I'm trying to implement an app that will show in a textview all the messages received from Whatsapp. Is there any way to do it? Is it possible to extract all the messages from Whatsapp?
Get all messages from Whatsapp
Asked Answered
I think those messages now are encrypted.. so I don't think you can get those easily.. yourdailymac.net/2011/05/… –
Firstclass
Please tell me how the spy apps can able to read Whatsapp sent and received messages without even rooting? –
Crandell
@Crandell any solution ? –
Indigenous
Whatsapp store all messages in an encrypted database (pyCrypt) which is very easy to decipher using Python.
You can fetch this database easily on Android, iPhone, Blackberry and dump it into html file. Here are complete instructions: Read, Extract WhatsApp Messages backup on Android, iPhone, Blackberry
Disclaimer: I researched and wrote this extensive guide.
And now its db.crypt5 –
Jonejonell
According to forum.xda-developers.com/showthread.php?t=1583021 Blackberry is not supported yet. –
Palmette
Please tell me how the spy apps can able to read Whatsapp sent and received messages without even rooting? –
Crandell
@Crandell through reading the notifications of Whatsapp I think. –
Sextodecimo
@XStylish - By reading notification, we can read the received messages but not the sent messages. –
Crandell
@Crandell for the sent messages, I've already thought of a technique (method) but it's too complex and doesn't work for all users since it depends on the user's WhatsApp settings so I'm not really sure and there may be a way much easier than what I thought of. I'll update you here if I discovered it. –
Sextodecimo
Working Android Code: (No root required)
Once you have access to the dbcrypt5 file , here is the android code to decrypt it:
private byte[] key = { (byte) 141, 75, 21, 92, (byte) 201, (byte) 255,
(byte) 129, (byte) 229, (byte) 203, (byte) 246, (byte) 250, 120,
25, 54, 106, 62, (byte) 198, 33, (byte) 166, 86, 65, 108,
(byte) 215, (byte) 147 };
private final byte[] iv = { 0x1E, 0x39, (byte) 0xF3, 0x69, (byte) 0xE9, 0xD,
(byte) 0xB3, 0x3A, (byte) 0xA7, 0x3B, 0x44, 0x2B, (byte) 0xBB,
(byte) 0xB6, (byte) 0xB0, (byte) 0xB9 };
long start = System.currentTimeMillis();
// create paths
backupPath = Environment.getExternalStorageDirectory()
.getAbsolutePath() + "/WhatsApp/Databases/msgstore.db.crypt5";
outputPath = Environment.getExternalStorageDirectory()
.getAbsolutePath() + "/WhatsApp/Databases/msgstore.db.decrypt";
File backup = new File(backupPath);
// check if file exists / is accessible
if (!backup.isFile()) {
Log.e(TAG, "Backup file not found! Path: " + backupPath);
return;
}
// acquire account name
AccountManager manager = AccountManager.get(this);
Account[] accounts = manager.getAccountsByType("com.google");
if (accounts.length == 0) {
Log.e(TAG, "Unable to fetch account!");
return;
}
String account = accounts[0].name;
try {
// calculate md5 hash over account name
MessageDigest message = MessageDigest.getInstance("MD5");
message.update(account.getBytes());
byte[] md5 = message.digest();
// generate key for decryption
for (int i = 0; i < 24; i++)
key[i] ^= md5[i & 0xF];
// read encrypted byte stream
byte[] data = new byte[(int) backup.length()];
DataInputStream reader = new DataInputStream(new FileInputStream(
backup));
reader.readFully(data);
reader.close();
// create output writer
File output = new File(outputPath);
DataOutputStream writer = new DataOutputStream(
new FileOutputStream(output));
// decrypt file
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secret = new SecretKeySpec(key, "AES");
IvParameterSpec vector = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, secret, vector);
writer.write(cipher.update(data));
