Do we know how to make the encrypted .enc multimedia files downloadable?

[cprcrack]

My multimedia decryption routine is working fine, however I noticed that I'm only able to download the encrypted .enc file available on the clientUrl field if the image has been preloaded before in a real WhatsApp Web session. Otherwise, the URL returns an HTTP ERROR 404.

The clientUrl field is something like https://mmg-fna.whatsapp.net/d/f/XXX.enc.

I also tried using the ´directPath´ field while appending the domain mmg.whatsapp.net as per https://github.com/sigalor/whatsapp-web-reveng/issues/71#issuecomment-406336055, and other alternatives based on directPath:

http(s)://mmg.whatsapp.net/v/t62.7118-24/BBB.enc?oh=CCC&oe=DDD http(s)://mmg-fna.whatsapp.net/v/t62.7118-24/BBB.enc?oh=CCC&oe=DDD

Unfortunately none worked and I'm still unable to fetch the file without a previous manual interaction in the WhatsApp Web session.

@sigalor I think you reached the same conclusion some time ago at https://github.com/sigalor/whatsapp-web-reveng/pull/42#issuecomment-390414969 and actually provided a potential solution, however I'm lost regarding how to send that binary message you mention. Is that "QUERY_MEDIA" message you refer to something that can be sent solely interacting with the WhatsApp Web API (i.e. window.Store object)? Or how else could I approach this issue?

[sigalor]

If you are connecting to the WA Web servers directly using a WebSocket, you need the following information:

• QUERY_MEDIA is defined here. It's just a one-byte integer value.
• Creating the payload for a binary message is demonstated here. As you can see, it has the following format: [messageId],[metric][flags][encryptedMessage], where [metric] should be the byte 0x04 (for QUERY_MEDIA) in your case and [flags] can always be IGNORE (i.e. 0x80).

[cprcrack]

Unfortunately I'm not connecting directly, I'm only using WA Web API (i.e. the old Store object and the DOM). I do not have a Python backend either.

I found this https://github.com/mukulhase/WebWhatsapp-Wrapper/issues/336#issuecomment-455837612 which is actually a solution but I would like to prevent the whole media file to be loaded on the client...

[selvakumaran]

@cprcrack, you need to set the Urllib request header User-Agent properly (same as your browser) to download the media file. For ex:

 HTTP_USER_AGENT = "%s%s%s" % ('Mozilla/5.0 (Macintosh; U; Intel ',                                                                                                                           
                                        'Mac OS X 10_6_6; en-us) AppleWebKit/533.19.4 ',                                                                                                                    
                                        '(KHTML, like Gecko) Version/5.0.3 Safari/533.19.4')                                                                                                                

request.add_header('User-Agent', HTTP_USER_AGENT)