Possible solution to WhatsAPI not working anymore #229
Comments
|
According to @waninkoko it's not that easy: #216 (comment) |
|
I've already decompiled the Application both for Android and iOS, but have had no luck finding the pinpointed-source of the files where the hashing method is being declared. |
|
Could someone explain to me WHY we still think that the password must be a hash/generated from information on or about the mobile device being used? What is stopping them (whatsapp) doing the following:
What we all really need, is a way to just copy/see what the password is on our device so we can add that to the whatsapi script and stop worrying about HOW the password was generated. I don't think it is being generated like that anymore. HOW we find out the password saved on our devices is the problem. As far as I can see, only a MITM attack with fake security certificates etc is likely to reveal it :( That's a problem.... |
|
Well @jonnywilliamson: if you do a MITM attack while registering the device, you'll find that the device sends a request with the phone number and an ID and gets a response containing JSON data like that: If you base64 decode that "pw" string and use it in whatsprot.class.php's authenticate method instead of |
|
***EDIT I wrote this before I read the second paragraph of the comment directly above this one by fheft Just so I'm clear. The device registers with the whatapp server. Only sends phone number and ID. In return it gets sent a password (in a JSON response). I'm only trying to get this clear in my head. Why do you think the password MUST be using some of the phone data to be created? Why could a random password not be assigned? |
|
Actually, you could help us all out here. Would you be able to give a rough outline on how you set up your MITM attack? For those of us who are capable, we would also be able then to see our passwords and at least be able to get back to using whatapi again as we continue to work out the best way to fix this issue. I know exactly what I should be doing for a MITM attack, but I have no experience of doing it so there's no point me redoing all that work if you have got a workable solution! Would you mind? |
|
I'm sorry if I was ambiguous, didn't mean to contradict you – I think you are right with what you said (even though that ID might be based on some phone specific data – I didn't think of that until now)! For the MITM attack I did the following:
It wasn't working that good for me, WhatsApp showed errors about bad internet connection all the time but after a few retries it worked. At some point it sent a If you have any further questions feel free to ask! |
|
Super! I am now away for 3 days, but I'm going to give this a go when I return. Thanks @fheft |
|
@fheft Yowsup is already reading the password(the JSON data we are talking about) , after whole registration , i can even connect with whatsapp server with my newly registered number , it is also receiving incoming messages , but the problem is when i am trying to send msgs from this number its not working. |
|
Try: |
|
@shirioko is this working for you? |
|
It is working for me on accounts who still use the v1 login method, especially when sending multiple messages at once. Haven't been able to try v2 accounts yet, I'll have to set u a MITM attack to grab the new password |
|
but now if you want to register a new number with v1 , then also its not working. |
|
Now I received that message via WhatsAPI: "New version of WhatsApp Messenger is now available. Please visit http://www.whatsapp.com/appstore/ and upgrade to the latest version. Your upgrade will be free and will bring larger group chats and new features such as Profile Photos!"… how does it determine the version? |
|
Most likely through your login method (v1) |
|
For iOS devices the key is probably stored in the keychain. Can somebody with a jailbroken iOS 5 device try running ptoomey's keychain dumper? https://github.com/ptoomey3/Keychain-Dumper It worked on iOS 5 the last time I tried (when the key for iOS was the MAC but still unbroken) but unfortunately my iphone is now upgraded to iOS 6, so I cannot run it myself. The instructions are really clear, so it should be straightforward to use. |
|
Hi Folk, take a look of this code, maybe the solution is right here |
|
I did take a look at it. It describes the sms verified registration process, which will deauthenticate your current phone. Although it does work, it is probably not what we are looking for. |
|
For those of you who have your password but are having difficultly sending messages, have you ensure you've updated the version number of whatapp that the script is sending to the whatsapp's server? In whatsprot.class.php around line 17, change protected $_whatsAppVer = "2.8.6";to protected $_whatsAppVer = "2.8.7";It's interesting to see that yowsup, uses a useragent from a windows phone rather than iphone to send it's messages. Perhaps we need to find the proper useragent for an iphone client too.. In src/Yowsup/Common/Http/warequest.py "WhatsApp/2.8.2 WP7/7.10.8773.98 Device/NOKIA-Lumia_800-H112.1402.2.3", 31 + k7Iy3bWARdNeSL8gYgY6WveX12A1g4uTNXrRzt1H"+"889d4f44e479e6c38b4a834c6d8417815f999abe{phone}"), |
|
Hi, We are using mitmproxy to get the https trafic for whatsapp. Proxydroid in the mobile with the mitmproxy certificate. Our problem is that the calls are encrypted and don't see the real url. Some advice for see this traffic? If we access to another https connection we see all conections. Regards |
|
Hello guys, yesterday I tried for the first Time WhatsAPI. I think that I did all correctly but WhatsAPI is always telling me "wrong password". Is this issue related to the problem you're speaking about here? |
|
Depends, which WhatsApp version are you using on your smartphone? Everything > 2.8.1355 is using the new login hash |
|
I was using the .net whatsapi posted by @perezdidac to register new numbers with my own password |
|
