Decrypting WhatsApp crypt12 files - Android Apps and Games

I will just leave this here. :good:
Python:
Code:
#!/usr/bin/env python
""" decrypt12.py: Decrypts WhatsApp msgstore.db.crypt12 files. """
""" Requires pycrypto and pycryptodome packages. """
__author__ = 'TripCode'
__copyright__ = 'Copyright (C) 2016'
__license__ = 'GPLv3'
__status__ = 'Production'
__version__ = '1.0'
from Crypto.Cipher import AES
import os
import sys
import zlib
def keyfile(kf):
global t1, key
if os.path.isfile(kf) == False:
quit('The specified input key file does not exist.')
elif os.path.getsize(kf) != 158:
quit('The specified input key file is invalid.')
with open(kf, 'rb') as keyfile:
keyfile.seek(30)
t1 = keyfile.read(32)
keyfile.seek(126)
key = keyfile.read(32)
return True
def decrypt12(cf, of):
global t2, iv
if os.path.isfile(cf) == False:
quit('The specified input crypt12 file does not exist.')
tf = cf+'.tmp'
with open(cf, 'rb') as crypt12:
crypt12.seek(3)
t2 = crypt12.read(32)
if t1 != t2:
quit('Key file mismatch or crypt12 file is corrupt.')
crypt12.seek(51)
iv = crypt12.read(16)
crypt12.seek(67)
primer(tf, crypt12, 20)
cipher = AES.new(key, AES.MODE_GCM, iv)
sqlite = zlib.decompress(cipher.decrypt(open(tf, 'rb').read()))
with open(of, 'wb') as msgstore:
msgstore.write(sqlite)
msgstore.close()
os.remove(tf)
return True
def primer(tf, crypt12, sb):
with open(tf, 'wb') as header:
header.write(crypt12.read())
header.close()
with open(tf, 'rb+') as footer:
footer.seek(-sb, os.SEEK_END)
footer.truncate()
footer.close()
def validate(ms):
with open(ms, 'rb') as msgstore:
if msgstore.read(6).decode('ascii').lower() != 'sqlite':
os.remove(ms)
msg = 'Decryption of crypt12 file has failed.'
else:
msg = 'Decryption of crypt12 file was successful.'
msgstore.close()
quit(msg)
def main():
if len(sys.argv) > 2 and len(sys.argv) < 5:
if len(sys.argv) == 3:
outfile = 'msgstore.db'
else:
outfile = sys.argv[3]
if keyfile(sys.argv[1]) and decrypt12(sys.argv[2], outfile):
validate(outfile)
else:
print('\nWhatsApp Crypt12 Database Decrypter '+__version__+' '+__copyright__+' by '+__author__+'\n')
print('\tUsage: python '+str(sys.argv[0])+' key msgstore.db.crypt12 msgstore.db\n')
if __name__ == "__main__":
main()
Code:
Usage: python decrypt12.py key msgstore.db.crypt12 msgstore.db
Java:
Code:
package decrypt12;
/*
*
*** decrypt12.jar: Decrypts WhatsApp msgstore.db.crypt12 files. ***
*
* Author : TripCode
* Copyright : Copyright (C) 2016
* License : GPLv3
* Status : Production
* Version : 1.0
*
*/
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.Security;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// import org.spongycastle.jce.provider.BouncyCastleProvider; // Android
public class decrypt12 {
static {
Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);
// Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1); // Android
}
public static void decrypt(String KeyFile, String C12File, String SQLFile) throws Exception {
final File tempFile = new File(System.getProperty("java.io.tmpdir") + "/"
+ (int) (System.currentTimeMillis() / 1000L) + "-msgstore.enc");
if (!new File(KeyFile).isFile())
quit("The specified input key file does not exist.");
else if (new File(KeyFile).length() != 158)
quit("The specified input key file is invalid.");
else if (!new File(C12File).isFile())
quit("The specified input crypt12 file does not exist.");
InputStream KeyIn = new FileInputStream(KeyFile);
InputStream WdbIn = new BufferedInputStream(new FileInputStream(C12File));
byte[] KeyData = new byte[158];
KeyIn.read(KeyData);
byte[] T1 = new byte[32];
System.arraycopy(KeyData, 30, T1, 0, 32);
byte[] KEY = new byte[32];
System.arraycopy(KeyData, 126, KEY, 0, 32);
KeyIn.close();
byte[] C12Data = new byte[67];
WdbIn.read(C12Data);
byte[] T2 = new byte[32];
System.arraycopy(C12Data, 3, T2, 0, 32);
byte[] IV = new byte[16];
System.arraycopy(C12Data, 51, IV, 0, 16);
if (!new String(T1, 0, T1.length, "ASCII").equals(new String(T2, 0, T2.length, "ASCII")))
quit("Key file mismatch or crypt12 file is corrupt.");
int InputLength = WdbIn.available();
RandomAccessFile raf = new RandomAccessFile(tempFile, "rw");
byte[] tempBuffer = new byte[1024];
int I;
while ((I = WdbIn.read(tempBuffer)) != -1)
raf.write(tempBuffer, 0, I);
raf.setLength(InputLength - 20);
raf.close();
WdbIn.close();
InputStream PdbSt = new BufferedInputStream(new FileInputStream(tempFile));
Cipher cipher;
Security.addProvider(new BouncyCastleProvider());
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); // BouncyCastle
// cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC"); // SpongyCastle (Android)
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY, "AES"), new IvParameterSpec(IV));
CipherInputStream CipherStream = new CipherInputStream(PdbSt, cipher);
InflaterInputStream CryptOutput = new InflaterInputStream(CipherStream, new Inflater(false));
try {
FileOutputStream InflateBuffer = new FileOutputStream(SQLFile);
int N = 0;
byte[] CryptBuffer = new byte[8192];
while ((N = CryptOutput.read(CryptBuffer)) != -1) {
InflateBuffer.write(CryptBuffer, 0, N);
}
InflateBuffer.close();
} catch (IOException ex) {
quit("Fatal error:" + ex);
}
CipherStream.close();
tempFile.delete();
InputStream SqlDB = new FileInputStream(SQLFile);
byte[] SqlData = new byte[6];
SqlDB.read(SqlData);
byte[] MS = new byte[6];
System.arraycopy(SqlData, 0, MS, 0, 6);
SqlDB.close();
if (!new String(MS, 0, MS.length, "ASCII").toLowerCase().equals("sqlite")) {
new File(SQLFile).delete();
quit("Decryption of crypt12 file has failed.");
}
else
quit("Decryption of crypt12 file was successful.");
}
private static void quit(String Msg) {
System.out.println(Msg);
System.exit(0);
}
public static void main(String[] args) throws Exception {
String outFile;
if (args.length > 1 && args.length < 4) {
if (args.length == 3)
outFile = args[2];
else
outFile = "msgstore.db";
decrypt(args[0], args[1], outFile);
} else {
System.out.println("\nWhatsApp Crypt12 Database Decrypter 1.0 Copyright (C) 2016 by TripCode");
System.out.println("\tUsage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db\n");
}
}
}
Code:
Usage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db
GitHub Repository: WhatsApp-Crypt12-Decrypter

