Password

[elperla]

Hi I'm new on here, I need to know if is the password is stored anywhere on the phone? Thank you

[shirioko]

Of course it's stored somewhere on the phone. Good luck getting it out though

[brittson]

Max lol :D On Jun 27, 2013 5:47 PM, "Max Kovaljov" notifications@github.com wrote:

Of course it's stored somewhere on the phone. Good luck getting it out though

— Reply to this email directly or view it on GitHubhttps://github.com/venomous0x/WhatsAPI/issues/385#issuecomment-20114257 .

[Terrorhawk]

getting is not the problem. but its encrypted some how,

[shirioko]

Encryption is not a problem on WP7. The password is stored encrypted in a binary file called 'settings'. It uses the infamous RecToken class from WhatsAppNative.dll to decrypt it into a byte array. I can write a simple WP7 app to read the password and feed it to WhatsAppNative.dll to decrypt it but you'll need root acces to be able to do that.

[elperla]

I have root acces to my phone it's not a problem, I normally use superSU. where is located this "settings" file?

[shirioko]

Which part of "Windows Phone 7" did you miss in my previous comment?

[elperla]

I use android. not wp7

[shirioko]

Then why are you asking where to find the settings file?

[elperla]

I'm noob, I just start read and looking for info about your project. But I was thinking the better way to get the password is looking inside the phone. That's why I start this threat. Now I know tha WP7 is windows phone 7.

[shirioko]

In conclusion: Yes the password is stored on the phone, no we don't have a usable/reliable way to retrieve it. There was someone who was able to dig up his password from his cache files on his iPhone, you'll have to look it up over at yowsup.

Retrieving the password from the device would be superior to sniffing it during registration because the password can be updated by WhatsApp after registration, so it's definitely something worth looking into.

For now you can use my app MissVenom to sniff the password during registration.

[elperla]

Ok thanks a lot. please be patient with me.

[Manuelm88]

I think in Android, the password is in: /data/data/com.whatsapp/files/pw anyhow it has some encryption, don't know which so it is kind of hard to decrypt. Also, it will be nice to know how that password is generated, I think it very related with the md5 of the IMEI and maybe adding with the sms (which i think is kind of a random 4 digit number) or that number is the salt or something... Hope someone have found the way to break /data/data/com.whatsapp/files/pw cause I want to use the API... thanks!

[shirioko]

Nope. The password is just randomly generated by the server, it has nothing to do with the imei or SMS code Op 29 jun. 2013 21:03 schreef "Manuelm88" notifications@github.com het volgende:

I think in Android, the password is in: /data/data/com.whatsapp/files/pw anyhow it has some encryption, don't know which so it is kind of hard to decrypt. Also, it will be nice to know how that password is generated, I think it very related with the md5 of the IMEI and maybe adding with the sms (which i think is kind of a random 4 digit number) or that number is the salt or something... Hope someone have found the way to break /data/data/com.whatsapp/files/pw cause I want to use the API... thanks!

— Reply to this email directly or view it on GitHubhttps://github.com/venomous0x/WhatsAPI/issues/385#issuecomment-20235248 .

[robefernandez]

I hope it would be helpful for you: blog-robefernandez.blogspot.com.es/2012/11/know-your-whatsapp-password-on-windows.html

[shirioko]

Nice

[jonnywilliamson]

@robefernandez Nice write up, but now that the code has changed (it is generated from Whatsapp servers now) perhaps you'd like to look at the code again to see if there are other things you can determine?

[robefernandez]

@jonnywilliamson Yes, I know it. I'll try to get time and look the current version 2.10.523

[ghost]

It's now possible to decrypt the password file /data/data/com.whatsapp/files/pw on Android. Please checkout my new app https://play.google.com/store/apps/details?id=com.smorra.passwordextractor