Decrypt-Encrypt-Decrypt on outgoing message not working

[tarun14110]

I decrypted my outgoing message. And encrypted it without editing. On trying to decrypt it again, I get error. And I am getting different encrypted message after re-encrypting the same message.

Original outgoing message

Decrypted outgoing message

Encrypted outgoing message (without any changes)

Trying to decrypt it

[thiru112]

@tarun14110 I also had same issue and posted that if you find solution ,let me know

[tarun14110]

@thiru112 So, were you able to impersonate outgoing messages as other user (attack 2 as explained on blog)?

[thiru112]

@tarun14110 I wasn't able to change message an put into the 'a' parameter in the browser

[tarun14110]

You can do that by using this code a = Uint8Array.from([new encrypted array]).buffer at console during breakpoint at and then continue . But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.

[thiru112]

@tarun14110 I try and reach you asap

[ertza]

Hi all, I'm having the same issue except that I'm trying for incoming message. When I decrypt the message and then re-encrypt it (even without making any changes in the message) - this newly encrypted message cannot be decrypted so ofcourse when I forward it to whatsapp web, it is not able to decrypt it and show it. I hope someone can help fix it soon.

[GinNoel]

You can do that by using this code a = Uint8Array.from([new encrypted array]).buffer at console during breakpoint at and then continue . But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.

@thiru112 did you manage to get this work. I'm stuck on how to chage it in the browser.

Hi,

This is regarding Attack 2.

I manage to decrypt outgoing message. Change the message, change true to False. Encryp it back successfully.

I'm stuck on putting the encrypted data back to the console. I.e. im stuck on no 4 (please see attached image). How can I do that?

Thank you

[GinNoel]

You can do that by using this code a = Uint8Array.from([new encrypted array]).buffer at console during breakpoint at and then continue . But, its not working. I guess there is some issue with encryption for outgoing messages. The encryption method should encrypt the decrypted outgoing message to same message as before decryting. But it's not doing that for now.

Hi @tarun14110 did u manage to get the a = Uint8Array.from([new encrypted array]).buffer work?

[Orinion]

@GinNoel sorry for the late reply but i managed to do it. first create a global variable in the console. temp = new Uint8Array([248,..., 2, 1]).buffer then doubleclick the a variable in the local scope and insert the name of the global variable.

Also note that the encrypted message is not correct (for me it inserts a 11, however after removing it, it works)

[ZRginger]

Hello, can anyone fix the problem? Letting DE-EN-DE on outgoing message works well.

[GinNoel]

@GinNoel sorry for the late reply but i managed to do it. first create a global variable in the console. temp = new Uint8Array([248,..., 2, 1]).buffer then doubleclick the a variable in the local scope and insert the name of the global variable.

Also note that the encrypted message is not correct (for me it inserts a 11, however after removing it, it works)

Hi @Orinion ,

My apologies for the very late reply. Thank you for the steps.

You lost me here "(for me it inserts a 11, however after removing it, it works)". Can you please explain further?

Thank you.

[Orinion]

Hello @GinNoel, taken frome the screenshots of the op:

he didn't change annything, however the 11 gets added after encrypting. Simply remove it before you paste it in the browser