Just a quick question: My phone was swapped by a repair shop and the other person who got my phone didn't realize this at first. She did a factory reset, and probably installed Whatsapp with her SIM card before I got my phone back. I'm so angry right now...
I guess my key file is gone - either deleted by the factory reset or overwritten with her Whatsapp's key file. I have several backups of the Whatsapp directory and still the same Google account, IMEI and phone number. Can I restore my messages or are any attempts futile?
(I see that the code asks for a key file, so if I cannot get it/extract it somewhere, there is probably no chance anymore?)

hi, realy great tool
with that i could open the msgstore.db and see my chats
but is it possible to convert this file into a .db.crypt12 file or something like that, so i can open it with whatsapp an have my chats back?
or are there other ways, i can use this msgstore.db + wa.db to recover the chats?

Hi!
I have a crypt12 database but no key...is there anyone out there able to decrypt it?
How much will it cost to me to do this? Can anyone do it for me?
Is the code written here above working in decrypting a crypt12 database?
I don't want to root or install any spyware, just trying to decrypt the file.
anyone interested in trying?
Please write dawn here if you're interested and we'll get in contact...

ettorebonfanti said:
Hi!
I have a crypt12 database but no key...is there anyone out there able to decrypt it?
How much will it cost to me to do this? Can anyone do it for me?
Is the code written here above working in decrypting a crypt12 database?
I don't want to root or install any spyware, just trying to decrypt the file.
anyone interested in trying?
Please write dawn here if you're interested and we'll get in contact...
Click to expand...
Click to collapse
There is a program out there which claims to obtain the key file without root. If it's still working today, I don't know. Here: https://forum.xda-developers.com/showthread.php?t=2770982
If you want the key file, it's better to root your phone and get it. It's not that hard. You can even unroot your phone after catching the key.
And no, someone can't just decrypt the database, because the key is there for a reason, and this reason is security.

