https://github.com/venomous0x/WhatsAPI
What is WhatsApp?
According to the company:
“WhatsApp Messenger is a cross-platform mobile messenger that replaces SMS and works through the existing internet data plan of your device. WhatsApp is available for iPhone, BlackBerry, Android, Windows Phone, Nokia Symbian60 & S40 phones. Because WhatsApp Messenger uses the same internet data plan that you use for email and web browsing, there is no cost to message and stay in touch with your friends.”
Click to expand...
Click to collapse
Late 2011 numbers: 1 billion messages per day, ~20 million users.
Modified XMPP
WhatsApp uses some sort of customized XMPP server, named internally as FunXMPP, which is basically some extended proprietary version.
Login procedure
Much like XMPP, WhatsApp uses JID (jabber id) and password to successfully login to the service. The password is hashed and happened to be an MD5’d, reversed-version of the mobile’s IMEI (International Mobile Equipment Identity) or equivalent unique ID, stored in servers upon account creation and used transparently everytime the client connects the server.
The JID is a concatenation between your country’s code and mobile number.
Initial login uses Digest Access Authentication.
Message sending
Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).
Despite the usage of SSL-like communication, messages are being sent in plain-text format.
Multimedia Message sending
Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.
FAQ
What’s with the hex chars floating all over the code?
Mostly WhatsApp’s proprietary control chars/commands, or formatted data according to their server’s specifications, stored in predefined dictionaries within the clients.
What’s your future development plans?
We don’t have any.
Would it run over the web?
We’ve tested a slightly-modified version on top of Tornado Web Server and worked like a charm, however, building a chat client is a bit tricky, do your research.
Can I receive chats?
Indeed, using the same socket-receiving mechanism. But you have to parse the incoming data. Parsing functions aren’t included in this release, maybe in the next one?
I think the code is messy.
It’s working.
How can I obtain my password?
It depends on your platform, with Android for example, you can use TelephonyManager
Code:
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
tm.getDeviceId();
With the sufficent permissions of course
Code:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
NOTES
This proof of concept is extensible to contain every feature that make a fully-fledged client, similar to the official ones, actually could be even better.
During the two weeks of analysis of service mechanisms, we stumbled upon serious design and security flaws (they fixed some of them since 2011). For a company with such massive user base, we expected better practises and engineering.
Perfectly working as PHP and JAVA ports.
License
MIT - refer to the source code for the extra line.
Venomous
Team of Bahraini Developers.
Ahmed Moh'd and Ali Hubail (@hubail) contributed to this release.
I really would like to know whats your debugging strategy in this case? I'm still not able to capture the traffic from my Android 4 VirtualMachine in order to decypher the ssl traffic.
I documented my setup on my blog, just search for "WhatsApp für Android 4.0.X-X86 ICS auf VirtualBox" on Google.
Could you please provide some infos on your setup?
Except for some requests ( Syncing and Status update) , all requests go on plain text ( although they use SSL port , they still send in plain text )
onnsoft said:
I really would like to know whats your debugging strategy in this case? I'm still not able to capture the traffic from my Android 4 VirtualMachine in order to decypher the ssl traffic.
I documented my setup on my blog, just search for "WhatsApp für Android 4.0.X-X86 ICS auf VirtualBox" on Google.
Could you please provide some infos on your setup?
Click to expand...
Click to collapse
WebOS port!!!
Sent from my R800x using XDA
Looks like Whatsapp is quite secure...
Swypesation
Isn't there anyway to hack it???
Sent from my MT11i using xda premium
google it
Related
I am looking for a freelance developer to write an Instant voice messaging and media application for Android and/or iPhone. I have already written the Windows Phone 7 version of the application and am looking to add cross platform support.
The general goal of the application is to allow for voice, picture and videos to be sent in a store-and-forward manner. Gelocation sharing may be added at a later date. You must have programming skills in recording sound, and video as well as playing sound, video and displaying pictures. Network programming is a must (sending and receiving XML formatted requests and responses).
The backend services are already fully functional and support storage, retrieval, identity verification (via SMS and Email), push notifications and more. Additional services can be created based on individual platoform needs.
If an agreement can be made, you will be provided with API documentation and application requirements. I am willing to negotiate either a flat rate or you can publish and maintain the application and app store revenue yourself.