This people (http://www.whatsapp-api.com/try-it.php) of Hong Kong are able to send it!!! Maybe we can try to know how they do it!! |
|
They have users registered with a old whatsapp version. |
|
@shirioko I tryed with two different accounts, one of them has been surely updated to the latest revision, maybe the other too. Both of them are not working with WhatsAPI. There is another way to read someone's else Whatsapp messagges? I need to read my half whatsapp chats as I think she's cheating on me. She's usino whatsapp (assume latest) on a Nokia E71i, we're on the same network. Any idea? |
|
What about installing WhatsApp on a pc using one of the available Android emulator? Maybe it will be simpler to undestand the flux between client and server. As far as I know there are two emulators YouWave (which is not free) and Bluestacks App play (wich is instead free). Moreover there is a tutorial on the web which explains how to install WhatsAPP on one of the two emulators above, there is a registration process by phone and not by sms, the problem is that WhatsApp will be uninstalled on the target phone as it can run only on one devide. |
|
I was messing around with BlueStacks app player installed on my W8 pc. I have downloaded and installed Whatsapp on Bluestacks emulator, I started the application and he asked me for the phone number. I wrote the phone number of the iphone on which I have installed Whatsapp, after a while has started an "automatic sms verification method" and after 3 or 4 minutes I got an sms from Whatsapp on my Iphone with the WhatsApp code. I don't know if this can be usefull or not. |
|
It seems like yowsup can generate working passwords also for new whatsapp accounts, anyone con confirm? |
|
@int21ve This article is dated 01/12/12, i Thank that the latest version of whatsapp has been dispatched later than that. |
|
Really yowsup don't generate the passwords(except old whatsapp versions). When you verify your sms code, whatsapp servers send the password you need use. |
|
@matamoscas Ok. However if you use an Android Emulator and you register a new account he will starts waiting for sms verification. If sms verification fails after a few moments you have the option to get a call back from WhatsAPP in which you will be given the sms code. If you insert this sms code in Whatsapp running on Android emulator on pc you will get the password on the pc and maybe we can try to sniff it. |
|
And, instead sniffing, why don't we simply look for the password in the emulator file system? Because I guess once the application receives the password, it should store it somewhere so it can use it later to login, so it has to be there, somewhere. |
|
@matamoscas How can I use this password in the .net api?? |
|
@stoyicker I agree with you, i Think that is much easier to find a password on a pc rather than on an IPhone..l |
|
@Sephiroth1979 I have try this. But it seems that if you do asecond autentication whatsapp use xmpp encrypted to get the password. Don't calls any webservice. If you use the first registration with the sms or call like yowsapp you can get the password without problems, but only use in one device.pc, mobile The most interesting is have the possibility to have a lot of devices using the same account. Probably this xmpp trafic have the solution @stoyicker the big problem is get this password whitout root permisions. |
|
@kingk110 i'm don't know .net but I think thah you need delete the process encriptation and replace for a base64 encode of this password. |
|
@matamoscas Well I don't have a smartphone yet so I don't really know how hard it can be, but I don't think getting root permissions is a real challenge for anyone who knows how to use this API. |
|
@matamoscas What i really need is to listen to messages of another account without being noticed. As far as I know there's no way actually isn't it. It would be also ok if the account on the smartphone freezes for some time while I am listening.. |
|
Hi, I confirm that the password is sent by the server to the app (this doesn't imply that the server calculates it nor that the password cannot be calculated by the app). Using fheft's idea I sniffed the SSL traffic using a proxy and I found my password. Also using the base64-decoded pw as password for the session key derivation it generates a valid RC4 key. The sequence is more or less: /v2/exist?cc=34&in=64XXXXX06&lg=en&lc=US&id=528404XXXXXX...XXXX62 I was thinking.... Maybe we can't (or it's convoluted) isolate the pw generator algorithm, but we could just mimic this sequence we could manage to get a fresh new PW right? |
|
@davidgfnet I think you did a great job. I can try if you want, but I don't have the necessary knowledge to do it. I have whatsapp installed on my Iphone and Bluestacks emulator on my pc with Whatsapp installed in. On my pc I have the same Whatsapp account that I have on the Iphone, but i can't use it at the same time.. incoming messages are only received by my pc. |
|
@davidgfnet Hi can you do the same but deleting the data application in the emulator, but once you've done the above steps? I explain
Regards |
|
@davidgfnet Hi, please could you attach- me what tools are you using for viewing the url mentioned in your post? We are using mitmproxy but we are not able to view any information from whataspp app. |
|
Hi again. |
I had an idea today while trying to get this to work.
Obviously the WhatsApp Android app needs to authenticate with the server...so far so good.
If we are able to get the source of the Android app wouldn't it be possible to get the missing bytes?
A possibility to get the source of WhatsApp is using the method described here on SO:
http://stackoverflow.com/questions/3593420/android-getting-source-code-from-an-apk-file
Please correct my thought if I am wrong in any way!
P.S. I'd suggest searching for the call to get the IMEI from Android and then track the variable from there...
The text was updated successfully, but these errors were encountered: