Friday, May 6, 2016

Decrypting WhatsApp crypt9

This is a quick tutorial on how to decrypt WhatsApp crypt9 databases.

Requirements
  • an Android emulator (I used BlueStacks)
  • WhatCrypt app by TripCode - WhatsApp Database Crypt Tool (I know there is a web version of this tool, but that's something I'm not allowed to use)

For the following steps, the two tools require no internet connection to work.


Steps
  1. Run BlueStacks
  2. Drag and drop the .apk file from your PC to the emulator window in order to install WhatCrypt
  3. There's a shared folder between the host and the emulator located in: C:\ProgramData\BlueStacks\UserData\SharedFolder
  4. Copy into this folder the WhatsApp key file and your crypt9 databases. Rename the key file to whatsapp.cryptkey otherwise WhatCrypt won't be able to detect it.
  5. Run WhatCrypt
  6. Click WhatsApp database
  7. Double click on Encrypted Database Path
  8. Navigate to the path /storage/sdcard/windows/BstSharedFolder and select the crypt9 db you need to decrypt
  9. Double click Key File Path
  10. Select the whatsapp.cryptkey file
  11. Click Decrypt Database

Done! A SQLite database named msgstore.db will appear in the SharedFolder on your computer.


2 comments:

  1. Is it possible without key file, i hav. Only databasefile but not the key file or plztell if it may be possible in future..

    ReplyDelete
    Replies
    1. Hi, I'm no cryptanalyst but I think it's unlikely you'll be able to decrypt those files without the key.

      Delete