Open gfd2020 opened 2 months ago
lfcnassif
commented
2 months ago Thanks @gfd2020, this would be very very useful. @hauck-jvsh is working on WhatsApp Web decoding, he is already able to rebuild chats, decrypt media attachments, but text message bodies still not, unfortunately I think those formats don't have anything in common based on your description...
gfd2020
commented
2 months ago Thanks @gfd2020, this would be very very useful. @hauck-jvsh is working on WhatsApp Web decoding, he is already able to rebuild chats, decrypt media attachments, but text message bodies still not, unfortunately I think those formats don't have anything in common based on your description...
Very interesting. Is this data obtained from the browser cache?
lfcnassif
commented
2 months ago Very interesting. Is this data obtained from the browser cache?
Yes, from Chrome cache, Hauck can elaborate more on this.
Whatsapp Desktop Client on Windows saves the conversation databases locally in the folder below, mainly message.db.
C:\Users{user}\AppData\Local\Packages\5319275A.WhatsAppDesktop_cv1g1gvanyjgm\LocalState
I took a look at the database and it is an encrypted sqlite database. It seems to me to be a different encryption than that used in the mobile version. Looking at the application folder, I found the dll e_sqlite3.dll (Dot net probably). This appears to be a custom version of encrypted sqlite3.
https://learn.microsoft.com/pt-br/dotnet/standard/data/sqlite/encryption?tabs=net-cli
https://learn.microsoft.com/pt-br/dotnet/standard/data/sqlite/custom-versions?tabs=net-cli
https://www.bricelam.net/2023/11/10/more-sqlite-encryption.html
https://utelle.github.io/SQLite3MultipleCiphers/docs/ciphers/cipher_legacy_mode/