Excellent! Just used this to fix a Whatapp DB.
---------- Post added at 10:57 AM ---------- Previous post was at 10:50 AM ----------
This is great thanks! How do I encrypt the database again with crypt12?
I have both, the DB and the key.
TripCode said:
I will just leave this here. :good:
Python:
Code:
#!/usr/bin/env python
""" decrypt12.py: Decrypts WhatsApp msgstore.db.crypt12 files. """
""" Requires pycrypto and pycryptodome packages. """
__author__ = 'TripCode'
__copyright__ = 'Copyright (C) 2016'
__license__ = 'GPLv3'
__status__ = 'Production'
__version__ = '1.0'
from Crypto.Cipher import AES
import os
import sys
import zlib
def keyfile(kf):
global t1, key
if os.path.isfile(kf) == False:
quit('The specified input key file does not exist.')
elif os.path.getsize(kf) != 158:
quit('The specified input key file is invalid.')
with open(kf, 'rb') as keyfile:
keyfile.seek(30)
t1 = keyfile.read(32)
keyfile.seek(126)
key = keyfile.read(32)
return True
def decrypt12(cf, of):
global t2, iv
if os.path.isfile(cf) == False:
quit('The specified input crypt12 file does not exist.')
tf = cf+'.tmp'
with open(cf, 'rb') as crypt12:
crypt12.seek(3)
t2 = crypt12.read(32)
if t1 != t2:
quit('Key file mismatch or crypt12 file is corrupt.')
crypt12.seek(51)
iv = crypt12.read(16)
crypt12.seek(67)
primer(tf, crypt12, 20)
cipher = AES.new(key, AES.MODE_GCM, iv)
sqlite = zlib.decompress(cipher.decrypt(open(tf, 'rb').read()))
with open(of, 'wb') as msgstore:
msgstore.write(sqlite)
msgstore.close()
os.remove(tf)
return True
def primer(tf, crypt12, sb):
with open(tf, 'wb') as header:
header.write(crypt12.read())
header.close()
with open(tf, 'rb+') as footer:
footer.seek(-sb, os.SEEK_END)
footer.truncate()
footer.close()
def validate(ms):
with open(ms, 'rb') as msgstore:
if msgstore.read(6).decode('ascii').lower() != 'sqlite':
os.remove(ms)
msg = 'Decryption of crypt12 file has failed.'
else:
msg = 'Decryption of crypt12 file was successful.'
msgstore.close()
quit(msg)
def main():
if len(sys.argv) > 2 and len(sys.argv) < 5:
if len(sys.argv) == 3:
outfile = 'msgstore.db'
else:
outfile = sys.argv[3]
if keyfile(sys.argv[1]) and decrypt12(sys.argv[2], outfile):
validate(outfile)
else:
print('\nWhatsApp Crypt12 Database Decrypter '+__version__+' '+__copyright__+' by '+__author__+'\n')
print('\tUsage: python '+str(sys.argv[0])+' key msgstore.db.crypt12 msgstore.db\n')
if __name__ == "__main__":
main()
Code:
Usage: python decrypt12.py key msgstore.db.crypt12 msgstore.db
Java:
Code:
package decrypt12;
/*
*
*** decrypt12.jar: Decrypts WhatsApp msgstore.db.crypt12 files. ***
*
* Author : TripCode
* Copyright : Copyright (C) 2016
* License : GPLv3
* Status : Production
* Version : 1.0
*
*/
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.Security;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
// import org.spongycastle.jce.provider.BouncyCastleProvider; // Android
public class decrypt12 {
static {
Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);
// Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1); // Android
}
public static void decrypt(String KeyFile, String C12File, String SQLFile) throws Exception {
final File tempFile = new File(System.getProperty("java.io.tmpdir") + "/"
+ (int) (System.currentTimeMillis() / 1000L) + "-msgstore.enc");
if (!new File(KeyFile).isFile())
quit("The specified input key file does not exist.");
