07 January, 2015

Whatsapp Hacking Methods 2015 (Multiple)

1. MAC Spoofing
(i) Uninstall WhatsApp from your phone or device.

(ii) Obtain your target's phone. You'll need it for two different steps throughout the process, but this shouldn't take too long

(iii) Find your target's phone's Media Access Control (MAC) address. A MAC address is a unique identifier assigned to your phone or other device that essentially serves as its online identity. Find and write down your target's MAC address. It takes the form of six pairs of letters or numbers, separated by colons (01:23:45:67:89:ab).

* On an Android, find this in Settings → About phone → Status → Wi-Fi MAC address.
* On an iPhone, go to Settings → General → About → Wi-Fi Address.
* On a Windows phone, look in Settings → About → More info → MAC address.
* On a BlackBerry, go to Options → Device → Device and Status info → WLAN MAC.


If you find the MAC address as unavailable, turn on the 'WiFi' connectivity and then you'll get it instantly.

(iv) Find your MAC address using the instructions above. Backup your original MAC address as you would need to change it back to that after the "work" is done

(v) Change ("spoof") your phone's MAC address to that of your target. This will allow your phone to pass as your target's, letting you convince WhatsApp that you are your target when you log in.

* On an iPhone or other device, install a MAC spoofing app like MacDaddy X or WifiSpoof. Use that to change your MAC address.
* On Android, install BusyBox and the Terminal Emulator (apps available for free on Google Play). In the terminal, type "ip link show" to see a list of interfaces. Identify the one that has your MAC address -- for this example, we'll use the eth0 interface. In the terminal emulator, enter "ip link set eth0 address XX:XX:XX:XX:XX:XX" and "ip link set eth0 broadcast XX:XX:XX:XX:XX:XX", where eth0 is the interface you identified and XX:XX:XX:XX:XX:XX is your target's MAC address. To check that you've successfully changed your MAC address, enter "ip link show eth0."

(vi) Install and configure WhatsApp on your phone. Enter your target's phone number to set up WhatsApp rather than your own. This will allow you to receive their messages and send messages from their account.

(vii) Get the confirmation code from your target's phone. This code will be sent to their phone number as part of the WhatsApp configuration process. Access their phone one last time to get that verification code. Enter it into WhatsApp on your phone when prompted, and you're all ready to go.

* If you don't want your target to find out about your spoofing, make sure to delete the confirmation code from their phone before they can see it.

{Note: This step is restricted to areas where MAC spoofing is known by the authorities and this has been taken as a step for all types of installations and reinstallations of Whatsapp Application}

(viii) When you no longer need to access your target's WhatsApp account, change your MAC address back to what it was. Repeat the instructions to change it, but this time change it to your original address rather than your target's. This will restore your phone to how it was originally, which will ensure that there are no future problems with Internet usage or connectivity.

2. Whatsapp Backup Database Access

(i) Find the WhatsApp database backup file and copy it on your computer.

* For non-rooted Android devices:

Quote:/sdcard/WhatsApp/Databases/msgstore.db.crypt
/phone/WhatsApp/Databases/msgstore.db.crypt

* For rooted Android devices:
Quote:/data/data/com.whatsapp/databases/msgstore.db
/data/data/com.whatsapp/databases/wa.db

If you extract the WhatsApp databse from msgstore.db or wa.db files, the name and phone number of a WhatsApp contact will also be displayed in the extracted file.
***Android users directly refer from step (i) to step (iv)***


* If you use WhatsApp on iPhone, the WhatsApp backup file is,
net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite

If you don’t see this file, you can create it manually. To create a backup of your WhatsApp data on your iPhone, first connect it to your computer and start iTunes, and create a full unencrypted backup of your iPhone data.

(ii) Download and install the iPhone Backup Extractor. (http://www.iphonebackupextractor.com/) Run the program and select the iPhone backup file your just created. Click on ‘Expert Mode’ in bottom right corner.

(iii)Click Application, find and select net.WhatsApp.WhatsApp and then click on Extract Selected.

*In the extracted data, the file ChatStorage.sqlite contains all your WhatsApp data backup. After the .sqlite file is extracted, you will get the crypted files.

(iv) Now download WhatsApp Xtract package (https://code.google.com/p/hotoloti/downl...p&can=2&q=) on your computer and extract it.

(v) Now, download and install Python (http://www.activestate.com/activepython/downloads) programming language environment on your computer. Download the 32bit (x86) version (nevertheless of your computer being 32 or 64), and install it {64 bit has several errors that can interfere}

* Do not be afraid. You do not need to know programming to operate Python. You just need to use a few commands to extract the Whatsapp backup file.

(vi) Open the extracted folder of Whataspp Xtract Package. Find a file named "install pyCrypto.bat. Right-click the file and "run as administrator".

* This file will execute the following Python command:
Quote:pypm install pycrypto

This command will automatically install the pycrypto library on your computer - which will be used to decrypt Whatsapp backup data.

(vii) Now in the same folder, run either whatsapp_xtract_iphone.bat, whatsapp_xtract_android_crypted.bat or whatsapp_xtract_android.bat depending upon the backup file you used. To run any of these files, simply right click on it and click run as administrator, just like above.

