How to decrypt Whatsapp Database File?
15,504
Solution 1
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
public class Crypto {
public FileInputStream mIn;
public FileOutputStream mOut;
public Crypto(String fileIn, String fileOut) {
try {
mIn = new FileInputStream(new File(fileIn));
mOut = new FileOutputStream(new File(fileOut));
decryptAES(mIn, mOut);
} catch (Exception e) {
e.printStackTrace();
}
}
public static void decryptAES(InputStream in, FileOutputStream out) throws Exception {
final String string = "346a23652a46392b4d73257c67317e352e3372482177652c";
byte[] hexAsBytes = DatatypeConverter.parseHexBinary(string);
SecretKeySpec keySpec = new SecretKeySpec(hexAsBytes, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
in = new CipherInputStream(in, cipher);
byte[] buffer = new byte[24];
int bytesRead;
while ((bytesRead = in.read(buffer)) != -1)
{
out.write(buffer, 0, bytesRead);
}
}
public static void main(String[] args){
Crypto c = new Crypto("C:\\msgstore.db.crypt", "D:\\WhatsappDb");
System.out.println("Decrypting Done");
}
}
Solution 2
An updated answer for .crypt12 files:
These are compressed, and then encrypted using AES in GCM mode
Here is some python code showing how:
"""
Example how to decrypt whatsapp msgstore backups with extension .crypt12.
Author: Willem Hengeveld <[email protected]>
"""
from Crypto.Cipher import AES
import zlib
import sys
datafile = keyfile = None
if len(sys.argv)==1:
print("Usage: decrypt12.py <keyfile> <msgstore.db.crypt12>")
print(" the key file is commonly found in /data/data/com.whatsapp/files/key")
print(" the crypt file is commonly found in the directory: /data/media/0/WhatsApp/Databases/")
exit(1)
for arg in sys.argv[1:]:
if arg.find('crypt12')>0:
datafile = arg
elif arg.find('key')>0:
keyfile = arg
else:
print("unknown arg", arg)
with open(keyfile, "rb") as fh:
keydata = fh.read()
key = keydata[126:]
with open(datafile, "rb") as fh:
filedata = fh.read()
iv = filedata[51:67]
aes = AES.new(key, mode=AES.MODE_GCM, nonce=iv)
with open("msg-decrypted.db", "wb") as fh:
fh.write(zlib.decompress(aes.decrypt(filedata[67:-20])))
Author by
ali.turan
Updated on June 04, 2022Comments
-
ali.turan about 2 years
I was trying to decrypt Whatsapp database file (
msgstore.db.crypt) with java.I found some python code and tried to do same thing with java. Probably its not that hard thing to do but I had some problems with handling decryption key.
But finally did it. So I wanted to share the code for people who need it.
-
Elliott Frisch over 10 yearsWhy not pass the keySpec to the decrypt routine? That way you only have to instantiate it once for decrypting multiple files. -
Scary Wombat over 10 yearsSystem.out.println("Decrypting Done");- not if it throws an exception. -
Scary Wombat over 10 yearsalso why such s small buffer? Any reason for 24 bytes?
-
ali.turan over 10 yearsHumm yea you are right its not if it throws an exception but its just a basic type of it. You can easly edit it how u want i think. And nope there is not any spesific reason to use small buffer. I believe using bigger one wont be a problem.
-
Noman over 10 years@Sir.WaLeK... What is DatatypeConverter ??
-
Sreekumar P over 10 yearsWhatsapp updated their encryption. Now is the file name is "msgstore.db.crypt5" rather than "msgstore.db.crypt".. Is there any new solution for this ? -
ali.turan over 10 yearsah yes i realised that few days ago. But it wont be a problem i think.
-
Tushar Agarwal about 10 yearsuse "1e39f369e90db33aa73b442bbbb6b0b9" instead of "346a23652a46392b4d73257c67317e352e3372482177652c"
-
ali.turan about 10 yearsDid they change the key kode ?
-
fikr4n about 8 yearsWhat's the difference with crypt8?
-
Robert Siemer about 6 yearsDo you know how to encrypt (i.e. create a .crypt12 file)? What are the header and footer in the encrypted file!?
