View
15.837
Download
6
Category
Tags:
Preview:
Citation preview
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Introduction : WhatsApp Forensics
Introduction
According to Wikipedia “WhatsApp Messenger is a proprietary, cross-platform
instant messaging application for smart-phones. In addition to text messaging,
users can send each other images, video, and audio media messages. The client
software is available for Android, Blackberry OS, Blackberry 10, iOS, Series 40,
Symbian (S60), and Windows Phone. WhatsApp Inc. was founded in 2009 by Brian
Acton and Jan Koum, both veterans of Yahoo!, and is based in Santa Clara,
California. Competing with a number of Asian-based messaging services (like LINE,
KakaoTalk, and WeChat), WhatsApp was handling ten billion messages perday as of
August 2012, growing from two billion in April 2012”
WhatsApp Now and Before
WhatsApp 2.11.136 (Latest) first installed on more than one Android phone using
the Google Play store. The application gets stored in the Internal Memory of the
phone. Automatically the app syncs with the phone's contacts showing people
already using WhatsApp.
When a phone with WhatsApp installed is turned on, the “com.whatsapp” process
receives a signal to start the 'ExternalMediaManage' and 'MessageService' services
which run in the background as long as the phone is on.
Before
With the starting version 2.9 any messages exchanged are stored in the
'msgstore.db' which is SQLite databases. The databases are loaded into RAM for
faster access of data. Typically all the content may not persist or may be
overwritten due to swapping in RAM but this may not be true for Android. Now
may be at first sight you did not noticed that your conversation on WhatsApp is no
more saved on WhatsApp servers (15days chat records only) hence your all chat
records are with you from the first day you starts your communication. As
Whatsapp hit the market its main objective was to attract users and increase the
total no of user statistics with the rocket speed. But in early versions privacy
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd concerned persons related to security field found that the chat records which was
taken care by WhatsApp was vulnerable, because the file database which saves the
chat conversations was not encrypted and can easily accessible through many
ways to get the whole conversation details. As this news hits the world wide web,
people from security field starts experimenting with WhatsApp database
(msgstore.db )to retrieve the conversation even the deleted ones from the chat
option. But WhatsApp reacts soon and comes up with an encryption mechanism to
protect its database msgstore.db .
Now
After the incident now according to officials from WhatsApp they are taking the
conversation database security in a very serious manner ( According to them [add
Evil Laugh Here :P] ), now WhatsApp database encryption having custom AES
encryption algorithm with above 192-bit encryption key mainly used for
WhatsApp Android Platform. So now the previous file msgstore.db is converted to
msgstore.db.crypt .
Previous Forensics Methods Used
Before the 2.11. Version of WhatsApp hackers were able to decrypt the encrypted
msgstore.db.crypt file without much effort thanks to a WhatsApp Forensic Toolkit
known As WhatsApp Xtract Tool having a powerful python script that helps the
security professionals to decrypt the encryption of crypt file and after the
decryption presents a perfect forensic report through a beautiful HTML interface
page with full conversation in it.
I started working on this toolkit but as WhatsApp hits version number 2.11
onwards this kit becomes useless as the encryption key used by WhatsApp was
changed, and the developer of Python script till now (12/07/2013) was unable
code the decryption mechanism for it. Here is the screen shot which pops up when
we tried to decrypt the msgstore.db.crypt.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
As you can see the script was unable to decrypt the latest AES encryption
algorithm because it is unable to import the latest AES cipher. So for the time
being this manual method of decryption WhatsApp chat is disabled. The best we
can do is to wait for the new updated python script.
Latest Online Forensic Methods Available
So the last method makes us sad but don’t worry we have some more easy and
cool ways to extract the WhatsApp conversations. After my research I found only
two websites which brings you facility to extract the chat details in a very easy
manner and YES free of cost.
1. www.recovermessages.com
RecoverMessages was the first site which caught my attention and with a simple
google search you can find it, now I am using Android phone so i was looking for a
platform which can help me to do this task, but what I found is that this website
can decrypt not only Android WhatsApp but also iPhone WhatsApp also.
Here are the step by step ways to perform the method to retrieve the conversation:
Step 1: First copy the msgstore.db.crypt file available in your sd card with location
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd FileManager/ExternalSD Card/ WhatsApp/Databases/msgstore.db.crypt
Step2: Copy the file and paste on your laptop desktop
Step 3: Open www.recovermessages.com and upload your .crypt file, by clicking
select SQLite file n then (do accept the terms of use before Scan) clicking Scan.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Step 4: After when your file is uploaded completely with in few seconds you will
see the recent full conversation chat.
Shot from: NDTV Cell Guru Featuring Team Lucideus Tech
After it if still your are not satisfied and want something new than it then you must
try your hands on another website known as http://www.ob4wa.com/.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Register on the website and after login just upload the msgstore.db.crypt file on it
and again in no time you will be able to see the conversations in front of you.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
This website is mainly used by user worldwide as a WhatsApp database backup.
But being a hacker you can use it for your fun purpose also .
There are many other features provided by www.ob4wa.com you can visit the
website and try yourself.
Conclusion: We hope this small tutorial helps you to know many new things about
WhatsApp , and we hope after reading this tutorial we will never give your mobile
phone to your friends , because if they able to copy the msgstore.db.crypt file
through Bluetooth then ………………….
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Winter Training Ethical Hacking Certifications
Lucideus Certified Cyber Security Analyst (LCCSA)
1 Month (42 Contact Hour) Hardcore Practical Training
There is no better way to invest in this winter season than joining us. We give you 42
hours of dedicated training for one complete month whereby you will be able to secure
yourself and others from almost any malicious behavior and attacks online.
We have a full-fledged course of cyber security which slings you from a newbie to an elite
security researcher, which takes you to a path not yet beaten, from teaching you how to
connect to a WiFi network to how hackers hack into one, from what an IP address is to
how hackers fake one, from how to be secure to how to become anonymous. But, before
you anticipate anything, let us warn you this is not what you are thinking it is. At
Lucideus, it never is! Click here to know more.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Lucideus World Class Labs for Students and Corporates
Click here to know more.
Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification
Call: 08588842342 today and become a professional ethical hacker
Lucideus Tech Pvt Ltd
Thanks for reading the article we hope again you liked it, our research lab team at
Lucideus Tech working really hard on some new projects like forensics on Viber and
WeChat and soon we will share those articles also with you for sure.
Lucideus Tech Pvt Ltd, Address: C-17 Safdarjung Development Area Opposite IIT Delhi Main Gate Hauz
Khas, New Delhi, India 110016 , Phone: + 91 11-2656-9899, Email: info@lucideustech.com
rahul.tyagi@lucideustech.com
Recommended