Extract WA password from device [Android users] #983

Closed
mgp25 opened this Issue Sep 24, 2014 · 58 comments

Projects

None yet
@mgp25
Contributor
mgp25 commented Sep 24, 2014

WAPW

Hello guys, i have good news for the android users! Many of you asked me how to extract WhatsApp password from Android devices. @GitsUp has coded an .apk based on my code released here #895 and also you can find it in my website.

Things i need to update (TODO list):

  • Extract identity ( I'm on the way people :p )
  • Log useful http requests

Useful information:
I made a wiki in where i am explaining advanced stuff on reverse engineering WhatsApp and stuff (tokens, http requests, etc...) WA Wiki!

How to contact me?
Twitter: @_mgp25
Mail: me [ at ] mgp25.com

Download: wapw2.apk
SHA1: CA465128E4C4B4A4F70B37E968F62C302AA8A3E1
MD5: DB753933E47926DD131B097E069DB1D4

Requirements

You need your device to be rooted. If you don't know how to root your device, search in google :)

How to use it?

Easy! Follow this steps:

  1. Open WA PW

wapw

  1. Click on 'Extract pw!' and give root privileges to the apk

root

  1. Now you have your WA PW!

pw

  1. You can send it to your computer via WhatsApp, email...

ta-chan

How it works?

Is explained in #895 and also was explained in Yowsup repository.

Me or pw file not found?

You need to have an active number in your WhatsApp (Device)

Additional info

You can hook classes from WhatsApp to get data, like:

App$me.java

package com.whatsapp;

import java.io.Serializable;

public class App$Me
  implements Serializable
{
  private static final long serialVersionUID = -1952119322404952662L;
  public String cc;
  public String jabber_id;
  public String number;

  App$Me(String paramString1, String paramString2)
  {
    this.cc = paramString1;
    this.number = paramString2;
    this.jabber_id = null;
  }
}

And zw.java

This files as examples :p

HEY! I'm an iPhone users!

Don't worry! You can use this utility i made!

@ludufre
ludufre commented Sep 24, 2014

Great work bro. About iPhone method: Need to be jailbroken?

@mgp25
Contributor
mgp25 commented Sep 24, 2014

@ludufre Yes, iPhone must be jailbroken and then install OpenSSH via Cydia ;)

@ludufre
ludufre commented Sep 24, 2014

@mgp25 Roger that.

@CircleCurve

thanks bro It's very useful

@crashforce

Luan vc é brasileiro ??

2014-09-24 23:46 GMT-03:00 CircleCurve notifications@github.com:

thanks bro It's very useful


Reply to this email directly or view it on GitHub
#983 (comment).

@ludufre
ludufre commented Sep 25, 2014

@crashforce sou sim.

@crashforce

Cara, vc conseguiu fazer o whatsapp.php enviar imagens e videos ?

2014-09-24 23:58 GMT-03:00 Luan Freitas notifications@github.com:

@crashforce https://github.com/crashforce sou sim.


Reply to this email directly or view it on GitHub
#983 (comment).

@ludufre
ludufre commented Sep 25, 2014

@crashforce Cara, consegui sim. Te mandei um e-mail aew, vamos falar em português aqui não. Abs.

@peliculap

Wwwwooooowwww... Man... Thank you, very, very much!!

Obs: Sou carioca, rapaziada... ;-)
PS: I'm from Rio de Janeiro, guys... ;-)

@crashforce

@peliculap mande-me um email pra trocarmos uma ideia.

2014-09-25 1:12 GMT-03:00 peliculap notifications@github.com:

Wwwwooooowwww... Man... Thank you, very, very much!!

Obs: Sou carioca, rapaziada... ;-)
PS: I'm from Rio de Janeiro, guys... ;-)


Reply to this email directly or view it on GitHub
#983 (comment).

@mgp25
Contributor
mgp25 commented Sep 25, 2014

Please this is a issue tracker, not a forum. Only for doubts, bugs, errors and support.

@rodrigofaillace

@mgp25, you´re right.

About this #983, Is it right to understand that:
If I register using your solution, the original WhatsApp App will keep on working in my mobile and I will be able to use it on my computer?

@ludufre
ludufre commented Sep 25, 2014

Sorry to intrude. @rodrigofaillace you will be disconnected when connected with another device. In other words: when connect with this API you will be disconnected from phone and vice-versa

@Azhturion

It works! Thanks. Also, you can use Pidgin and the whatsapp plugin for chat on your PC.

it works

@sadarshannaiynar

App is crashing in 4.4.4 android! :(

@mgp25
Contributor
mgp25 commented Oct 10, 2014

Download this: https://mgp25.com/wa/wapw2.apk

That should work. Also for latest API updates check this: https://github.com/mgp25/WhatsAPI-Official

@sadarshannaiynar

The apk from the link doesnt work! :(

@sadarshannaiynar

Here is the link to logcat output
http://pastebin.com/GQ9nJjpp

@mgp25
Contributor
mgp25 commented Oct 10, 2014

Just open the apk and click extract password.......

