup to GDrive through WhatsaApp and then you restore that same backup from emulator, you'll be able to decrypt the file extracted from the emulator with the corresponding key. Of course, after you made your modifications and re-encrpyt the dB you need to redo the process in reverse. Just rencrypt the file with the correct key

[ostafen]

I verified that, manually copying the backup files into a new device works. I guess how it is possible if key is device dependent... Maybe, a fix could be to copy the .cypt12 file into the /WhatsApp/Databases folder location before starting wa and recover the backup. I wonder if, after doing this, the generated key will be equal to the key in the old device...

[simoneraffaelli]

Then it's not key's fault but maybe it's the way we decrypt the db. I don't know, and don't have much time to look at it. If you find something new comment here, please

[ostafen]

I will investigate more on this, to understand how the process works. However, I think that, updating the script in order to copy the msg.db.cypt12 file into the /WhatsApp/Databases folder could fix this in the meantime.

[simoneraffaelli]

I lied, I had time and so I searched some info... well I successfully decrypted my db with the emu key. So here are the steps I followed: .1 Install the latest Whatsapp apk in my android emulator .2 Got the key stored in the emulator in /data/data/com/whatsapp/files with adb or "Device file explorer" in android studio .3 Downloaded this tool to decrypt wa db https://github.com/EliteAndroidApps/WhatsApp-Crypt12-Decrypter .4 Copied wa db (stored on my daily smartphone not the emulator one) and the extracted key into WhatsApp-Key-DB-Extractor folder .5 Run the command to decrypt and all worked flawlessly.

[ostafen]

The backup was created in the same device? This sounds strange, because I tried the same procedure but I could only decrypt backups created with the same device.

[simoneraffaelli]

Different devices, the key comes from an emu Galaxy Nexus with Android 4, the backup comes from a Galaxy S8 with Android Pie.

I've done some more tries-> with all the files already stored in my backup folder the decryption work flawlessy, but if I manually force to backup the chat (wa create a new msgstore) then the decryption will fail. (Key file mismatch or crypt12 file is corrupt.) Really strange.

[ostafen]

What do you mean by "with all the files already stored in my backup folder"? You manually copied the db files from you device inside the emulator Databases folder before log in?

[simoneraffaelli]

I copied all my database into the extractor folder. (the tool i linked before)

(After the extraction of the key the emulator is pretty useless, why would I ve copied all the files inside its folder?)

[ostafen]

I don't understand what you mean when you say "with all the files already stored in my backup folder the decryption work flawlessy, but if I manually force to backup the chat (wa create a new msgstore) then the decryption will fail."

[simoneraffaelli]

First of all I'm not sure we have the same aim. I need to decrypt a crypt12 file, merge 2 wa db, then recrypt and use that as chat backup on my smartphone. Clarified that, I took all backups (that wa creates daily) from my smartphone and tried to decrypt all of them with the key extracted from the emu. I was able to decrypt all backups. Then I manually made a backup in wa and copied in the same folder the new backup file created by wa. And when I try to decrypt this file it gives me the error "key mismatch...".

So that's basically what I've done, hope it's a bit clearer

[ostafen]

I don't even manage to decrypt the files...

I have followed your steps. I installed Galaxy Nexus emulator with android 4. Then installed wa on the emulator and, after login i got the key with adb pull. When I try to decrypt I got the error message.... Which Wa version do you have?

EDIT: I tried to make a backup on emulator. With the key I extracted I can only decrypt files I generate with the emulator.

In practice, it seems we have opposite problems, I can decrypt a manually generated backup from the emulator with the key, but I can't decrypt db generated from my smartphone. Maybe older wa version does not generate a new key instantaneously but only when you manually create a backup. You should check if the key changed after you created the backup

[simoneraffaelli]

On my smartphone I've WhatsApp 2..19.230.

I've made more testing, searched on google and I think facebook made some small modification in the decryption process. I tried also this method: https://gitlab.com/stackpointer/whatsapp-crypt12 but... same error. The maintainer of the project said that "crypt12 decryption has several variations.", but he has no time to look at them.

At this point I think that there's the need to study the decryption process to at least have a background of what we are doing and why what we do work. The problem is that i really have no time for this, so I'll give up trying.

PS: If you recover your db in whatsapp emu, then in /data/data/com/whatsapp/files you will find your db already decrypted

PPS: As always if you find something new please let us know

[PotentialHacker]

Quick Question @Raffaa

What Emulator are you using? If it is from Android Studio, could you tell me how to set it up?

[Borsti]

Hi Guys,

what i wanted to achive: Get 2 wa db files from two different phones (old one + new one), merge them and put them back on the new Phone. What i did so far: 1: Created to google accounts 2: On both phones, i backed up wa chats to google drive 3: Installed Bluestacks emulator. I rooted the emulator via blue stacks tweaker 4: Installed WhatsApp on bluestacks, and verified phone number 1. Then i imported the backup from google drive. Extracted the key from /data/data/com/whatsapp/files in Android Studio and also the msgstore.db.crypt12. Then i decrypted with the key file. Did the same with the second Phone. Afterwards I merged both msgstore.db files to one. 5: Here comes the problem. Does any one know, how to reimport the new, merged and decrypted msgstore.db file? Putting it to WhatsApp/Databases didn't do it. (Also reinstalled wa, cleared all folders, restarted the phone, and disabled google drive backup, but it want find/accept the local msgstore.db)

[simoneraffaelli]

@PotentialHacker yep it was a Galaxy Nexus created with Android Studio.

@Borsi I think you need to encrypt again the msgstore or maybe try to place the decrypted .db in /data/data/com/whatsapp/files

[Borsti]

i tried to encrypt again, but i am not sure how to do this. All tools i found on google are for decryption only. Do you know how to do this?

[Borsti]

@Raffaa copying it to /data/data/com/whatsapp/files did the trick. Thanks man!

[ghost]

Someone got some progress in use the script?