New variables in code request during registration

[poma]

I looked at registration requests in android app v2.16.220 and there are some variables I don't understand. Example for https://v.whatsapp.net/v2/code:

authkey=0rf7ujBvFqs7n7FQo8hRxRqwmm8OmN8IigiARfv9Dzs
e_regid=fVnwhw
e_keytype=BQ
e_ident=WOnnHZj_OLdfEnYqltF5-25Vj5OrelEjQNfDSwctTSo
e_skey_id=AAAA
e_skey_val=gs0eittTzGMUFRvUmVY-bvBprin6B07DB04gXK3sol0
e_skey_sig=9-1wWgXGcWoduuJcFcTiT42TVpO2BrKUAMyo3g_tGyCaVKBXafm0jfcglwTx5xW4sjZA_d0nIBmgzus6HpVCjg

Anyone has an idea what do they mean? Maybe using them during registration will reduce amount of bans?

[poma]

Also, whatsapp server doesn't return password when code is entered. Response JSON is just

{"status":"ok","login":"1234567890","type":"new"}

[assegaf]

yeah , may I know how you able to sniff it ?

authkey=0rf7ujBvFqs7n7FQo8hRxRqwmm8OmN8IigiARfv9Dzs this is for wa20 protocol auth, your local public key

this is for e2e vars init, without prekeys. you still need to sendPrekeys after login e_regid=fVnwhw e_keytype=BQ e_ident=WOnnHZj_OLdfEnYqltF5-25Vj5OrelEjQNfDSwctTSo e_skey_id=AAAA e_skey_val=gs0eittTzGMUFRvUmVY-bvBprin6B07DB04gXK3sol0 e_skey_sig=9-1wWgXGcWoduuJcFcTiT42TVpO2BrKUAMyo3g_tGyCaVKBXafm0jfcglwTx5xW4sjZA_d0nIBmgzus6HpVCjg

[poma]

I use MissVenom modified for full mitm (both http and xmpp). It worked while app was sending pass in http, but now I don't know how to connect to xmpp without password. I run WhatsApp on an emulator with fake SSL cert authority installed.

[mgp25]

Yes, WhatsApp updated registration params last April/March, easy to implement (already implemented), not the only changes

[poma]

So they switched for some kind of new stream encryption? Did they just replace RC4 stream with something new? Can you please point me to any relevant commits (yowsup, chat-api or any other, I code in C# anyway)?

Last time I checked was in late 2015 and they used to only change token dictionary between minor versions.

[mgp25]

@poma yes, they replaced RC4. I don't know if ill ever publish the code

[poma]

Is there any specific reason not to publish it (like preventing spam or something)? Looks like tgalal is not publishing wa20 support too. Maybe I should not publish it too if I implement wa20 in C#?

[schoerg]

tgala has not been very active lateley on Github as far as his profile goes.

I guess it is to stop spam? But to be honest, I haven't heared of spamming WA bots, probably due to easy reporting if you send stuff to an unknown number and someone clicks the button.

[assegaf]

whatsapp is very cheap, they even ban some specific number they think "annoying", check their TOS, they even ban for not doing anything login, then ban, someone also ban me for being annoying I think.

@poma I think I sugest you leave the C# or any language, back to the native language they wrote the android apps, java->dex.

try decompile android 2.16.225 apk with jadx, and learn the auth wa20, keep the knowledge to be shared with the world,

its better to just share knowledge, because every week/2week whatsapp update new version, so they read your code, and inject some new rules based on the code to protect their server, some one from whatsapp among us read this and laugh ...

[brittson]

whatsapp is banning numbers which been registered and blocked in past multiple times or registered multiple times from different phones

[assegaf]

yes, its also, but do you even know if someone abused number example +34121243001 they ban +34121243002 until +34121243999 so not able to register, your number is banned contact support.

tested with official apps, same thing. playing cheap.

this is why someone else is banned for not doing anything, as we use shared/recycled number too and have similar number.

[albert-chin]

mgp25 commented 2 days ago @poma yes, they replaced RC4. I don't know if ill ever publish the code

During 2016-03-xx to 2016-04-xx (that is, since version 2.16.xx) there was official announcement / claim about support of "end-to-end" encryption of #messages from a user (to another-user / a-group), there is a white-paper (available from the official web-site of the company, in English) giving some details about the "end-to-end" (upper layer) encryption. That upper layer thing is (claimed to be) certainly from OpenWhisperSystems / moxie0 . [Now much other similar instant-messaging app, including facebook messager, google allo, the concerned, and the signal app from OpenWhisperSystems, (if you believe them) claimed to be (or going to be) using the same thing for the upper layer for end-to-end encryption between the users. There is also some source code for this signal algorithm on github; if you believe the ##claim.]

In the paper, there is a paragraph (near the end) mentioning about the (Lower) transport layer. It claimed that there is encryption (and etc.) security measures there, named as "Noise Pipes" as described in the NoiseProtocolFramework (https://noiseprotocol.org), certain implementations (to certain degree) of this (noise pipes) is available at github as well.

What are the major algorithms used is clear (as from the claim), if thing implemented as claimed. Certain minor details may not be totally obvious and may still need some adjustments.

[assegaf]

hi @poma you have succeeded sniff registration, have u able to sniff the RX TX on new android apps ?

[tgalal]

added by cbb715e