andreas-mausch
commented
2 years ago Thank you. I try to take a look on my next free weekend but can't promise any date.
Open vb0 opened 2 years ago
andreas-mausch
commented
2 years ago Thank you. I try to take a look on my next free weekend but can't promise any date.
hogiebaer
commented
2 years ago Confirmed. Something changes. Whatsapp and Whatsapp Business dont working with the last Viewer
vb0
commented
2 years ago Found the problem, actually the files weren't that different, I don't know why they were shown so differently in my FAR Manager, the first bytes shifted from 01bd to 01bc (the rest is the same for about 64 bytes, probably some header). This lead me to think of a shift which lead me to this: https://github.com/andreas-mausch/whatsapp-viewer/issues/120 - it's probably something perfectly similar.
The python mentioned there actually works: https://github.com/ElDavoo/WhatsApp-Crypt14-Decrypter
I'll probably have a look there to work out what's going on but I'm pretty sure it's the same as the issue mentioned above.
Rufan0
commented
2 years ago Found the problem, actually the files weren't that different, I don't know why they were shown so differently in my FAR Manager, the first bytes shifted from 01bd to 01bc (the rest is the same for about 64 bytes, probably some header). This lead me to think of a shift which lead me to this: #120 - it's probably something perfectly similar.
The python mentioned there actually works: https://github.com/ElDavoo/WhatsApp-Crypt14-Decrypter
I'll probably have a look there to work out what's going on but I'm pretty sure it's the same as the issue mentioned above.
thank you bro this github link is working and i was decrypt Crypt14
himan1000
commented
1 year ago Vielen Dank. Ich versuche, einen Blick auf mein nächstes freies Wochenende zu werfen, kann aber keinen Termin versprechen.
And were you able to take a look? Unfortunately, the decryption of Cryp 14 still doesn't work in the viewer. Would be great if that could work.
AD1977
commented
1 year ago ME TO.. still doesn't work in the viewer. Would be great if that could work. THX
himan1000
commented
1 year ago Also: https://github.com/ElDavoo/WhatsApp-Crypt14-Decrypter Do not work.... -> Key version mismatch: b'3' != b'2' -Force also not work....
himan1000
commented
1 year ago Found the problem, actually the files weren't that different, I don't know why they were shown so differently in my FAR Manager, the first bytes shifted from 01bd to 01bc (the rest is the same for about 64 bytes, probably some header). This lead me to think of a shift which lead me to this: #120 - it's probably something perfectly similar. The python mentioned there actually works: https://github.com/ElDavoo/WhatsApp-Crypt14-Decrypter I'll probably have a look there to work out what's going on but I'm pretty sure it's the same as the issue mentioned above.
thank you bro this github link is working and i was decrypt Crypt14
E:\Backup\Whatsapp\WhatsApp-Crypt14-Crypt15-Decrypter-main\WhatsApp-Crypt14-Crypt15-Decrypter-main>python ./decrypt14_15.py ./key ./msgstore.db.crypt14 ./msgstore.db [I] Crypt12/14 key loaded [E] Key version mismatch: b'3' != b'2' To bypass checks, use the "--force" parameter
or E:\Backup\Whatsapp\WhatsApp-Crypt14-Crypt15-Decrypter-main\WhatsApp-Crypt14-Crypt15-Decrypter-main>python ./decrypt14_15.py ./key ./msgstore.db.crypt14 ./msgstore.db -f -v [V] Reading keyfile... [I] Crypt12/14 key loaded [V] Parsing database header... [V] WhatsApp version: 2.22.14.74 [V] Your phone number ends with [E] Key version mismatch: b'3' != b'2' [E] Server salt mismatch: .... [E] Google ID mismatch: .... != b.... [I] Database header parsed [V] Decrypting... [E] I can't recognize decrypted data. Decryption not successful. The key probably does not match with the encrypted file. [I] Done
The Key and the Backup are from the same Phone.
vb0
commented
1 year ago @himan1000 you have 3 for the key version and only 1 and 2 are supported. Either it's something very new or the file just isn't a crypt14 key. How big it is (bytes)? Mines are 158 bytes and have 16 null 00 bytes somewhere close to the end.
himan1000
commented
1 year ago key -> 158 byte ->yes .... 16 null bytes? -> where find it?
the orignal name was: whatsapp.cryptkey
himan1000
commented
1 year ago @himan1000 you have 3 for the key version and only 1 and 2 are supported. Either it's something very new or the file just isn't a crypt14 key. How big it is (bytes)? Mines are 158 bytes and have 16 null 00 bytes somewhere close to the end.
Apparently Whatsapp is currently generating new keys.... I think I was unlucky then...
Using the latest Whatsapp non-beta (2.22.2.73), whatsapp-viewer 1.15. Since 23rd the msgstore-2022*crypt14 changed in a way that fails decryption with whatsapp-viewer. Apart from possibly updating WA via play store no other changes were done. It happens the same on two phones.
The "key" content didn't change (for some reason the time stamp got updated on the phone I could check, but from somewhere in 2020 to somewhere in mid-2021, no idea why).
The files are the expected byte-length (slightly higher every day) and were clearly completely changed (if you look at a hex dump the files from before "the change" look/start all clearly the same and then "something big" happens and they look totally different but again similar between each other).
The clear text msgstore.db is still well readable with whatsapp-viewer 1.15.