else if (new File(KeyFile).length() != 158)
quit("The specified input key file is invalid.");
else if (!new File(C12File).isFile())
quit("The specified input crypt12 file does not exist.");
InputStream KeyIn = new FileInputStream(KeyFile);
InputStream WdbIn = new BufferedInputStream(new FileInputStream(C12File));
byte[] KeyData = new byte[158];
KeyIn.read(KeyData);
byte[] T1 = new byte[32];
System.arraycopy(KeyData, 30, T1, 0, 32);
byte[] KEY = new byte[32];
System.arraycopy(KeyData, 126, KEY, 0, 32);
KeyIn.close();
byte[] C12Data = new byte[67];
WdbIn.read(C12Data);
byte[] T2 = new byte[32];
System.arraycopy(C12Data, 3, T2, 0, 32);
byte[] IV = new byte[16];
System.arraycopy(C12Data, 51, IV, 0, 16);
if (!new String(T1, 0, T1.length, "ASCII").equals(new String(T2, 0, T2.length, "ASCII")))
quit("Key file mismatch or crypt12 file is corrupt.");
int InputLength = WdbIn.available();
RandomAccessFile raf = new RandomAccessFile(tempFile, "rw");
byte[] tempBuffer = new byte[1024];
int I;
while ((I = WdbIn.read(tempBuffer)) != -1)
raf.write(tempBuffer, 0, I);
raf.setLength(InputLength - 20);
raf.close();
WdbIn.close();
InputStream PdbSt = new BufferedInputStream(new FileInputStream(tempFile));
Cipher cipher;
Security.addProvider(new BouncyCastleProvider());
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC"); // BouncyCastle
// cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC"); // SpongyCastle (Android)
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY, "AES"), new IvParameterSpec(IV));
CipherInputStream CipherStream = new CipherInputStream(PdbSt, cipher);
InflaterInputStream CryptOutput = new InflaterInputStream(CipherStream, new Inflater(false));
try {
FileOutputStream InflateBuffer = new FileOutputStream(SQLFile);
int N = 0;
byte[] CryptBuffer = new byte[8192];
while ((N = CryptOutput.read(CryptBuffer)) != -1) {
InflateBuffer.write(CryptBuffer, 0, N);
}
InflateBuffer.close();
} catch (IOException ex) {
quit("Fatal error:" + ex);
}
CipherStream.close();
tempFile.delete();
InputStream SqlDB = new FileInputStream(SQLFile);
byte[] SqlData = new byte[6];
SqlDB.read(SqlData);
byte[] MS = new byte[6];
System.arraycopy(SqlData, 0, MS, 0, 6);
SqlDB.close();
if (!new String(MS, 0, MS.length, "ASCII").toLowerCase().equals("sqlite")) {
new File(SQLFile).delete();
quit("Decryption of crypt12 file has failed.");
}
else
quit("Decryption of crypt12 file was successful.");
}
private static void quit(String Msg) {
System.out.println(Msg);
System.exit(0);
}
public static void main(String[] args) throws Exception {
String outFile;
if (args.length > 1 && args.length < 4) {
if (args.length == 3)
outFile = args[2];
else
outFile = "msgstore.db";
decrypt(args[0], args[1], outFile);
} else {
System.out.println("\nWhatsApp Crypt12 Database Decrypter 1.0 Copyright (C) 2016 by TripCode");
System.out.println("\tUsage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db\n");
}
}
}
Code:
Usage: java -jar decrypt12.jar key msgstore.db.crypt12 msgstore.db
GitHub Repository: WhatsApp-Crypt12-Decrypter
Click to expand...
Click to collapse

error message..line 84..intended error
hi tripcode...i used the python script in python3.6...it showed an intended error..error line 84...can u please help me in this issue..or can u guid me to decrypt the file..am not having that key file..thats y..mobile lost..i retrieved the files from drive..so plz help me in this issue..