writer.write(cipher.doFinal());
writer.close();
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, "Could not acquire hash algorithm!", e);
return;
} catch (IOException e) {
Log.e(TAG, "Error accessing file!", e);
return;
} catch (Exception e) {
Log.e(TAG, "Something went wrong during the encryption!", e);
return;
}
long end = System.currentTimeMillis();
Log.i(TAG, "Success! It took " + (end - start) + "ms");
Superb. I am able to read messages successfully. But this is not official API. How do you know this KEY values –
Bactria
Its not official, the day the people at whats app change the db.crypt5, this will stop working. –
Jonejonell
@ツFellinLovewithAndroidツ Can you explain how it works? –
Jonejonell
@Jonejonell Can you explain how you came up with this code? Where do the byte arrays come from? –
Joselynjoseph
I am getting file not supported while opening msgstore.db.decrypt –
Ap
I tried this two years ago. Whats app have changed their encryption method n number of times since then. –
Jonejonell
Is there any way to programmatically access the whatsapp encrypted db i.e stored in its internal storage? Without root? –
Jessicajessie
@MuhammadBabar the encrypted db is easily available in the internal memory. The trick is to decrypt the file. The solution above worked when whatsapp used dbcrypt5 file. Now they have a different encryption format. –
Jonejonell
@Jonejonell Is there any way to access the encrypted db without root? I believe there must be some way to decrypt the new encryption. –
Jessicajessie
How could i use it for crypt12 –
Fiddle
@KartikeyKumarSrivastava they have iterated so much. I have no clue as of now. U might have to reverse-engineer the app to know the encryption format to decrypt it.(for educational purpose only) –
Jonejonell
@Jonejonell how can we access to the dbcrypt12 file ? on non rooted device . –
Indigenous
@Indigenous I really don't know. If you do manage to find the solution please post it here. Thanks –
Jonejonell
any solution so far ? –
Sackman
Edit
As WhatsApp put some effort into improving their encryption system, getting the data is not that easy anymore. With newer versions of WhatsApp it is no longer possible to use adb backup. Apps can deny backups and the WhatsApp client does that. If you happen to have a rooted phone, you can use a root shell to get the unencrypted database file.
If you do not have root, you can still decrypt the data if you have an old WhatsApp APK. Find a version that still allows backups. Then you can make a backup of the app's data folder, which will contain an encryption key named, well, key.
Now you'll need the encrypted database. Use a file explorer of your choice or, if you like the command line more, use adb:
adb pull /sdcard/WhatsApp/Databases/msgstore.db.crypt12
Using the two files, you could now use https://gitlab.com/digitalinternals/whatsapp-crypt12 to get the plain text database. It is no longer possible to use Linux board tools like openssl because WhatsApp seems to use a modified version of the Spongy Castle API for cryptography that openssl does not understand.
Original Answer (only for the old crypt7)
As whatsapp is now using the crypt7 format, it is not that easy to get and decrypt the database anymore. There is a working approach using ADB and USB debugging.
You can either get the encryption keys via ADB and decrypt the message database stored on /sdcard, or you just get the plain version of the database via ADB backup, what seems to be the easier option.
To get the database, do the following:
Connect your Android phone to your computer. Now run
adb backup -f whatsapp_backup.ab -noapk com.whatsapp
to backup all files WhatsApp has created in its private folder.
