1

I am trying to decrypt whatsapp database file with java code. Checked whatsapp_xtract code which is using Python to decrypt. I believe this is the decryption part of the code:

from Crypto.Cipher import AES
code = "346a23652a46392b4d73257c67317e352e3372482177652c"
if PYTHON_VERSION == 2:
     code = code.decode('hex')
elif PYTHON_VERSION == 3:
     code = bytes.fromhex(code)
ipher = AES.new(code,1)
decoded = cipher.decrypt(open(options.infile,"rb").read())
decodedfile = options.infile.replace(".db.crypt","")+".plain.db"
output = open(decodedfile,"wb")
output.write(decoded)
output.close()

This code works well and I can open bd file with SqLiteBrowser. Here is my java code:

public class Crypto {

    public FileInputStream mIn;
    public FileOutputStream mOut;
    public Crypto(String fileIn, String fileOut, String key) {
        try {
                mIn = new FileInputStream(new File(fileIn));
                mOut = new FileOutputStream(new File(fileOut));
                decrypt(mIn, mOut, key);
        } catch (Exception e) {
                e.printStackTrace();
        }
}

public static void decrypt(InputStream in, FileOutputStream out, String password) {
        try {
                // byte[] iv = new byte[IV_LENGTH];
                byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
                Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
                in.read(iv);
                System.out.println(">>>>>>>>red" + Arrays.toString(iv));

                String s = "346a23652a46392b4d73257c67317e352e3372482177652c";

                byte[] sBytes = hexStringToByteArray(s);

                byte[] bytes = new BigInteger(s, 16).toByteArray();
                SecretKeySpec keySpec = new SecretKeySpec(sBytes, "AES");
                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC"); // "AES/CFB8/NoPadding";"AES/CBC/PKCS5Padding";
                // //"AES/ECB/PKCS5Padding"

                IvParameterSpec ivSpec = new IvParameterSpec(iv);
                 cipher.init(Cipher.DECRYPT_MODE, keySpec);// , ivSpec);
                //cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);

                in = new CipherInputStream(in, cipher);
                byte[] buf = new byte[iv.length];
                int numRead = 0;
                while ((numRead = in.read(buf)) >= 0) {
                    String si = new String(buf);
                //  System.out.println(si);
                     out.write(buf, 0, numRead);
                        // Log.d("Crypto", buf.toString());
                }
                out.close();

        } catch (Exception e) {
                e.printStackTrace();
        }

}

public static byte[] hexStringToByteArray(String s) {
        int len = s.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
                data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character
                                .digit(s.charAt(i + 1), 16));
        }
        return data;
}
    public static void main(String[] args) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, InvalidKeyException {

        Crypto c = new Crypto("C:\\msgstore.db.crypt", "D:\\WhatsappDeneme", "test");
        System.out.println("Done");

    }

}

When I use this java code something goes wrong and I cannot open the db file with SqLiteBrowser. Also, when I checked the size of db files, I realized that original file and Python decryption is 29 kb but java decryption is 28 kb. So where is my mistake in my java code?

Tom Zych
  • 13,329
  • 9
  • 36
  • 53
ali.turan
  • 535
  • 1
  • 6
  • 20
  • You should include any and all errors to help us help you debug this. – Zach Spencer Feb 28 '14 at 18:23
  • there is no error. actually after java decrypt i am able see messages when i open it with notepad++. Just i cant not open the db file with Sqlite browser or when i try to open it with android it says that file encrypted or it is not a db file. I mean java does the decryption but cant save the file format. – ali.turan Feb 28 '14 at 18:25
  • So are you encrypting with your Python script then decrypting with your Java script always, or do encrypt/decrypt with both sometimes, etc.? – Drewness Feb 28 '14 at 18:28
  • no encrypted db file already exist. Phyton and java, they both for decrypting. Just phyton does it correctly but java cant. – ali.turan Feb 28 '14 at 18:31
  • How was the file encrypted? Unless it was whole file encryption this scheme is doomed to failure. – Hot Licks Feb 28 '14 at 19:38
  • 1
    And if the file is getting shorter it's at least fairly certain you didn't handle the last buffer correctly. – Hot Licks Feb 28 '14 at 19:39
  • İ tried to to do same thing with phyton code. I belive the way is not wrong because i am able to see some part of rows, like messages. – ali.turan Feb 28 '14 at 22:30
  • Humm checked files with notepad++ yea there is some differences at the end and begining but i dont know why is that :( – ali.turan Feb 28 '14 at 22:34
  • Did you ever succeed in doing this? – RyPope Mar 08 '14 at 15:44
  • Yes, decrypted database file succesfully with java. – ali.turan Mar 10 '14 at 00:07

1 Answers1

0

WhatsApp DB crypt5 can be decrypted in android using the Account name of the user.
Check this answer for decrypting the whatsApp crypt5 DB(android code).

Community
  • 1
  • 1
amalBit
  • 12,041
  • 6
  • 77
  • 94