@sadarshannaiynar

The app opens and crashes back before displaying anything....

@mgp25
Contributor
mgp25 commented Oct 11, 2014

Contact me via maill

@ghost
ghost commented Oct 11, 2014

sadarshannaiynar have you tried https://play.google.com/store/apps/details?id=com.smorra.passwordextractor ?
What is you device?
What is your processor?

@sadarshannaiynar

GitsUp your link worked thanks! 👍 :D

@ghost
ghost commented Oct 11, 2014

np

@mgp25
Contributor
mgp25 commented Oct 18, 2014

Ask in its repository, not here.

@NazarAbbas

Hello Mr. Stefan Smorra,

I am using libwajava library in my project according to your code.

YOUR_NUMBER_WITHOUT_PLUS=MY NUMBER
PASSWORD_IN_BASE64= PASSWORD (TmF6YXI=(BASE64))
DISPLAY NAME=MT NAME
SOME_NUMBER= MY FRIEND'S NUMBER

final WAClient client = new WAClient("YOUR_NUMBER_WITHOUT_PLUS", "PASSWORD_IN_BASE64", "DISPLAY NAME");
client.connect(new WAConnectCallback()
{

@Override
public void onConnectSuccess()
{
try
{
System.out.println("Connected :-)");
client.sendMessage("SOME_NUMBER", "Hey there from libwajava!");
}
catch (Exception e)
{
e.printStackTrace();
}
}

@Override
public void onConnectFailure(Reason reason)
{
    System.out.println("Couldn't conenct :-(");
}

});

But I'm getting error (SOCKET_ERROR) onConnectFailure override method.

What am I doing wrong?

please help me.

thanks in advance.

Nazar

@mgp25
Contributor
mgp25 commented Oct 18, 2014

This is WhatsAPI, ask in its proper repository.

@NazarAbbas

can you provide a link of android_libwajava proper repository?
thanks

On Sat, Oct 18, 2014 at 4:34 PM, mgp25 notifications@github.com wrote:

This is WhatsAPI, ask in its proper repository.


Reply to this email directly or view it on GitHub
#983 (comment).

@shishirtanwar

Got it to install.....turns out if you have smorra's app installed it doesn't let wawp2 to get installed and vice-versa.
Anyway, on clicking extract button it says - "Can't access WA files. Are you root?"
But it is rooted and I already gave it SuperUser Access.
All other rooted apps are working fine.

@LukiLeu
LukiLeu commented Jan 5, 2015

Hi
I used your apk to extract the password. But when i try to use it in "Wassapp", it always mentions that my password is incorrect. Do I have to decode the retrieved password or something similar?
thanks

@waiferv
waiferv commented Jan 11, 2015

I click on the Extract button but then I only get:
"Can't access WA files. Are you root?"

Device is rooted!!!

@mgp25
Contributor
mgp25 commented Jan 11, 2015
@waiferv
waiferv commented Jan 11, 2015

Still

"Can't access WA files. Are you root?"

with apk from that guide :(

@mgp25
Contributor
mgp25 commented Jan 11, 2015

@waiferv give WhatsApp root privileges and then try again. Remember to use WhatsAPI Official repo, this one is inactive

@cooler-farmer

Doesn't work android 5.0.2 for me :(

@w00000w5

thanks mgp25

@cooler-farmer

@mgp25 it shows "couldn't read whatsapp files".
I granted it root permissions :(
Using android 5.0.2

@vlnsnewton

Dear All.

I have extracted whatsapp password but from where can i extract identity??
and can i use these whatsapp password and identity credentials in https://github.com/mgp25/WhatsAPI-Official

help me in this case in am using bluestack

@Zap123 Zap123 referenced this issue in davidgfnet/whatsapp-purple Jan 22, 2015
Closed

Account settings don't change when plugin server/resource do #210

@1337sup3rh4x0r

on android 5.0.2 I also get "couldn't read whatsapp files"

Is there a solution to this?

@1337sup3rh4x0r

here is a windows tool that does the same: https://github.com/shirioko/WART

@mgp25
Contributor
mgp25 commented Feb 12, 2015

@Killer1337 it doesnt do the same, one thing is register the number, the other is extract the password. You should go here: https://github.com/mgp25/WhatsAPI-Official its more updated and have all the documentation about the API.