error the key file not found
hi it was fine till it shows the key file is not found...plz help me in this issues

GURUMOORTHI said:
hi it was fine till it shows the key file is not found...plz help me in this issues
Click to expand...
Click to collapse
w/o key file ...there is no way to brake the crytp12...
mmmm but i don`t know if there is any chace using brute force to brake the encrytion

Can someone share pycrypto also pycryptodome? or java for Android thanks

gbwhatsapp
Fusseldieb said:
There is a program out there which claims to obtain the key file without root. If it's still working today, I don't know. Here: https://forum.xda-developers.com/showthread.php?t=2770982
If you want the key file, it's better to root your phone and get it. It's not that hard. You can even unroot your phone after catching the key.
And no, someone can't just decrypt the database, because the key is there for a reason, and this reason is security.
Click to expand...
Click to collapse
You can try:
a tutorial from Ik Teach:
https://www.youtube.com/watch?v=4b1f2iTnoO8
link to the file gbwhatsapp:
https://idescargar.com/gbwhatsapp/descargar/
It give you de key file whithout root. It worked for me. But it is a little tricky. and you end up with this modded whatsapp.
Cheers!

hii tripcode
I am not having that key file..
i lost my mobile....i retrieved the files from drive..so plz help me to decrypt my database.

shanya_creation said:
hii tripcode
I am not having that key file..
i lost my mobile....i retrieved the files from drive..so plz help me to decrypt my database.
Click to expand...
Click to collapse
You need to re-download WhatsApp in another phone and use your old number. (Yes, you'll need to recover your phone number before recovering your chats). Once you have WhatsApp installed you can take out the Key file from /data/data/com.whatsapp/files
To do that stuff i recommend to use a old phone that can be easily rooted or one that has already rooted.
Good luck :good:

Hello,
Does anyone know if by any chance KEY file gets deleted on old phone when whatsapp is activated on a new phone and old phone whatsapp gets locked asking for conf code by SMS?
I rooted android 4.x.x
I then searched using ez file manager in root and in data/data /com.whatsapp but i do not see a KEY file.

download WhatsApp Plus8.30 it will work for you
https://goapk.org/whatsapp-plus/

Need Help!
I have whatsapp db.crypt12 file. I am novice in Mobile. Can anybody make that file readable professionally for me? I am ready to pay for this.

HI,
I have extracted the key by the procedure of "WhatsApp Key/DB Extractor 4.7 Enhanced 1.0" (https://forum.xda-developers.com/showthread.php?t=2770982&page=55), but eventually your JAVA code failed with message:
Key file mismatch or crypt12 file is corrupt.
Why is that?
Somewhere (guess at Elcomsoft Explorer) I have read, that the key can only decrypt backups taken from a previous time. This should true in my case, isnt?
1) Is the key somehow related to the phone device itself? (I have used a spare phone for this analysis, so not the original WA was regularly running on.)
Since end of August (when an Upgrade of WA has destroyed my chat history database) I have tried several attempts to restore it by downgrading WA to 2.20.64 and 2.20.89, so the key I have now is not the original of what the crypted backup was created with.
Moreover, due to a database schema error my chat history can only be loaded with WA version previous to 2.20.89 (this is why: https://medium.com/@leonardocezaryc...hatsapp-windows-phone-to-android-6b225918af55)
My experiments now led to the situation, that I not any more can register any pre-2.20.89 version by the SMS verification process, even though I dated my phone back to mid of August.
Thus I currently have no working installation with all my chat history where I could extract a crypto key from.
2) Any ideas how i can bypass Whatsapp to complain about its expired versions and register by SMS again?
3) Is it a hard-coded deadline in the binaries of the app?
4) Does the crypt key change between installations and become incompatible? I wonder, how to restore any old backup then...
Thanks!

samruthstom said:
Hello,
Does anyone know if by any chance KEY file gets deleted on old phone when whatsapp is activated on a new phone and old phone whatsapp gets locked asking for conf code by SMS?
I rooted android 4.x.x
I then searched using ez file manager in root and in data/data /com.whatsapp but i do not see a KEY file.
Click to expand...
Click to collapse
Yes - upon inactivation WA 2.20.89+ destroys the "key" file and instead creates a "backup_token" file.
It is recoverable by activating it via SMS code.
---------- Post added at 07:40 PM ---------- Previous post was at 07:26 PM ----------
heyvijay said:
I have whatsapp db.crypt12 file. I am novice in Mobile. Can anybody make that file readable professionally for me? I am ready to pay for this.
Click to expand...
Click to collapse
What kind of problem can't you solve so far?
There is a commercial solution called "Elcomsoft eXplorer for WhatsApp ".
I also would like and am about to try it out, if you are interested, we can share the costs of it.

