What do we know about blocked numbers?

[Pietertje007]

What do we know about when a number is blocked by whatsapp?

I just had a number that was blocked within 2h30m and I only send/received 38 messages in total. So it's not the message count...

On 2 other cards, I thought it happened after trying to send html tags to my phone. But that does not seem correctly. Last one blocked, no html tag was sent. Also other cards have not been blocked and did sent tags with them.

An other interesting thing is that blocking seems te happen when you login. My last blocked number, I succesfully sent a message and when I logged in again, 2 minutes later, it was blocked.

Amount of logins is also not the case. I have a number that I use a lott and it is never blocked. The last one blocked, I logged in, just about 4 times.

So basically it seems totally random for me....

Anyone here to add some ideas about when numbers are blocked?

[shirioko]

Are the blocked numbers registered using the official client or WhatsApi? All the numbers I'm using were registered and used on an official client and I've never had any problems.

[jay2011]

How do u active an whats app account on git.hub. On 25 May 2013 15:20, "Pietertje007" notifications@github.com wrote:

What do we know about when a number is blocked by whatsapp?

I just had a number that was blocked within 2h30m and I only send/received 38 messages in total. So it's not the message count...

On 2 other cards, I thought it happened after trying to send html tags to my phone. But that does not seem correctly. Last one blocked, no html tag was sent. Also other cards have not been blocked and did sent tags with them.

An other interesting thing is that blocking seems te happen when you login. My last blocked number, I succesfully sent a message and when I logged in again, 2 minutes later, it was blocked.

Amount of logins is also not the case. I have a number that I use a lott and it is never blocked. The last one blocked, I logged in, just about 4 times.

So basically it seems totally random for me....

Anyone here to add some ideas about when numbers are blocked?

— Reply to this email directly or view it on GitHubhttps://github.com/venomous0x/WhatsAPI/issues/358 .

[shirioko]

What? You don't.

[jay2011]

No On 25 May 2013 19:28, "Max Kovaljov" notifications@github.com wrote:

What? You don't.

— Reply to this email directly or view it on GitHubhttps://github.com/venomous0x/WhatsAPI/issues/358#issuecomment-18451783 .

[jay2011]

So what is it On 25 May 2013 19:30, "ANDRE NAIRNE" andrenairne@googlemail.com wrote:

No On 25 May 2013 19:28, "Max Kovaljov" notifications@github.com wrote:

What? You don't.

— Reply to this email directly or view it on GitHubhttps://github.com/venomous0x/WhatsAPI/issues/358#issuecomment-18451783 .

[Pietertje007]

I use my phone and missvenom to activate. Copy the PW and then clear/remove whatsapp from the phone. So its an official client. But registration is not the problem, blocking after several hours is though...

It seems totally random to me....

What happens when a receiver blocks a number? Is that blocking fully on the client side or is that sent to whatsapp and something that is handled on whatsapp servers?

[shirioko]

Blocking is done by WhatsApp server-side, otherwise the block would only work one-way (you won't receive messages from that contact but he'll still be able to view your picture, last-seen time and status updates)

You could try leaving the number running in the official app for ~24 hours and also sending some messages to and from the new number before using it with WhatsApi.

[Pietertje007]

Wondering if blocking by receivers is causing blocked numbers.... I gave some friends access and they had some fun I believe... I bet some people just blocked it.

There is no way that I can detect that someone blocked my number, right? Only the received notification will not get in, but that can have multiple reasons. Right?

[shirioko]

Well actually you can, if I recall correctly you will receive an error node when requesting last seen time of someone who blocked you.

EDIT And my dev number was blocked by one of my contacts, didn't give me any trouble though.

[Pietertje007]

Interesting.. Probably you need several people to block you in a limited time period... at least that is how I would implement something like that,

Another idea that I had is that sending to numbers that do not have whatsapp causes blocking. Normally you can only send to numbers that have whatsapp. (not sure how this works exactly but probably you send your whole addressbook to whatsapp and get the list of numbers that have whatsapp in return). So for whatsapp it will be easy to check if there are several messages sent to non-whatsapp numbers. You normally cannot do that with an official client. What do you think?

[shirioko]

That's correct. Contact sync sends all your contacts to WhatsApp which returns all numbers which are registered (I've also added this to MissVenom sniffing) This has been tested by a few members and it didn't seem to affect whether or not you'll get blocked though..

[shirioko]

I think that I need to fix MissVenom to work properly, bitch be trippin' right now! This will give us a lot more insight into WhatsApp's (updated) protocol. One of the first things I saw is that the session start node now includes a profile picture child node and that the RC4 key is stored on the server and used across different sessions/connections without the need to create a new one on each new connection (which is a pain in the ass, I need that challenge key to forge the rc4 key and decrypt the traffic grrr)

[Pietertje007]

Good to know that it has been tested that sending to non-whatsapp numbers does not cause blocking. One possibility less... Leaves me with blocking from receivers (more then one at least). Could it be that whatsapp people are manually checking the messages that where sent before a user blocks it? Maybe we can prove that.... would be interesting news item if whatsapp is reading with you.

different subject: How can I help with the updated protocol?

