venomous0x / WhatsAPI

Interface to WhatsApp Messenger
2.59k stars 2.13k forks source link

userIdentity used in whatsapp android/ios clients #1214

Open skairamk opened 8 years ago

skairamk commented 8 years ago

Hi,

can you let me know what is the identity value generated in whatsapp android and/or ios clients?

for eg: $w = new WhatsProt($username, $identity, "test", true);

If it is unique random number generated by the whatsapp client on the device, where exactly it will be stored(in which file and path)? will that file not be wiped off once i uninstall the application?

The reason i asked the above is, because i feel that there might be some device identifier used by whatsapp client based on my test analysis.

1) I installed whatsapp on my second phone and provided the phone number of my first phone. 2) sms received on my first phone and i manually entered a incorrect otp in my second phone. 3) resend sms button on validate otp screen was disabled for 1 minute. 4) after one minute, i clicked on the resend sms button and again as expected i received the sms on my first phone. 5) i re-entered an incorrect otp again on my second phone. this time, the resend sms button was disabled for 2 hours. 6) i uninstalled the app and installed it again. still the resend sms button is disabled for 2 hours(to be precise 1 hr 52 mins - uninstall and install took some time).

If the client is using a random unique identifier(like UUID or SecureRandom) and which is stored in the internal memory(/appdata/com.whatsapp/somefile), will it not be deleted when i uninstalled the the app.

If the somefile is deleted on uninstall, how whatsapp Server side is able to recognize this device and able to disable the "resend sms" button. By seeing this behavior, i think, it is making use of some unique identifier related to the device or something cool which whatsapp has developed.

Has anyone knows how it is done? appreciate any info on this. many thanks in advance.