Another alternative method here is to run whatsapp_xtract_console.bat and specify the WhatsApp backup file manually

Quote:/* For Android DB: */
python whatsapp_xtract.py -i msgstore.db -w wa.db

/* if wa.db is unavailable */
python whatsapp_xtract.py -i msgstore.db

/*for crypted db*/
python whatsapp_xtract.py -i msgstore.db.crypt

/*For iPhone DB*/
python whatsapp_xtract.py -i ChatStorage.sqlite

After the execution of the command will be completed, all Whatsapp backup data that you hauled into your computer will be decrypted and will be displayed on your default browser.


3. Whatsapp API and Reverse Engineering

WhatsAPI [ https://github.com/venomous0x/WhatsAPI ] is available as an XMPP platform for hands-on access for Whatsapp. WhatsApp uses customized XMPP server with proprietary extensions, named internally as FunXMPP.

WhatsApp Authentication / Login Mechanism: Just like any other XMPP, WhatsApp uses jabber id and password to login. The password is hashed, stored in servers upon account creation and used transparently everytime the client connects the server.

On Android, the password is a md5 hash of the reversed IMEI number:
Quote:$imei = "112222223333334"; // example IMEI
$androidWhatsAppPassword = md5(strrev($imei)); // reverse IMEI and calculate md5 hash

On iOS, the password is generated from the devices WLAN MAC address:
Quote:$wlanMAC = "AA:BB:CC:DD:EE:FF"; // example WLAN MAC address
$iphoneWhatsAppPassword = md5($wlanMAC.$wlanMAC); // calculate md5 hash using the MAC address twice

Both IMEI and MAC address are easily retrievable from devices if you have physical access to it. MAC address is much easier to capture as you can sniff on the wireless network to which iOS device is connected.

The Jabber ID is a concatenation between your country’s code and mobile number.

Initial login uses Digest Access Authentication. You can try this for yourself:

Quote:https://r.whatsapp.net/v1/exist.php?cc=&...6;password

Quote:$countrycode = the country calling code
$phonenumber = the users phone number (without the country calling code)
$password = see above, for iPhone use md5($wlanMAC.$wlanMAC), for Android use e md5(strrev($imei))

The response you would receive would be in XML, containing messages designated for your phone.


Text Messages: Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).

Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.

Another vital piece of information:
Quote:~blank line~
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>P</key>
<string>1234567890</string>
<key>T</key>
<integer>10817</integer>
<key>S</key>
<string>Your Status Here</string>
<key>JID</key>
<string>23xxxxxxxxx</string>
<key>NP</key>
<true/>
</dict>
</array>
</plist>
~blank line~

Here, the key P refers to the user's phone number
T seems to be uptime
S is the status message
JID is the Jabber ID
NP has not been confirmed yet.

This is an official privacy leak from Whatsapp.

Reverse Engineering with IMEI and MAC addresses can create a JID for login onto WhatsAPI to access Whatsapp Chats.


4. Spyware

This is no-doubt, the easiest method to sniff the chat logs of a person. Android RATs can also substitute the use of Spyware in this case

(i) Choose an app or program to use.
* There are several premium paid programs like mSpy, Spymaster Pro, Copy9 and Mobile Spy which can assure premium spy service

* There are also free applications for spying on other's phones. Children Tracker, Spy Video Recorder, and Secret Agent which can allow remote access to the victim's phone.

(ii) Buy/install your chosen application. Once you've made your purchase, follow the instructions to install the app. This will usually involve installing it on your phone or computer as well as on the phone that you'll be monitoring.

(iii) Set up the app and start tracking. Follow the app's instructions to make sure everything is set up properly so that you can view all the desired information. You should start receiving their WhatsApp messages, as well as any other information you've included.


5. Dead Method

This method was a popular way to sniff the Whatsapp Password without physical access to the client's phone.

As of August 2013, this method has died off, because Whatsapp traffic has stopped being shown on mitmproxy and SSLsplit - making this method a dead one. The new August 2013 update of the Whatsapp client requires the client software to check the certificate fingerprints, which makes password sniffing/forgery via proxies almost impossible.

Similarly, WhatsAPI was down on February 2014 due to DMCA infrigement but has been brought back online a few months ago.

Please do leave feedback

Labels:

5 Comments:

At August 18, 2015 at 9:04 PM , Blogger Binod Gupta said...

Method in point no. 3 doesn't work.

It says... "status failed"

 
At August 18, 2015 at 9:07 PM , Blogger Binod Gupta said...

Please suggest how to read decrypt8 file without key.

 
At September 13, 2015 at 9:59 AM , Blogger Unknown said...

please tell us how decrypt crypt8 files without key AND WITHOUT ACCESS ON TARGET

 
At September 19, 2015 at 3:45 PM , Blogger Unknown said...

visit this thread for more information http://goo.gl/VTSNql

 
At September 19, 2015 at 3:46 PM , Blogger Unknown said...

visit this thread for more information http://goo.gl/VTSNql

 

Post a Comment

Subscribe to Post Comments [Atom]

<< Home