Jun 302016
 

INTRODUCTION

WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc.

WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2, crypt5, crypt7, crypt8 to encrypt all the data so that no one could read the messages from the database file. But those very same files can be easily decrypted without a key.

Steps to Perform WhatsApp Database Extraction With Android

Step 1: To use adb, first we need to enable the USB Debugging feature under Setting -> Developer options on the device.

Decrypting the Whatsapp database 1

Decrypting the Whatsapp database 2

Step 2: From the command prompt, we can initiate the connection with the android device with ‘adb devices’  command.

Decrypting the Whatsapp database 3

Step 3: Download any WhatApp version between 2.11.4xx range and degrade your preinstalled WhatsApp by installing it using the command as shown below.

Decrypting the Whatsapp database 4

NOTE: Here you are overwriting your WhatsApp application with older one. Once installation is done you will always receive an error as it is an older version of WhatsApp. 

Step 4: Using ‘adb backup’ create a backup file named ‘whatsapp.ab’ from the WhatsApp package that is  entitled as “com.whatsapp” on the android devices.
The ‘.ab’ file extension which is shown in the below image is associated with the Google’s Android Debug Bridge (adb) command line utility which is circulated as a part of Google Android SDK that allows the developers to communicate with the android phones through cables. A ‘.ab’ file stores the backup of the device comprising of apps, system data, system settings etc.
NOTE: If any no backup is generated or any error occurs then, go to whatsapp à select ‘settings’  à select ‘chat’ à select ‘backup option as back up on local device’ à Then select ‘Backup’ and wait for the backup to get completed.

Decrypting the Whatsapp database 5

Step 5: Select ‘Back Up My Data’ option on your android device and keep password field blank.

Decrypting the Whatsapp database 6

Step 6: Now, a ‘whatsapp.ab’ file is created as shown below:

Decrypting the Whatsapp database 7

Step 7: ‘abe.jar’ is a utility used to extract and repack the android backup files  that are created with the ‘adb backup’ command. We will now extract the ‘whatsapp.ab’ file and name the extracted file as ‘whatapp.tar’ where ‘.tar’ is the archived file containing many other files.

Decrypting the Whatsapp database 8

Step 8: Once ‘whatsapp.tar’ file is created, then extract it with WinRAR (or ‘tar -x’ command in Linux).

Decrypting the Whatsapp database 9

Step 9: After extraction completes, a folder named ‘whatsapp’ is created and following are contents of that folder shown in image.

Decrypting the Whatsapp database 10

Step10:  We are only interested in ‘msgstore.db’ and ‘wa.db’ file. Use a utility called ‘Whatsapp Viewer’ and give the path of ‘msgstore.db’ and ‘wa.db’ as shown below.
Here ‘msgstore.db’ stores all the messages along with attachments and ‘wa.db’ stores all the information related to the contacts.
NOTE: IOS whatsapp database extraction commands are different than that of android. Also after doing the above process, user has to upgrade his WhatsApp from Playstore in order to use it again.

Decrypting the Whatsapp database 11

Step 11:  Below Screenshot, shows you will see all the chat messages, that were extracted from the database.

Decrypting the Whatsapp database 12

References

Brijesh Zaveri

  5 Responses to “Decrypting the WhatsApp Database”

  1. This is freak awesome article till the date….. Great share though! Good one young man… Keep going :)

  2. Wonderful bloggers like yourself who would positively reply encouraged me to be more open and engaging in commenting.So know it’s helpful.

  3. Wow! This is a very interesting information. That’s really a clever hack that can be used on things such as investigation. Thank you for sharing this!

  4. Thank you . But i have problem with a database file in crypt 12 form without key . How can i do ? Could u help me?

  5. how to get adp command

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)