[shirioko]

https://github.com/venomous0x/WhatsAPI/issues/361

[jonnywilliamson]

@shirioko Did you get that decipher method done? I see it's removed from the comments here...

[shirioko]

Yeah that was a total brainfart.

I didn't need to reverse the algorithm, all it took was to use a copy of the key stream to decode the message. The encryption algorithm works by swapping bytes in the key stream and inverting the combination of the key and data. So this is all it takes:

Key = new keystream Data = Key.cipher('derp') Data contains encrypted data Key2 = new keystream Data2 = Key2.cipher(Data) Data2 will contain the text 'derp'

The trick is to synchronize the keystream. After each encrypted character the key stream will swap two bytes in it's array, so missing a single character will bring your stream out of sync and give errors.

[ruriimasu]

Does this API use broadcast or individual send? I noticed broadcasting from phone doesnt seem to work after some heavy broadcastings.. but if send/receive through an existing chat window, everything works fine.

[shirioko]

Both.

[ruriimasu]

I realised on a whatsapp phone client, if you broadcast to a number, recepient has to have your number in its contact in order to receive.

[shirioko]

Correct, as @jonnywilliamson also pointed out here: https://github.com/venomous0x/WhatsAPI/issues/348#issuecomment-17932440

[tstanbur]

Hi all,

Just started using this and so far, so good - great work to all involved in the dev!

I'm intending to use this as an SMS replacement for users of my site as it will save a lot in SMS costs so I'm not using it for spamming purposes.

As a lot of messages could get sent (3-5 thousand per day) I'm concerned about my account getting blocked so am happy to register 10 + new WhatsApp accounts/numbers to send from using a "round robin" approach e.g. send 1 message from each number every minute.

Would I be OK to register all these new SIM cards/numbers on the same handset first and then use with WhatsAPI ? or would it be better to register all the SIMs on different handsets? is there any detection for this by the WhatsApp servers?

Thanks, Tom

[shirioko]

Registering all numbers on a single handset should work fine. You can also use WART to register your numbers to make things easier.

[tstanbur]

Thanks a lot for the reply @shirioko, I've used WART already so will try that.

SIM cards are very cheap (in the UK) so I can do some testing to see which approach works best for me.

If you don't register using a handset first then what device is associated with the account? the debug information I get back when sending test messages has the name of the phone handset I first registered with.

[shirioko]

WhatsApp numbers are not registered to a device, they are registered to an ID which is generated using the device and phone number. So using a different number on the same device will generate a different unique ID

EDIT: And this generated registration ID is an SHA1 hash, which means it cannot be reversed to check device information.

[tstanbur]

I get this debug info when I send a message

tx ê AÚxxxxxxxxxxxxR鄍¿ºŠV§wÃdÂ~È 1397651451WhatsApp/2.11.209 Android/4.3 Device/GalaxyS3 MccMnc/234001

What would be there if I had used WART and not registered on the handset first ?

[shirioko]

WhatsAPI and WART are both maintained by me and use the same device information.

The danger is when you register it on a different operating system e.g. register the number on an iPhone and log in using WhatsAPI. In that case the registration is done as iOS and message sending is done as Android, which is probably the reason why my number was blocked a while ago (registered using Windows Phone 7, then logged in as Android)

[tstanbur]

Ah so the Galaxy S3 is your device?! I'm using one too so assumed it had logged my device!

[shirioko]

No I'm using a Lumia 1020 Galaxy S3 is only used because it's an existing Android device. I think I've updated it to Galaxy S4 in one of the repositories.

[tstanbur]

I get it now, the same is shown to everyone - I just registered another number using WART and it shows the same. It confused me as I have the same handset !

Thanks for all your help.

[shirioko]

By the way, that Galaxy S3 user agent is not define by your phone number but by WhatsAPI so it will show the same value regardless of your phone number. https://github.com/venomous0x/WhatsAPI/blob/master/src/php/whatsprot.class.php#L1559

[tstanbur]

OK I get that now, a lot to learn but I'm slowly getting there! thanks!

How can I check whether an account/number is active or blocked (before attempting to send a message)?

[shirioko]

If it's blocked you won't be able to log in

[tstanbur]

But what response will I get? Is there a way of programmatically checking whether a login is successful?

On 16 Apr 2014, at 21:11, Max Kovaljov notifications@github.com wrote:

If it's blocked you won't be able to log in

— Reply to this email directly or view it on GitHub.

[blueslmj]

It's a interesting thing. I also test this. As I know, a message / 30 mins will not be blocked.

[1ay1]

same is happening with me and now I am so much annoyed with it