andreas-mausch
commented
3 years ago Never seen a 159 bytes key. Have you tried to cut one byte off (from either beginning or end of the file) and use it for decryption?
Closed shootlazer closed 3 years ago
andreas-mausch
commented
3 years ago Never seen a 159 bytes key. Have you tried to cut one byte off (from either beginning or end of the file) and use it for decryption?
shootlazer
commented
3 years ago Yes. Then it'll throw a "Decryption failed" error. The header bytes are just like any other .crypt12 file.
Not really sure why my phone can decrypt them but no tool can
andreas-mausch
commented
3 years ago Strange. You might be able to spot the beginning of the key in a hex editor (it might be surrounded by zeros for example). If you are familar with node, you can also experiement with https://github.com/andreas-mausch/whatsapp-viewer/blob/node/decrypt-crypt12.js and change the values of the slice() calls.
shootlazer
commented
3 years ago Yeah. But the last part (basically, everything after the zeroes, aka the AES key) is 33 bytes long. I... don't quite get why.
I thought that maybe changing
var key = keyfile.slice(126, 158)
to
var key = keyfile.slice(126, 159)
could do it
But not really sure, 'cause AES should only support key sizes of 16, 24 or 32 bytes, right?
I would think that my key is corrupt, but that doesn't make sense as the phone can still decrypt them. Definitely there's something wrong, somewhere.
shootlazer
commented
3 years ago Update: After reinstalling whatsapp 2 days ago, the keyfile got updated and this one is able to decrypt the backups.
So basically: Key 1 - 159 byte. 2 years encrypting my databases without major problems. WhatsApp viewer refuses to work with it. Key 2 - 158 byte. Got it 2 minutes after reinstalling WhatsApp. Refuses to open the databases made with the 159 byte key. WhatsApp viewer can't decrypt any of the databased encrypted with key 1. Key 3 - 158 byte. Got it automatically 1 hour after getting the key 2. WhatsApp viewer is able to decrypt all previous backups. This third key looks almost identical as the key 1 except it's missing the second byte of the AES key.
I still don't get why I got the second key to be honest. Maybe it attempted to redownload a "correct" key later. Who knows why.
In case anyone is wondering, I'm running ver 2.21.4.22
Strange. Really strange...
andreas-mausch
commented
3 years ago Interesting, thanks for sharing.
Hello.
I'm getting this issue with the keyfile.
Truth is... that my key file is actually 159 bytes long. Why? No idea. Dates to 2019 (last time I fully reinstalled the app)
WhatsApp is still making new .crypt12 backups with that key, and I've managed to restore some of the backups made with that 159 byte key with the same device.
Installing whatsapp on a different phone gives me a 158 byte keyfile which looks completely different (except the header) but doesn't seem able to open my old .crypt12 backups at all. And the viewer, with that 158 byte keyfile, says "Decryption Failed. Error during unzipping (inflate)..."
Am I missing something... ? Could it be possible that I somehow have been encrypting the chats with a "wrong" key? But even in that case... shouldn't the viewer be able to decrypt it anyways?