Decrypt Whatsapp desktop client db files #2247
Comments
|
Thanks @gfd2020, this would be very very useful. @hauck-jvsh is working on WhatsApp Web decoding, he is already able to rebuild chats, decrypt media attachments, but text message bodies still not, unfortunately I think those formats don't have anything in common based on your description... |
Very interesting. Is this data obtained from the browser cache? |
Yes, from Chrome cache, Hauck can elaborate more on this. |
Whatsapp Desktop Client on Windows saves the conversation databases locally in the folder below, mainly message.db.
C:\Users{user}\AppData\Local\Packages\5319275A.WhatsAppDesktop_cv1g1gvanyjgm\LocalState
I took a look at the database and it is an encrypted sqlite database. It seems to me to be a different encryption than that used in the mobile version. Looking at the application folder, I found the dll e_sqlite3.dll (Dot net probably). This appears to be a custom version of encrypted sqlite3.
https://learn.microsoft.com/pt-br/dotnet/standard/data/sqlite/encryption?tabs=net-cli
https://learn.microsoft.com/pt-br/dotnet/standard/data/sqlite/custom-versions?tabs=net-cli
https://www.bricelam.net/2023/11/10/more-sqlite-encryption.html
https://utelle.github.io/SQLite3MultipleCiphers/docs/ciphers/cipher_legacy_mode/
The text was updated successfully, but these errors were encountered: