Extracting WhatsApp password from Android devices

[whatsappnomedia]

This may be useful for someone:

WhatsApp stores the user credentials in a 'pw' file within the sandbox, while the 'me' file contains the Jabber ID. In addition, it stores on the SD card (in "Exteranal Storage/WhatsApp/Profile Pictures/.nomedia") a token that can be used for registration without confirmation via SMS.

Here's a small Python program to get you started:

from pbkdf2 import PBKDF2 from Crypto.Cipher import AES import base64 import time import javaobj import re

sauce1 = '\xc2\x99\x1e\xc2\x9b\x1d\x0c\xc2\xb8\xc3\xb7UdX\xc2\x98\xc2\x92\x03\xc2\x8bE\xc2\x97>x\xc3\x86\xc3\x95' sauce2 = 'S\x16\x0fR\x03\nD\xc2\x83\x10\xc2\x82\xc2\x9a\xc2\x8d\xc2\x8cF:!i)WA'

def do_decode(special_sauce, jabber_id, pw_file_content): salt = pw_file_content[2:6] iv = pw_file_content[6:22] encrypted_key = pw_file_content[22:] file_enc_key = PBKDF2(special_sauce + jabber_id, salt, 16).read(16) crypt = AES.new(file_enc_key, AES.MODE_OFB, iv) return crypt.decrypt(encrypted_key + '1'*12)[:20]

def decode_pw(mefname, pwfname): jabber_id = javaobj.JavaObjectUnmarshaller(open(mefname)).readObject().jabber_id pw = javaobj.JavaObjectUnmarshaller(open(pwfname)).readObject() pw_file_content = "".join([chr(c) if c>=0 else chr(c+256) for c in pw]) wa_key = do_decode(sauce1, jabber_id, pw_file_content) return base64.b64encode(wa_key)

C = re.compile("^([17]|2[07]|3[0123469]|4[013456789]|5[12345678]|6[0123456]|8[1246]|9[0123458]|\d{3})\d*?(\d{4,6})$")

def decode_nomedia(nomedia, pn, account): g = C.match(pn) e = g.group(1) + g.group(2) jabberid = e + account pw = javaobj.JavaObjectUnmarshaller(open(nomedia)).readObject() pw_file_content = "".join([chr(c) if c>=0 else chr(c+256) for c in pw]) return do_decode(sauce2, jabberid, pw_file_content)

print "%r" % (decode_nomedia(".nomedia", "12125551234", "your.google.account@gmail.com"),)

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[pythonimus]

Has anyone now successfully decrypted his .nomedia file? And how can I get a new password with this id?

[andrh87]

Hello guys, respect to everyone who get this to work. Short story: I am working on a website which should have the ability to contact users about new orders per whatsapp... Soooo, everything was fine, since i red that it`s not anymore that easy to login into my account with PHP... after rooting my phone and getting the me, pm and .nomedia files, i tried your script. But i have not really an idea how.

1. What is this String above what sauce1 and sauce2 contains? Is this the content of the me, pm, .nomedia files? Because i cant really see where the contents are loaded? (i have no idea from python ... thats my first try)
2. If not, and the files are red in in the lines 20, 21 and 32... where must the files lie? same dir as the script, right?
3. i saw, @johnstern and @debarko improved something in the script... what exactly is here to do? :)

perhaps someone who made the script run can give me a hint. And does it truly worked then in praxis?

[CODeRUS]

this method is for getting registration without receiving sms. in your case you can just use WART for registration with no problems.

[andrh87]

ok .......... then ....... i wasted my whole free day ......... :) Thank you a lot CODeRUS !!!! it seems thats exactly what i was looking for!! Thanks really! @CODeRUS

[mrstarke]

You don't need a rooted device to extract your password. You will need adb and a USB cable. Here a simple script to do it. I have tested it on Ubuntu Linux 14.04. Put it on same folder of the python script (call it decode.py)

!/bin/bash

adb backup -apk -share com.whatsapp dd if=backup.ab of=compressed-data skip=1 bs=24 printf "\x1f\x8b\x08\x00\x00\x00\x00\x00" | cat - compressed-data | gunzip -c > decompressed.tar tar xf decompressed.tar cp apps/com.whatsapp/f/{me,pw} .

rm -fr apps

echo 'print "%r" % (decode_pw("me", "pw"),)' >> decode.py sudo aptitude install python-pbkdf2 sudo aptitude install python-pip sudo pip install javaobj python decode.py

Just use the password displayed

[mgp25]

Also you can use this: Modded apk

[ghost]

Can someone please make a video tutorial for us noobs! PLZ!

[mgp25]

@Alon84 Is just to run the code with the extracted data... You can also use this: Modded apk

[nephilim1973]

Probaly it would be possible to post the final version of the python code here with the CODE view (just place 4 spaces in front of each line)

This is a code example line

Much better will be a script in the repository. So all developers could promote some code and we all could share your experience and probably could improve some things better. Regards

[ahmadjmal]

Please.can anyone generate a nomedia file for me. and I will give him my number and my email or,please make a video for this thank you

[pythonimus]

Does the "adb backup -apk -share com.whatsapp" code still work? On my Nexus 5 I get a 1KB file which i cannot decompress.

[ahmadjmal]

@mgp25 I need to registration an old account in whatsapp and I don't have the password .is this way help me now???

[jazzominy]

Has anyone got the password using the script at the top of the page with Python 3.4?

[ildar]

the files layout is changed a bit. pw file is vanished, key file appeared. And both are now "Java serialization data, version 5". Could anybody refresh the script please?

[netfiretec]

Good evening @tgalal, how do I extract the PW Hash from a whatsapp account created in android without performing recovery of the Whatsapp account.

This without using RCKey

[luisaugustos]

This new version with Noise protocol can extract a whatsapp account from Android? I have a lot of accounts in Nox Emulator.