[WhatsApp] Decrypt Error in groups

[tibtab]

I don't know how far this is a duplicate of or is related to #1076 or #1053

Here a log:

16:15:43.076 <message from="number1-1443529511@g.us" type="text" id="0373DF3CE14E02EB3A29EFDF4F7BA2" 
participant="number2@s.whatsapp.net" t="1462803340" notify="person1">
<enc v="2" type="skmsg">
3¿ûï¥%°
)cWÂ5ëZ˜¼
16:15:43.087 Parsing message: {"_tag":"message","children":[{"_tag":"enc","children":[],"attributes":{"v":{"hexdata":"32"},"type":"skmsg"},"_data":{"hexdata":"3308bffbefa50210251ab001296357c235eb5a1d1a98bc008e765c32949da59ab8eef953f449333f674fc57414a25cb777128881cf456dce39aa46e4d4e7c1a1bcf3e10fd813793b5f3b892ed3cb426aaf91094d6abbff53b09799e8ffed2c84c3393bcd0295a3d91abf235037442e869080c65e49431c1d5d390fef88a499e2e8f44a96416b12b3720cb9070a7a4b96ab421dfd5fb101a66e33b888b49139d12a39e317e5dc646db9a69a25e89a90c987c5bd53777c69988f84ca7d68ac70a156844f49c36ebd27cf901332d7ba052d957a912ff0abd2836d902744ab307dfd8b3844f1507997c3ef9cbb2aa94fe7905d7be023cbef710d1a11e50f"}}],"attributes":{"from":"number1-1443529511@g.us","type":"text","id":"0373DF3CE14E02EB3A29EFDF4F7BA2","participant":"number2@s.whatsapp.net","t":"1462803340","notify":{"hexdata":"4179c59f656e7572"}},"_data":null} ~ parseMessage@app://dda7c8f0-e103-45c6-9c91-53447d360fc5/scripts/mozillahispano/coseme.js:7142:5 [ReaderThread] tools.js:25:6
16:15:43.093 ENCRYPTED GROUP MESSAGE skmsg 2 null tools.js:25:6
16:15:43.140 DECRYPT ERROR null tools.js:25:6

[cmeerw]

The problem is that Loqui doesn't have the session keys for the group message and therefore fails to decrypt it - it should have sent a receipt retry in response to this, but that probably didn't help...

Anyway, the only (kind of known) way to recover from this is to leave and rejoin the group (assuming the other participants in the group don't have old encryption keys for your account - in this case you would also need to send them private messages first).

BTW, there is one other thing you could try from the WebIDE:

CoSeMe.yowsup.getMethodsInterface().call('message_error', ['number1-1443529511@g.us', '0373DF3CE14E02EB3A29EFDF4F7BA2', 'plaintext-only', 'number2@s.whatsapp.net' ]);

This might trigger a different kind of recovery from the sender...

[tibtab]

I tried it (the thing with the WebIDE) but I didn't receive the message if this was meant to happen. (But I havn't done the other two steps you mentioned before)

BTW is there any other way to give people my new encryption keys than sending them messages? I don't want to go on all of their nerves by sending them senseless messages, but I still want to see what they write in groups...

[cmeerw]

The problem is that there is no documentation about how it's supposed to work...

I tried sending an encrypted message to an official WhatsApp client with an encryption key id that the receiver definitely didn't have and the reponse I got was a "receipt" "retry" message (that's what Loqui does now). But sending a "receipt" "retry" message to an official WhatsApp client now doesn't appear to (always) trigger the recovery any more (but I believe it used to work).

Also note, if you haven't reinstalled Loqui recently then it's unlikely your contacts will have old encryption keys (you will only need to worry about the group session keys).

[tibtab]

But there is group, which was created today and I still don't receive the messages of all participants

[cmeerw]

Let's hope you have got the logs then...

The first message of each participant should contain the session key for the group encrypted with your key (and there probably was a failure in decrypting that message because of old key material).

It could also be another bug, but in any case, log files are needed...

[tibtab]

Sorry, I don't have any logs of this event :/

[janu2015]

I uninstalled Loqui from my Fire E and reinstalled then via WebIDE.

When creating the Whatsapp account I faced the problem that the country list was empty (I cross checked Marketplace version: country list is populated). Anyway, via WebIDE I managed to enter my phone number and requested an SMS. Surprisingly I was instantly directed to Loqui Whatsapp account, that was showing my group chats (all empty), but no single chats. No SMS was sent, no code entering was needed ...