After years of successfully using this to access MY chat data, this week it stopped working :-(
WhatsApp on my phone looks to have updated to v2.21.8.17 and is now generating local backups with a .crypt14 extension instead of .crypt12.
Unsurprisingly, this chokes on this with the error Key file mismatch or crypt12 file is corrupt.
However, armed with hexdump and a bit cunning, I've worked out how to tweak the python so that it successfully decodes .crypt14 files.
in a .crypt14 file ... [.py hacks in decrypt12 function shown below in square brackets]
... t2 is at offset 14 [so change to crypt12.seek(14) t2 = crypt12.read(32)]
... iv is at offset 66 [change to crypt12.seek(66) iv = crypt12.read(16)]
... encrypted content starts at offset 99, (I haven't yet worked out the correct amount of footer to remove, but removing 0 seems to result in a successful decryption so far) [change to crypt12.seek(99) primer(tf, crypt12, 0)]
I've also noticed that the 16 bytes at offset 62 to 77 in the key file also appear in the .cryptX file, just like the t bytes at offset 30 to 61 do.
In a .crypt12 file they are at offset 35 to 50.
In a .crypt14 file they are at offset 48 to 63.
In my code I've called these x1 and x2 and do the same equality check as happens for t1 and t2.
In addition, in the .crypt14 file, bytes at 86 to 94 look to contain the WA version number, so in my case 2.21.8.17 - presumably the version that wrote the .crypt14 file. I suspect that when the version number rolls over to more digits (e.g. 2.21.10.10) then the offset to the start of the encrypted content (currently 99 in my backup files) might well change?

adflyer said:
After years of successfully using this to access MY chat data, this week it stopped working :-(
WhatsApp on my phone looks to have updated to v2.21.8.17 and is now generating local backups with a .crypt14 extension instead of .crypt12.
Unsurprisingly, this chokes on this with the error Key file mismatch or crypt12 file is corrupt.
However, armed with hexdump and a bit cunning, I've worked out how to tweak the python so that it successfully decodes .crypt14 files.
in a .crypt14 file ... [.py hacks in decrypt12 function shown below in square brackets]
... t2 is at offset 14 [so change to crypt12.seek(14) t2 = crypt12.read(32)]
... iv is at offset 66 [change to crypt12.seek(66) iv = crypt12.read(16)]
... encrypted content starts at offset 99, (I haven't yet worked out the correct amount of footer to remove, but removing 0 seems to result in a successful decryption so far) [change to crypt12.seek(99) primer(tf, crypt12, 0)]
I've also noticed that the 16 bytes at offset 62 to 77 in the key file also appear in the .cryptX file, just like the t bytes at offset 30 to 61 do.
In a .crypt12 file they are at offset 35 to 50.
In a .crypt14 file they are at offset 48 to 63.
In my code I've called these x1 and x2 and do the same equality check as happens for t1 and t2.
In addition, in the .crypt14 file, bytes at 86 to 94 look to contain the WA version number, so in my case 2.21.8.17 - presumably the version that wrote the .crypt14 file. I suspect that when the version number rolls over to more digits (e.g. 2.21.10.10) then the offset to the start of the encrypted content (currently 99 in my backup files) might well change?
Click to expand...
Click to collapse
It's not working for me for some reason. I don't know what I am missing here. Can you provide the modified code itself?