Regards

@jesussales

@mgp25 if i want generate a pw file??? The extractor read a pw file and
make proccess to extract The pass but if i have a pass. .. do you know how
create The file? Or how edit pw to inject the pass??
El 12/02/2015 15:08, "mgp25" notifications@github.com escribió:

@Killer1337 https://github.com/Killer1337 it doesnt do the same, one
thing is register the number, the other is extract the password. You should
go here: https://github.com/mgp25/WhatsAPI-Official its more updated and
have all the documentation about the API.

Regards


Reply to this email directly or view it on GitHub
#983 (comment).

@mgp25
Contributor
mgp25 commented Feb 12, 2015

@jesussales Yes, its possible to generate the password but why? Use WhatsAPI Official instead of this repo.

@jesussales

Only want to Know.... can you say me how create it?
El 12/02/2015 22:21, "mgp25" notifications@github.com escribió:

@jesussales https://github.com/jesussales Yes, its possible to generate
the password but why? Use WhatsAPI Official instead of this repo.


Reply to this email directly or view it on GitHub
#983 (comment).

@jharihar

Hi i am trying to get the password from emulator, it is giving error as cant access wp data. are you root.
please help me.. i have the pw file from abd. could u pls extract the password

@freesrc
freesrc commented Feb 25, 2015

"Extract identity ( I'm on the way people :p )"

Do you mean that you are still struggling on getting wa identity?

@assegaf
assegaf commented Mar 25, 2015

@mgp25 any instruction extracting pw wa on Nokia S40 device, its Java J2ME based apps.

@ghost
ghost commented Mar 28, 2015

Crashed instantly on 5.0.x.

@aghict
aghict commented Apr 18, 2015

Is there any way to get WhatsApp passsword without root access?

@francwalter

Obviously this version, and neither the newer version "Password Extractor (3)" doesn't work anymore.
On CM12.1 (jfltexx) I get with this and the newer apk, the same error as the others above:

Couldn't read WhatsApp files. Are you
root?

Yes, clear that I am root.
And I can get the "pw" file with adb though.
But I wont start to compile the tools because I am afraid this will result in the same.
Is there now an actual working way?

Thanks. frank

@catch2patch

Same here, but getting password with bash works perfectly.

@francwalter

What do you mean exactly with:

getting the password with bash

do you mean compiling the tools?

@mgp25 mgp25 closed this Oct 10, 2015
@francwalter

Yes, but where can I ask about issues with that?
This is a wiki not an issue tracker :(
I read the Extracting password from device and don't understand what is ment with this part (a bash-script):

#!/bin/bash

TELNUM='99123456789'
if ! [ -r pw ]; then exit 1; fi

dd if=pw of=pw_salt bs=1 skip=29 count=4
hexdump -e '2/1 "%02x"' pw_salt
dd if=pw of=pw_iv bs=1 skip=33 count=16
dd if=pw of=pw_ekey bs=1 skip=49 count=20

echo -n 'c2991ec29b1d0cc2b8c3b7556458c298c29203c28b45c2973e78c386c395' | xxd -r -p > pbkdf2_pass.bin
echo -n $TELNUM | hexdump -e '2/1 "%02x"' | xxd -r -p >> pbkdf2_pass.bin

It is not explained in the code, what this does or how it is used. I see that there is a variable TELNUM but I don' understand the "c2991ec29b1d0cc2b8c3b7556458c298c29203c28b45c2973e78c386c395"
What is that? Do I need to change it? What do I put there?
Questions that I cannot post there.

EDiT: OK, I understand. I have put an issue #1076 into that wiki about this.
I ran all these compiling and commands, but I doubt that it works with that unchanged hex. Will try anyway.
OK this works, nothing to change beside the TELNUM

@francwalter

Thank you by the way for this great code!!!

@LavanyaLea

@francwalter and @mgp25 I can't use the apk including the one I downloaded from https://github.com/WHAnonymous/Chat-API/wiki/Extracting-password-from-device.
it says "Couldn't read WhatsApp files. Are you root?" - same problem that other users have mentioned.
I am running on Bluestack on Mac.
Tried to use bash, however struggled straight away on this:

  • Once the file has been copied to the SD card, use ADB again to copy it to your computer.

$ adb pull /sdcard/pw

it says pw is read only.

(bash looks terribly complicated to me who's inexperienced. Did anyone manage to get the apk working?)

thanks!

@francwalter

Yes. Without root you wont be able to pull:
/data/data/com.whatsapp/files/pw
So witihout root, no password extraction.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment