Decrypt crypt8

[n4ndo]

Hello,

After trying to decrypt db.crypt8 i have this error:

"Decryption Failed: Error during unziping (inflate)"

Work before with a previous crypt8, any ideas?

Thanks.

[andreas-mausch]

Hi n4ndo,

sorry, I got feedback from several users reporting decryption failed for them. Most likely it is a bug in WhatsApp Viewer I need to look into.

As a workaround, if you know how to use openssl from command line, you could try this:

hexdump -e '2/1 "%02x"' key | cut -b 253-316 > tmp/aes.txt
hexdump -e '2/1 "%02x"' key | cut -b 221-252 > tmp/iv.txt
dd if=msgstore.db.crypt8 of=tmp/msgstore.db.crypt8.nohdr ibs=67 skip=1 &> /dev/null
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in tmp/msgstore.db.crypt8.nohdr -K $(cat tmp/aes.txt) -iv $(cat tmp/iv.txt) > tmp/msgstore.gz
gzip -cdq tmp/msgstore.gz >msgstore.db

Andreas

[BarabashkaD]

Hello I have same issue and try your workaround, I use cygwin environment however I get error from openssl "unknown option '0000*'

I check the aes.txt files and iv.txt aes.txt is empty iv.txt contain "0000*" string

What is possible problem ?

Thanks

[andreas-mausch]

Hi,

xda has some information: http://forum.xda-developers.com/android/apps-games/decrypting-whatsapp-crypt8-v2-12-38-t3083847

hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
hexdump -n 67 -e '2/1 "%02x"' msgstore.db.crypt8 | cut -b 103-134 > iv.txt
dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K $(cat aes.txt) -iv $(cat iv.txt) > msgstore.gz
gzip -cdq msgstore.gz > msgstore.db

I'll try to implement it into WhatsApp Viewer as soon as I find time.

[edilmar]

Hi,

  I tried this link before and when I sent the first message to you
  I wrote exactly this script after "april 2015" part of the
  message.
  But the problem is:
  gzip: msgstore.gz: not in gzip format

  I tried to send a message in xda forum to TripCode user but my
  user doesn't have the right privileges to send messages to
  developers forums.

  On 14-05-2015 11:18, Andreas Mausch wrote:

  Hi,
  xda has some information: http://forum.xda-developers.com/android/apps-games/decrypting-whatsapp-crypt8-v2-12-38-t3083847
  ´´´
    hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
    hexdump -n 67 -e '2/1 "%02x"' msgstore.db.crypt8 | cut -b
    103-134 > iv.txt
    dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67
    skip=1
    openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in
    msgstore.db.crypt8.nohdr -K $(cat aes.txt) -iv $(cat iv.txt)
    > msgstore.gz
    gzip -cdq msgstore.gz > msgstore.db
    ´´´
  I'll try to implement it into WhatsApp Viewer as soon as I find
    time.
  —
    Reply to this email directly or view
      it on GitHub.

--

[iswatkat]

Hi Andreas... Badly waiting for you to update the WhatsApp viewer with this implementation.... Kindly update and share.. :)

[okunova]

Andreas Hello, you have a good work with this application, please spend your free time. We look forward to an update to open the key crypt8 that to this day is not possible.

[dickinsc]

Hi, I implemented a quick fix for this in my forked version. I tested it in VS2013 but don't have access to VS2008, I created a pull request so you should be able to see the change at least. It's implementing the change described above i.e. retrieving the initialisation vector from the message store file.

[andreas-mausch]

Thank you very much dickinsc. I currently have no testing device available and just recompiled the exe without any testing.

If someone could please download WhatsApp.Viewer.-.new.crypt8.zip from here https://github.com/andreas-mausch/whatsapp-viewer/releases/tag/v1.8 and tell me if it is working?

I appreciate your help.

[AmmarMhd]

Hello Andreas, I just downloaded and tested the last version you provided and tried to decrypt crypt8..it worked perfectly. Thank you so much for the great job

[WACRYP]

Works for me too now! Good work! And many Thanks!!!

[andreas-mausch]

Good to hear it works. Thanks for the feedback.

I replaced the v1.8 release. Now there is only "WhatsApp Viewer.zip" but it is the updated version.

[dickinsc]

Glad it worked. I also made a change to include the comments that go with images (they're currently missing). I can arrange to back port that from VS2013.

[n4ndo]

Hello @andreas-mausch I try with this version: https://github.com/andreas-mausch/whatsapp-viewer/releases/download/v1.8/WhatsApp.Viewer.zip but same error

"Error during unziping (inflate)"

[dickinsc]

Hi, the error is due to a general problem when the messagestore can't be decrypted. It could be for several reasons e.g. the key and the message store don't match.

Have you redownloaded the key and messagestore file from the whatsapp application directory on your phone?

Also it's worth double checking what version of whats app you're on.

[BilalSheikh]

Hi @Andreas-mausch, Thanks for this application. It's a great application I want to view old database file dated : 30/05/2015 but it cannot decrypt and gives error However it decrypts latest file of yesterday and open in this software I want to know that for decrypt old files i must have the old key file from phone or it is another problem if this old key problem then how can i get it because in phone it is new one Thanks i am waiting for your reply

[andreas-mausch]

Hi @BilalSheikh, please use v1.7 to decrypt backups for the old crypt8.

[sarvesh13nm]

dear andrea-mausch, i have used your link but it is directing me to whatsapp viewer.zip, not to the new zip, and the same problem occuring"decryptiop faile. error while unzipping file(inflate), can you solve this, it will be a great help for me..

[andreas-mausch]

@sarvesh13nm: You downloaded the "new" zip, I have deleted the old one. Are you sure the key is correct for the crypt8? Most likely you get this error when the key is invalid.

[mediachris]

hey there. do they changed something again? it worked fine with the new version but today the same problem as before. can anybody confirm this?

[andreas-mausch]

Yes seems like.

[mediachris]

do you have any how you can make it working?

[andreas-mausch]

No idea yet, but I will take a look at it.

Please keep in mind you should still be able to download the plain database from your phone if you have root access. /data/data/com.whatsapp/databases/msgstore.db

[mediachris]

thats the problem...i dont have and i dont want to root my phone..

[andreas-mausch]

You could still use this method, it will also get you the decrypted database. However it is a bit hacky in my opinion and you have to be careful, it tries to upload your private key to a third party hoster. So you either have to block the connection or manipulate the script if you don't like that.

WhatsApp Key/DB Extractor http://forum.xda-developers.com/showthread.php?t=2770982

[mediachris]

hmm..you are right with the bit hacky...so i wait and hope that you will get an solution for the viewer

[ahwong85]

Hi @andreas-mausch ..do u have the solution ready for the error while unzipping file(inflate) issue?..still getting that error up till today...thanks.

[mediachris]

i think there is no need anymoor for a soltion...everythink works fine with the "new" 1.8 version... check if you have the right key..for example

[ahwong85]

i still get the error for 1.8 version...not with all the back up files..just a certain ones...what is causing the error while unzipping inflate issue?....if i got the wrong key, i wouldnt be able to open all the database file...some i can open, and i some i cant...any thoughts?

[ahwong85]

Hi @andreas-mausch , i still get the error for unzipping....i extracted the right key already but still get the error, havent been getting your response, please do reply..thanks...

[Cambouis]

@everybody, I just successfully decrypted the 06-01-2016 nightly crypt8 database with the WA-viewer v1.8 compiled on 16/06/2015.

Now, It would be great to have some enhancements on the viewer: full smileys support, and bigger/fullres image support. It looks like also that texts/comments joined to images don't display.

Anyway, thanks for this great application !

[andreas-mausch]

Ok since decryption is reported to be working I close this one. Thanks for the feedback @Cambouis.

[Krestol]

Hello Andreas. I have got a backup from whatsapp with the extension crypt9. How can I decrypt them?

thanks.

[Zenityx]

Hi, I am an android user. I have just tested whatsapp viewer succesfully in a relative's whatsapp. However I am in trouble as, due to a LEGAL requirement, I need to check old whastapp backups from long time ago (from a phone that was stolen) and other backups over a year old. As I do not have the key to access to those backups from my current phone, I figured if it would be possible "generate" that key by restoring manually the backups on my device and once they are available copy the key that whatsapp generates. Is this a silly thing to consider or it might work? I am now trying to manually install any old backup to my phone but I can't because google drive gets in the way and somehow does not allow me to restore by the old method of copying and pasting the backups. I have sent an email to whatsapp to see if there is a way around this issue. And now my number is locked by whatsapp due to many failed attemps on installing and uninstalling whatsapp.

I do not mind checking all those backups on my phone, but I thought whastapp viewer would be a fantastic solution for viewing such a large number or backups and files. If my idea of generating a key to decrypt backups from my actual phone to make whatsapp viewer work, let me know to keep working in the manual restoration of those files.

Thanks

[Zenityx]

Answering my own silly question: yes, backups can be restored to an android and do manual restoration in whatsapp. Then a new key is generated and it can be used in whatsapp viewer. Important to un-link google drive backups or it will automatically try to restore any backup from there.