Related

how to read data from file???

hi,
i want to get data from a specified directory. how to write it???
PS: i use win32
Which File?
Use an opendialogbox to select it first, then ReadFile() to get the data.
Code:
// Variables required
OPENFILENAME ofn; // File dialog box structure
HANDLE hFile; // File Load/Save handle
TCHAR szFile[MAX_PATH] = TEXT("\0");
// Respond to your 'Open' menu item
case ID_MENU_OPEN: // Depends on the value the Menu creator has given it, or what you have changed it to.
memset(&(ofn), 0, sizeof(ofn));
ofn.lStructSize = sizeof(ofn);
ofn.hwndOwner = hWnd;
ofn.lpstrFile = szFile;
ofn.nMaxFileTitle = MAX_PATH;
ofn.nMaxFile = MAX_PATH;
ofn.lpstrFilter = TEXT("Text Files\0*.TXT\0"); // Set filter here if required
ofn.lpstrTitle = TEXT("Open File");
ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST;
if (GetOpenFileName(&ofn))
{
hFile=CreateFile(szFile,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,NULL);
if(hFile == INVALID_HANDLE_VALUE)
{
//Error!!!! Do something
}
else
{
// Use function ReadFile() here using file handle hFile to read your data.
// What you do here depends on the file structure.
// If it is binary data read a block/record at a time into a buffer/structure,
// If it is CR/LF delimited text read it a byte at a time and transfer it into another text buffer. Parse for the CR/LF end of line then do whatever with it.
CloseHandle(hFile);
}
Saving is the same as the above but instead use
Code:
ofn.Flags = OFN_EXPLORER | OFN_OVERWRITEPROMPT;
hFile=CreateFile(szFile,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
and WriteFile() to save the data.

[?]How to read binary file in xna?

I need read 10 byte in fileName and save it into bitLevel
My code:
PHP:
test = 0;
byte[] bitLevel = new byte[10];
string fileName = "levels\\";
switch(iChap){
case 1: fileName += "beginner.dat";
break;
case 2: fileName += "normal.dat";
break;
case 3: fileName += "intermediate.dat";
break;
case 4: fileName += "expert.dat";
break;
}
using(FileStream fileStream = new FileStream(fileName, FileMode.Open, FileAccess.Read))
{
fileStream.Seek((iLevel - 1) * 10, SeekOrigin.Begin);
fileStream.Read(bitLevel, 0,10);
test = 1;
}
but bitLevel is empty
It seem it's not into codes under using, because I set test = 1; but it = 0;
can anybody help me?
//sorry my bad english
Use IsolatedStorageFile & IsolatedStorageFileStream instead of FileStream.
sensboston said:
Use IsolatedStorageFile & IsolatedStorageFileStream instead of FileStream.
Click to expand...
Click to collapse
is that ok?
can you show me demo code?
Code:
using (IsolatedStorageFile isf = IsolatedStorageFile.GetUserStoreForApplication())
try
{
using (IsolatedStorageFileStream inStream = new IsolatedStorageFileStream(fileName, FileMode.Open, isf))
{
byte[] buffer = new byte[10];
int numRead = inStream.Read(buffer, 0, 10);
Debug.Assert (numRead == 10);
}
}
catch (Exception e)
{
Debug.WriteLine(e.Message + "\n" + e.StackTrace);
}
But this code for ISF only; I don't really know where are your files located (as resources or may be content). You should understand what are you trying to read first
If you added these files as a content to your project, you should read 'em from the TitleContainer
Code:
using (var inStream = TitleContainer.OpenStream(fileName))
using (StreamReader streamReader = new StreamReader(inStream))
... and so on...

[Q] Memory stream to Image tcp sockets

Im trying to send image from Android to C# ..im using memory stream to store buffer..when im trying to write memory stream to image it doesnt get created..here is my code
Code:
//MemoryStream ms;
NetworkStream netStream = tcp.GetStream();
MemoryStream outStream = new MemoryStream();
byte[] buffer = new byte[(int)tcp.ReceiveBufferSize];
int bytesRead = 0, read = 0;
while ((read = netStream.Read(buffer, 0, buffer.Length)) > 0)
{
outStream.Write(buffer, 0, read);
outStream.Seek(0, SeekOrigin.Begin);
bytesRead += read;
}
Image image = Image.FromStream(outStream);
image.Save(@"B:\A\imageTekkst.png");

Trying to patch Galaxy Store .apk -> SEMS:SamsungAccount: [SignatureCheckUtil]

