Decrypting WhatsApp crypt8 >= v2.12.38 topic
Since WhatsApp v2.12.38, it's no longer possible to take the initialization vector from the key file, in order to decrypt crypt8 backup files. This is because the iv now gets replaced with zeros. You should instead extract the iv from the crypt8 file itself.
Purpose: Decrypting WhatsApp crypt8 >= v2.12.38
By: TripCode
Date: 15th April 2015
Example:
Source: http://pastebin.com/YCqBASrR
Purpose: Decrypting WhatsApp crypt8 >= v2.12.38
By: TripCode
Date: 15th April 2015
Example:
Code:
hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
hexdump -n 67 -e '2/1 "%02x"' msgstore.db.crypt8 | cut -b 103-134 > iv.txt
dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1
openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K $(cat aes.txt) -iv $(cat iv.txt) > msgstore.gz
gzip -cdq msgstore.gz > msgstore.dbxda-developers
0 commentaires:
Enregistrer un commentaire