If you are interested in this opportunity, please send me a PM or send an email to daler-at-ntworld.com.
Hi,
I have developed a small app, which will turn your mobile in to a SMS gateway (Incoming and Outgoing). Actually I have built this software for one of our web app, which send SMS on user registration or when there is any bill due.
Bulk SMS from web interface
Advance group handling i.e. create multiple groups with 1 million members each
API support (for outgoing and incoming SMS). You can integrate this gateway with your website or desktop application to send SMS on trigger basis. Our API is platform and language independent, therefore you can use it with any programming language like JavaScript (node.js, jquery), Ruby on Rails, PHP, ASP.NET, ASP etc.
Two-way SMS i.e. incoming SMS processing. Check the response rate of your campaign.
Missed Call Service
Delivery Reports
You will be charged only for delivered SMS.
Post-paid billing by your carrier.
Your brand, your number.
Add multiple numbers (SIM/Phone) to build a large cluster.
Send SMS even on DND listed numbers if, they are registered with you.
SMS queuing (i.e. if your mobile can not connect to internet to fetch the data than we will queue the messages till it gets a connection.)
Runs as a gateway i.e. it will work in background on your mobile without interrupting your day to day tasks.
Full control on message sending.
Application can be downloaded from market://play.google.com/store/apps/details?id=com.znisms.bulksms
Once you downloaded the app and registered an account just reply to the welcome mail and I will add a lifetime license on your account (it's free for one month only for a normal user) as my thanks to XDA community from, which I have learnt a lot.
API Details
<Sorry, Not allowed to post links>
Parameters:
userid: ID created on ZNISMS.com
apikey: 32bit API Key (provided by ZNI)
sendto: Mobile number on which message has to be sent.
message: URL encoded message. Max 160 characters.
device: device ID from, which you want to send SMS, in case multiple devices are registered with us.
Please note this application (while running) consumes battery at very fast rate therefore it is recommended that you keep your phone plugged in while using this app.
Login from mobile.znisms.com to manage groups and send SMS.
Feel free to ask for features whatever you feel useful for your app or service.
play.google.com/store/apps/details?id=com.kstych.SecureIM
Do you care if your messages are scanned/read/provided to the highest bidder or the authorities without ever asking or even notifying?
SecureIM is the first Secure-Chat application which is built to protect you from any possible or potential leak of privacy. These days organizations spy on our chats to target ads and Governments in the name of security, however there is no excuse of not demanding and having access to privacy when we want.
SecureIM secures your communication in 2 ways
1. Secure Transmission :- A chat message will be encrypted and only readable on the device it is sent to/from.
2. Single Use Keys :- The Keys generated while messaging are discarded when the application is closed, which means it is impossible to decode a message once the app is reloaded.
The application is extremely simple to use, no need to bother about the complexities of encryption and underlying privacy details, rest assured your messages will always be out of reach from snoopers.
This app uses Public Key Cryptography, each session generates its own private/public keys.
Keys are never stored but kept in memory until the app is running.
So it'll support XMPP?
Or just gtalk?
supports xmpp
Sleepy! said:
So it'll support XMPP?
Or just gtalk?
Click to expand...
Click to collapse
yes, the app uses XMPP below the encryption layer, and so any XMPP server is supported, however this version is binded to login to Google talk server
Thanks
The Internet was designed to be a free network. “Don’t be evil” is the formal corporate motto of Google.However a subjective good from Internet institutions can't guarantee Internet freedom.What the true freedom? The true freedom is assuming all the participators are evil, get rid of all the participators capacity for evil through architectural design.
Apps often used to deliver sensitive data or used for personal and corporate communications, so the data stored by the service provider should be encrypted end-to-end, There are many App messaging applications like Line, WeChat, KakaoTalk, and many more, but they are not end-to-end encrypted messengers. Time is loudly announcing the need to shift to some alternates who provide end-to-end encryption for communication between two devices and respect your Privacy. There are a number of solutions available includes for privacy like, Telegram offers end-to-end encryption and have a 'Secret Chat' feature, that self-destruct messages after the conversation, Sure spot allows you to send and receive text messages, pictures and audio clip with end-to-end encryption, Threema use end-to-end encryption and gives you all features like text messaging, image sharing, and voice chat as well, Text Secure and Red Phone also provides end-to-end encryption for messaging and voice calls respectively. Red Phone allows you to upgrade a normal call to secure call whenever it senses the possibility to fulfill the requirements.
