Update the new crypt 14 offset!

[mrmc-mc]

I think in the new version of whatsapp[my version: 2.21.23.23], encoding of key and database files has been changed.
As a result, the offset position has also changed.

I use latest version of repository for decrypt .crypt14 file (several times) and every time I got an error . I'm sure the files are correct

Error ;

Error -3 while decompressing data: incorrect header check

[Eligio-Cazo]

The encryption of crypt14 is not correct, I have it done in python in case you are interested.

[mrmc-mc]

The encryption of crypt14 is not correct, I have it done in python in case you are interested.

Yes, Sure. Please let us know how you did

[Eligio-Cazo]

In def encrypt14
You need change
header = db_cript_data[0:191]
iv = db_cript_data[67:83]
and remove 'iv' in fh.write(header +iv+ aes.encrypt(zlib.compress(data)) + footer)

in def decryp14
only chage
header = db_cript_data[0:191]
iv = db_cript_data[67:83]

[mrmc-mc]

In def encrypt14 You need change header = db_cript_data[0:191] iv = db_cript_data[67:83] and remove 'iv' in fh.write(header +iv+ aes.encrypt(zlib.compress(data)) + footer)

in def decryp14 only chage header = db_cript_data[0:191] iv = db_cript_data[67:83]

in the current decrypt14 function :

        data = db_data[191:]
        iv = db_data[67:83]
        aes = AES.new(key, mode=AES.MODE_GCM, nonce=iv)
        with open(path, "wb") as fh:
            fh.write(zlib.decompress(aes.decrypt(data)))

header detached in the 191-byte positon
Where it should change according to you?

[B16f00t]

If the scripts works, you can propose to make a pull request to fix the issue

[Eligio-Cazo]

Changes must be made in whacipher.py file
The encrypt14 function is missing, the code can be copied from the decryp12 function and make the changes so that encrypt with crypt14 works as well

[mrmc-mc]

Changes must be made in whacipher.py file The encrypt14 function is missing, the code can be copied from the decryp12 function and make the changes so that encrypt with crypt14 works as well

The file I am trying to decrypt was created and encrypted by WhatsApp itself and taken from the database folder: /sdcard/Whatsapp/Databases/msgstore.db.crypt14.
If your code works properly And decrypts .crypt14 file correctly, please share it with us with more details

[Eligio-Cazo]

I have posted a version to encrypt and decrypt crypt14, it is a compilation of several versions that I found to encrypt and decrypt crypt14. In May 2021 the offset of the file was changed.
The comments on the file are in Spanish, sorry.

https://github.com/Eligio-Cazo/Desencriptar_crypt14

[Mrakobes666]

I replaced a piece of code in the file "whacipher.py" but still

Error -3 while decompressing data: incorrect header check

[Baneeishaque]

The issue remains, please reopen.