You will get a zlib compressed file using tar format with some ADB headers. We need to get rid of those headers first as they confuse the decompression command:
dd if=whatsapp_backup.ab ibs=1 skip=24 of=whatsapp_backup.ab.nohdr
The file can now be decompressed:
cat whatsapp_backup.ab.nohdr | python -c "import zlib,sys;sys.stdout.write(zlib.decompress(sys.stdin.read()))" 1> whatsapp_backup.tar
This command runs Python and decompresses the file using zlib to whatsapp_backup.tar
Now we can unTAR the file:
tar xf whatsapp_backup.tar
The archive is now extracted to your current working directory and you can find the databases (msgstore.db and wa.db) in apps/com.whatsapp/db/
@NiravRanpara Unfortunately it does not work for crypt9 because WhatsApp is now using a modified version of Spongy Castle for encryption and you can no longer get the plaintext version of the database with adb backup. See my edit for information on how you can do it with the new crypt12. –
Myriammyriameter
@Myriammyriameter - Please tell me how the spy apps can able to read Whatsapp sent and received messages without even rooting? –
Crandell
The gitlab repo link in not available anymore –
Fredkin
You can get access to the WhatsApp data base located on the SD card only as a root user I think. if you open "\data\data\com.whatsapp" you will see that "databases" is linked to "\firstboot\sqlite\com.whatsapp\"
if the root user access this db file. is this encrypted or not ? –
Spanker
Yes they are all encrypted. You can decrypt them by following this step by step guide: forum.xda-developers.com/showthread.php?p=24603294 –
Chorister
If you really want something simple and know how to write/run Python, take a look at the script Bas Bosschert: sources
#!/usr/bin/env python
import sys
from Crypto.Cipher import AES
try:
wafile=sys.argv[1]
except:
print "Usage: %s <msgstore.db.crypt>" % __file__
sys.exit(1)
key = "346a23652a46392b4d73257c67317e352e3372482177652c".decode('hex')
cipher = AES.new(key,1)
open('msgstore.db',"wb").write(cipher.decrypt(open(wafile,"rb").read()))
Full run:
(scratch)ehtesh@ackee:/tmp/whatsapp$ mkvirtualenv whatsapp_decrypt
New python executable in whatsapp_decrypt/bin/python
Installing setuptools, pip...done.
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ pip install pycrypto >/dev/null
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ wget https://gist.githubusercontent.com/shurane/ffa15e959e2d134086c9/raw/bc99a9997123bea0ea0acde185e24c7e89133559/whatsapp_decrypt.py >/dev/null
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ ls
msgstore.db.crypt whatsapp_decrypt.py
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ python whatsapp_decrypt.py msgstore.db.crypt
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ ls
msgstore.db.crypt msgstore.db whatsapp_decrypt.py
(whatsapp_decrypt)ehtesh@ackee:/tmp/whatsapp$ sqlite3 msgstore.db
SQLite version 3.7.17 2013-05-20 00:56:22
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> PRAGMA table_info(messages);
0|_id|INTEGER|0||1
1|key_remote_jid|TEXT|1||0
2|key_from_me|INTEGER|0||0
3|key_id|TEXT|1||0
4|status|INTEGER|0||0
5|needs_push|INTEGER|0||0
6|data|TEXT|0||0
7|timestamp|INTEGER|0||0
8|media_url|TEXT|0||0
9|media_mime_type|TEXT|0||0
10|media_wa_type|TEXT|0||0
11|media_size|INTEGER|0||0
12|media_name|TEXT|0||0
13|media_hash|TEXT|0||0
14|media_duration|INTEGER|0||0
15|origin|INTEGER|0||0
16|latitude|REAL|0||0
17|longitude|REAL|0||0
18|thumb_image|TEXT|0||0
19|remote_resource|TEXT|0||0
20|received_timestamp|INTEGER|0||0
21|send_timestamp|INTEGER|0||0
22|receipt_server_timestamp|INTEGER|0||0
23|receipt_device_timestamp|INTEGER|0||0
24|raw_data|BLOB|0||0
25|recipient_count|INTEGER|0||0
sqlite>
Pritam Baral has mentioned an even simpler way:
openssl aes-192-ecb -d -in msgstore.db.crypt -out msgstore.db -K 346a23652a46392b4d73257c67317e352e3372482177652c
Please tell me how the spy apps can able to read Whatsapp sent and received messages without even rooting? –
Crandell
For rooted users :whats app store all message and contacts in msgstore.db and wa.db files in plain text.These files are available in /data/data/com.whatsapp/databases/. you can open these files using any sqlite browser like SQLite Database Browser.
If we take the question literally:
Get all messages from Whatsapp. Is it possible to extract all the messages from Whatsapp?
Then the simple answer is that you can export chats from WhatsApp (see FAQ).
Now you can build an App, that listens to WhatsApp Share event and display all the messages. For a simple PWA this could look like this:
workbox.addEventListener("message", (m) => {
if (_this.$route.query.hasOwnProperty("receiving-file-share")) {
let files = m.data.file;
_this.$refs.filehandler.processFileList(files, true);
}
});
workbox.messageSW("SHARE_READY");
© 2022 - 2024 — McMap. All rights reserved.