Skip to content
WhatsApp's handshake implementation using Noise Protocol
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
consonance [meta] bump version to 0.1.3 May 22, 2019
.gitignore [meta] remove tests from .gitignore Apr 18, 2019
LICENSE [meta] add LICENSE and Apr 18, 2019 [meta] bump version to 0.1.3 May 22, 2019 [meta] set protobuf min version to 3.6.0 May 4, 2019
tox.ini [meta] add tox.ini Apr 18, 2019


Consonance implements WhatsApp's handshake process which makes use of Noise Pipes with Curve25519, AES-GCM, and SHA256 from Noise Protocol.


consonance version: 0.1.3
released: 2019-05-22
- python>=2.5,<=3.7
- dissononce >= 0.34.3
- transitions
- protobuf >= 3.6.0
- python-axolotl-curve25519


From source:

python install

Using Pip:

pip install consonance



Before performing a handshake, you have to define your configuration as a WhatsApp client. This can be done by passing the configuration parameters to an instance of ClientConfig. Normally this configuration includes details about the device WhatsApp is running on. Those device details are to be passed to ClientConfig's useragent parameters through an instance of consonance.config.useragent.UserAgentConfig. In order to facilitate usage, templates for UserAgentConfig with some pre-set parameters exist under consonance/config/templates.

from consonance.config.client import ClientConfig
from consonance.config.templates.useragent_samsung_s9p import SamsungS9PUserAgentConfig
import uuid

client_config = ClientConfig(
    username=999999999,  # username/phone number
    passive=True,  # passive connection, you will not send any data after handshake, only receive
        app_version="2.19.51",  # WhatsApp app version to pose as
        phone_id=str(uuid.uuid4())  # uuid that was used to register the aforementioned username
    pushname="consonance"  # display name for push notifications

In addition to ClientConfig one must possess a KeyPair that'll be used in the handshake process and for authenticating yourself to WhatsApp. This KeyPair was produced and used during registration and therefore the same one has to be used here for a successful authentication. For testing purposes you could always generate a fresh KeyPair, in which case the handshake process would go through but authentication fails.

from consonance.structs.keypair import KeyPair
import base64

keypair = KeyPair.generate()
# or keypair used at registration, deserialized from concat. of private_bytes and public_bytes
keypair = KeyPair.from_bytes(

Connect and Authenticate

With your ClientConfig and KeyPair you can now attempt a login to WhatsApp. The example below will demonstrate a XX handshake since we are not specifying WhatsApp's static public key:

from consonance.protocol import WANoiseProtocol
from consonance.streams.segmented.wa import WASegmentedStream
from consonance.streams.arbitrary.arbitrary_socket import SocketArbitraryStream
import socket

wa_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
wa_socket.connect(("", 443))
# send WA header indicating protocol version
# use WASegmentedStream for sending/receiving in frames
wa_socket_stream = WASegmentedStream(SocketArbitraryStream(wa_socket))
# initialize WANoiseProtocol 2.1
wa_noiseprotocol = WANoiseProtocol(2, 1)
# start the protocol, this should perform a XX handshake since
# we are not passing the remote static public key
if wa_noiseprotocol.start(wa_socket_stream, client_config, keypair):
    print("Handshake completed, checking authentication...")
    # we are now in transport phase, first incoming data
    # will indicate whether we are authenticated
    first_transport_data = wa_noiseprotocol.receive()
    assert first_transport_data == 172
You can’t perform that action at this time.