Therefore we have developed a complete decentralized, third-party End to End encrypted communication APP.
What is “a complete decentralized” concept?
IMAP/SMTP are standard communication protocol for retrieving and sending emails from mail server, our APP users communicate via the protocols, as if they are sending emails.
What is “third-party End to End encrypted communication”?
Since we are using zero-server solution, the developer themselves can't read the communication information from users at all. We encrypt the E-mail communication. The advantage of third-party encryption is no one can read APP user's communication information without permission, include APP official, operator, E-mail service provider and so on.
Why “APP”?
We used smart phone longer than sitting in front of a PC. We hope to develop a 100% free of charge future-proof secure communication app that is convenient and suit for long-hour usage.
After completing the APP, as long as there is user, nobody include us can prohibit this product from being used. As in nobody can prohibit the use of email protocol. Furthermore there will be no server deployed to manage this APP. It enables free flow of APP in conformity with the spirit of free Internet environment.
freedom is only an illusion. Your never free, I'll never be free, no living thing can ever be truly free, as every action is determined (or can be seen as determined a posteriori) by various factots. So, as the Internet is constructed by humans, logically it won't be free as well.
Stop talking about freedom and give us a secure App
this is not meant negatively.
Regards
Needs to be idiot proof, lightweight and versatile. Good luck.
Sent from a stolen phone!
I've been looking at various messaging apps that are encrypted.
Things like
delta chat
Pretty easy privacy
Conversations.
K9 mail with pgp encryption
And others.
They all have various issues
Conversations uses xxmp servers which don't work well if there are extended times offline.
Delta chat uses smtp which is great for offline but it has very little key management features for advanced users
Pretty easy privacy is still beta but promises a lot of good features in the future, but they might go with a subscription service for advanced features(that they call enterprise edition otherwise it might be the best when they get it done)
K9 mail with open pgp key management just is too complicated for everyday people.(sadly it's the best security)
What are you using and why?
nutpants said:
I've been looking at various messaging apps that are encrypted.
Things like
delta chat
Pretty easy privacy
Conversations.
K9 mail with pgp encryption
And others.
They all have various issues
Conversations uses xxmp servers which don't work well if there are extended times offline.
Delta chat uses smtp which is great for offline but it has very little key management features for advanced users
Pretty easy privacy is still beta but promises a lot of good features in the future, but they might go with a subscription service for advanced features(that they call enterprise edition otherwise it might be the best when they get it done)
K9 mail with open pgp key management just is too complicated for everyday people.(sadly it's the best security)
What are you using and why?
Click to expand...
Click to collapse
I'm kinda a rookie and only play a knowledgeable geek on tv, but security is pretty important to me. So I've tried a few different apps. Currently I'm using a combo of Threema and Signal on my Mi Max 3. I really like Threema. I wish signal had a few more bells and whistles, so I'm casting about for another SMS messaging app. It's not very scientific but one of my main criteria is just how many permissions the app asks for.
Telegram app or website
Signal app
There is no security on smartphones.
Depends on a few things.
1. Keys stay encrypted and on phone not online or "in the cloud"
2. Even if encrypted end to end like Whatsapp, the company was sold to Facebook so.....
3. Has to connect send and receive peer to peer or adversaries attack any centralization because that makes it too easy for them, so no telegram
I think Signal by Whisper Systems is "best", but the phone has android which Google and nsa have backdoored and suppress zero day exploit knowledge and keep discovery secret, so they read and keylog it all.
Ive been using Wickr they seem to be more secure than a regular text messages at least, I hope maybe. They say in their disclosure they dont keep any messages on the servers they use but its stiil the end users device thats the weak point. Lately wickr has been updating alot, which seems to be another term for uploading. idk i may be way off.
I found my rooted Nexus 6 had directories that were hard to get to containing screenshots of my phone taken randomly during a 24 hour time frame and zipped. Also simply watching the logcat it was uploading files regularly, dropbox and I cant find much about it but the Sahara protocol was what seemed to be querying uploads.
I use telegram
The best is to use secret chat in Telegram
It's available when use mobile telegram