Happily, a lot of group messages by a lot of participants were arriving immediately :smile:. After some time these annoying log messages disappeared: DECRYPT ERROR,TypeError: parameters.ourSignedPreKeyPair is null

However, Loqui is not able to decrypt the messages of all participants. Still there are DECRYPT ERRORs followed by retry receipts without effect:

<receipt to="49BBB-13918120@g.us" id="PPP811826514A9005A3851D3A94057" type="retry" participant="40PPP@s.whatsapp.net">
<registration>
@LéÚ</registration>
<retry count="1" id="PPP811826514A9005A3851D3A94057" v="1">
</retry>
</receipt>

2016-05-12_3_retry.log.txt

The registration "value" seems to be the same always, regardless of which participant.

[cmeerw]

@janu2015 that's good to know... looks like the retry receipts only work (for some phones) when the registration id has actually changed. BTW, the other phone needs to be only to respond to a retry receipt, so maybe some participants just weren't only when those retries were sent.

The registration value only changes when Loqui is reinstalled (or the axolotl db is recreated).

BTW, I'll need to look at the country list in the dev version... I had changed the initialisation code and thought I had it working again...

[janu2015]

@cmeerw One message retry with "plaintext-only" succeeded - hours later ...

2016-05-12_13_retry_plaintext.log.txt

Does the participant have to be online for retry?

[cmeerw]

Yes, participants need to be online to react to retry messages as the new messages need to be re-encrypted with the new key (and only the sender actually has the cleartext to do this).

[janu2015]

I want to share a workaround for messages that cannot be decrypted due to the reasons being discussed in this issue. By this workaround undecryptable message immediately are requested as plaintext. The modifications apply to .../loqui/connectors/coseme.js Though it works for me, I think the changes should not be merged to dev branch.

First, the "encrypted group message received" event is not only logged before being sent to Axolotl, but also send to screen so one instantly becomes aware of any decrypted message:

this.events.onEncryptGroupMessageReceived = function (msgId, from, author, msgData, type, v, count, timeStamp, pushName) {
      Tools.log('ENCRYPTED GROUP MESSAGE', type, v, count);

      ...

      // --- notify an ecrypted group message
      var stamp = Tools.localize(Tools.stamp(msg.timeStamp));
      var text = 'Encrypt grpmsg '+ stamp;
      self.events.onGroupMessage.bind(self)(msg.msgId, msg.groupJid, msg.remoteJid, text, msg.timeStamp, false, msg.pushName);
      Tools.log('ENCRYPTED GROUP MESSAGE notified');
      // --- 

      var cpuLock = navigator.requestWakeLock('cpu');
      axolDecryptQueue.push({ self : self, msg : msg },
                            function () { cpuLock.unlock(); });

A similar change applies to this.events.onEncryptMessageReceived

Finally, I commented the 'message_retry' call (as it doesn't seem to work for me), so undecryptable messages being requested as unencrypted plaintext immediately:

    function onDecryptError(e) {
      Tools.log('DECRYPT ERROR', e);

      if (msg.groupJid && msg.type != 'skmsg') {
        // ignore decryption error for non-skmsg group messages, we'll
        // handle these on the skmsg
      } else {
//        if (axolLocalReg && (!msg.count || Number(msg.count) < 5)) {
//          var count = msg.count ? Number(msg.count) + 1 : 1;
//          MI.call('message_retry', [msg.groupJid ? msg.groupJid : msg.remoteJid,
//                                    msg.msgId, axolLocalReg.registrationId,
//                                    count.toString(),
//                                    msg.groupJid ? '1' : msg.v,
//                                    msg.groupJid ? msg.remoteJid : null]);
//        } else {
          Tools.log('REQUEST PLAINTEXT ONLY');
          MI.call('message_error', [msg.groupJid ? msg.groupJid : msg.remoteJid,
                                    msg.msgId, 'plaintext-only',
                                    msg.groupJid ? msg.remoteJid : null]);
//        }
      }

      callback(e);
    }

[Honk2]

For some contacts within a group I got only DECRYPT ERRORS. Yesterday the retry method succeeded for one contact, although all other messages from the contact failed to decrypt until then. I have no Idea how this recovered. The message from another contact right after that one still failed, as usual. I cannot see why it worked from the logs... 2016-07-16.txt

[cmeerw]

anyone tested this yet?

[nfsprodriver]

Yes, but the DECRYPT ERROR message persists, possibly because of the upper reasons. So you should reopen this issue. Any Firefox OS testers?

[jcerdan]

Just installed this last version. Will keep you in touch about decryption state of new incoming messages.

[jcerdan]

Wow, that was fast! Just received messages in a group that previously prompted only DECRYPT ERROR. Now messages are ok text and images by the moment from 2 other users. Looks like it's solved!

[cmeerw]

@jcerdan Thanks for testing, I'll try to push the current version to the marketplace then.

[cmeerw]

Well, Mozilla has now shut down the Marketplace to updates, see https://wiki.mozilla.org/Marketplace#App_Submissions