Your SlideShare is downloading. ×
  • Like
Whatsapp Hacking 2013 | Lucideus Tech Private Limited
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Whatsapp Hacking 2013 | Lucideus Tech Private Limited

  • 13,721 views
Published

A Perfect paper on how to hack whatsapp and do forensics on whatsapp, new method of Whatsapp hacking from Lucideus Tech Private Limited

A Perfect paper on how to hack whatsapp and do forensics on whatsapp, new method of Whatsapp hacking from Lucideus Tech Private Limited

Published in Self Improvement , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
13,721
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
368
Comments
1
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Lucideus Tech Pvt Ltd Introduction : WhatsApp Forensics Introduction According to Wikipedia “WhatsApp Messenger is a proprietary, cross-platform instant messaging application for smart-phones. In addition to text messaging, users can send each other images, video, and audio media messages. The client software is available for Android, Blackberry OS, Blackberry 10, iOS, Series 40, Symbian (S60), and Windows Phone. WhatsApp Inc. was founded in 2009 by Brian Acton and Jan Koum, both veterans of Yahoo!, and is based in Santa Clara, California. Competing with a number of Asian-based messaging services (like LINE, KakaoTalk, and WeChat), WhatsApp was handling ten billion messages perday as of August 2012, growing from two billion in April 2012” WhatsApp Now and Before WhatsApp 2.11.136 (Latest) first installed on more than one Android phone using the Google Play store. The application gets stored in the Internal Memory of the phone. Automatically the app syncs with the phone's contacts showing people already using WhatsApp. When a phone with WhatsApp installed is turned on, the “com.whatsapp” process receives a signal to start the 'ExternalMediaManage' and 'MessageService' services which run in the background as long as the phone is on. Before With the starting version 2.9 any messages exchanged are stored in the 'msgstore.db' which is SQLite databases. The databases are loaded into RAM for faster access of data. Typically all the content may not persist or may be overwritten due to swapping in RAM but this may not be true for Android. Now may be at first sight you did not noticed that your conversation on WhatsApp is no more saved on WhatsApp servers (15days chat records only) hence your all chat records are with you from the first day you starts your communication. As Whatsapp hit the market its main objective was to attract users and increase the total no of user statistics with the rocket speed. But in early versions privacy Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 2. Lucideus Tech Pvt Ltd concerned persons related to security field found that the chat records which was taken care by WhatsApp was vulnerable, because the file database which saves the chat conversations was not encrypted and can easily accessible through many ways to get the whole conversation details. As this news hits the world wide web, people from security field starts experimenting with WhatsApp database (msgstore.db )to retrieve the conversation even the deleted ones from the chat option. But WhatsApp reacts soon and comes up with an encryption mechanism to protect its database msgstore.db . Now After the incident now according to officials from WhatsApp they are taking the conversation database security in a very serious manner ( According to them [add Evil Laugh Here :P] ), now WhatsApp database encryption having custom AES encryption algorithm with above 192-bit encryption key mainly used for WhatsApp Android Platform. So now the previous file msgstore.db is converted to msgstore.db.crypt . Previous Forensics Methods Used Before the 2.11. Version of WhatsApp hackers were able to decrypt the encrypted msgstore.db.crypt file without much effort thanks to a WhatsApp Forensic Toolkit known As WhatsApp Xtract Tool having a powerful python script that helps the security professionals to decrypt the encryption of crypt file and after the decryption presents a perfect forensic report through a beautiful HTML interface page with full conversation in it. I started working on this toolkit but as WhatsApp hits version number 2.11 onwards this kit becomes useless as the encryption key used by WhatsApp was changed, and the developer of Python script till now (12/07/2013) was unable code the decryption mechanism for it. Here is the screen shot which pops up when we tried to decrypt the msgstore.db.crypt. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 3. Lucideus Tech Pvt Ltd As you can see the script was unable to decrypt the latest AES encryption algorithm because it is unable to import the latest AES cipher. So for the time being this manual method of decryption WhatsApp chat is disabled. The best we can do is to wait for the new updated python script. Latest Online Forensic Methods Available So the last method makes us sad but don’t worry we have some more easy and cool ways to extract the WhatsApp conversations. After my research I found only two websites which brings you facility to extract the chat details in a very easy manner and YES free of cost. 1. www.recovermessages.com RecoverMessages was the first site which caught my attention and with a simple google search you can find it, now I am using Android phone so i was looking for a platform which can help me to do this task, but what I found is that this website can decrypt not only Android WhatsApp but also iPhone WhatsApp also. Here are the step by step ways to perform the method to retrieve the conversation: Step 1: First copy the msgstore.db.crypt file available in your sd card with location Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 4. Lucideus Tech Pvt Ltd FileManager/ExternalSD Card/ WhatsApp/Databases/msgstore.db.crypt Step2: Copy the file and paste on your laptop desktop Step 3: Open www.recovermessages.com and upload your .crypt file, by clicking select SQLite file n then (do accept the terms of use before Scan) clicking Scan. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 5. Lucideus Tech Pvt Ltd Step 4: After when your file is uploaded completely with in few seconds you will see the recent full conversation chat. Shot from: NDTV Cell Guru Featuring Team Lucideus Tech After it if still your are not satisfied and want something new than it then you must try your hands on another website known as http://www.ob4wa.com/. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 6. Lucideus Tech Pvt Ltd Register on the website and after login just upload the msgstore.db.crypt file on it and again in no time you will be able to see the conversations in front of you. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 7. Lucideus Tech Pvt Ltd This website is mainly used by user worldwide as a WhatsApp database backup. But being a hacker you can use it for your fun purpose also  . There are many other features provided by www.ob4wa.com you can visit the website and try yourself. Conclusion: We hope this small tutorial helps you to know many new things about WhatsApp , and we hope after reading this tutorial we will never give your mobile phone to your friends , because if they able to copy the msgstore.db.crypt file through Bluetooth then ………………….  Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 8. Lucideus Tech Pvt Ltd Winter Training Ethical Hacking Certifications Lucideus Certified Cyber Security Analyst (LCCSA) 1 Month (42 Contact Hour) Hardcore Practical Training There is no better way to invest in this winter season than joining us. We give you 42 hours of dedicated training for one complete month whereby you will be able to secure yourself and others from almost any malicious behavior and attacks online. We have a full-fledged course of cyber security which slings you from a newbie to an elite security researcher, which takes you to a path not yet beaten, from teaching you how to connect to a WiFi network to how hackers hack into one, from what an IP address is to how hackers fake one, from how to be secure to how to become anonymous. But, before you anticipate anything, let us warn you this is not what you are thinking it is. At Lucideus, it never is! Click here to know more. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 9. Lucideus Tech Pvt Ltd Lucideus World Class Labs for Students and Corporates Click here to know more. Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker
  • 10. Lucideus Tech Pvt Ltd Thanks for reading the article we hope again you liked it, our research lab team at Lucideus Tech working really hard on some new projects like forensics on Viber and WeChat and soon we will share those articles also with you for sure. Lucideus Tech Pvt Ltd, Address: C-17 Safdarjung Development Area Opposite IIT Delhi Main Gate Hauz Khas, New Delhi, India 110016 , Phone: + 91 11-2656-9899, Email: info@lucideustech.com rahul.tyagi@lucideustech.com Lucideus Tech Pvt Ltd Join India’s Most Advance Ethical Hacking Certification Call: 08588842342 today and become a professional ethical hacker