I'm trying to patch apk mentioned in title. Unpacking and packing back with apktool works well and application can be successfully installed on device and I can browse all applications in store but not all functionality is working. When I try to open My Applications or try to install any new application from store then it briefly blink like trying to switch activity window and nothing else happens. Of course my first assumption was some additional security mechanism is in place so quick look in logcat... and here it is (timestamps removed for clarity):
Code:
I SEMS:SamsungAccount: ================ checkSignatureValidation ================================================
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : false
I SEMS:SamsungAccount: [AccountResponse] appId is matched
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : continue
I SEMS:SamsungAccount: [AccountResponse] appId is matched
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : continue
I SEMS:SamsungAccount: [AccountResponse] appId is matched
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : continue
I SEMS:SamsungAccount: [AccountResponse] appId is matched
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : widgetapp.samsungapps./64/3cf08
I SEMS:SamsungAccount: [AccountResponse] appId is matched
I SEMS:SamsungAccount: [AccountResponse] isSHA2Matched : sa_apps/64/c67d7
I SEMS:SamsungAccount: [AccountResponse] hash value or app id of this apk is not registered. plz register!!!!!!!
I SEMS:SamsungAccount: [AccountResponse] wrong hashcode : sa_apps/64/06bb6
I SEMS:SamsungAccount: [AccountResponse] checkSignatureValidation - false, sa_apps
I SEMS:SamsungAccount: [SignatureCheckUtil] Not matched cache data of signature
I SEMS:SamsungAccount: [SignatureCheckUtil] start request signatureList
I SEMS:SamsungAccount: [SignatureCheckUtil] Server app list : last server request time is not expired.
I SEMS:SamsungAccount: [SignatureCheckUtil] Server app list : last server request time : 20200215174048
I SEMS:SamsungAccount: [RATA] setFailedResult()
I SEMS:SamsungAccount: [RequestAccessTokenActivity] setResultWithLog resultCode=[1]
I SEMS:SamsungAccount: [RequestAccessTokenActivity] errorCode=[SAC_0205], errorMsg[The signature of this application is not registered with the server.]
From this tiny part of log i can assume that:
Some process is calculating SHA256 signature of file
It is compared with some table of allowed hashes/signatures
This table is cached and is valid for some time
But except that I'm little bit dry about ideas where this table is cached and how can I modify it. Any help appreciated!
--- update ---
Basing on procID from logcat now i know that package: com.samsung.android.mobileservice is responsible for this hash checking. After code investigation I found that the file with hashes is located here:
Code:
/data/data/com.samsung.android.mobileservice/files/package_info.xml
and in that file we can find this entries related to com.sec.android.app.samsungapps:
Code:
<packageInfo>
<appID><![CDATA[6mztkyy858]]></appID>
<package><![CDATA[com.sec.android.app.samsungapps]]></package>
<signature><![CDATA[-109254120]]></signature>
<signature2><![CDATA[]]></signature2>
</packageInfo>
....
<packageInfo>
<appID><![CDATA[6mztkyy858]]></appID>
<package><![CDATA[com.sec.android.app.samsungapps]]></package>
<signature><![CDATA[-965053021]]></signature>
<signature2><![CDATA[]]></signature2>
</packageInfo>
...
<packageInfo>
<appID><![CDATA[6mztkyy858]]></appID>
<package><![CDATA[com.sec.android.app.samsungapps]]></package>
<signature><![CDATA[2040106259]]></signature>
<signature2><![CDATA[c67d72638ec349719fea61118b32f06eb96125b3d687f3d6c521e34f669703e2]]></signature2>
</packageInfo>
signature2 in last entry length is equal to sha256 hash
Below is full function of hash checking:
Code:
private static boolean checkSignature2Validation(Context paramContext, ArrayList<PackageSignatureInfo> paramArrayList, String param_appID, String param_packageName, boolean paramBoolean)
throws PackageManager.NameNotFoundException
{
String[] arrayOfString = null;
Signature[] arrayOfSignature = paramContext.getPackageManager().getPackageInfo(param_packageName, 64).signatures;
int i;
int k;
if ((arrayOfSignature != null) && (arrayOfSignature.length > 0))
{
arrayOfString = new String[arrayOfSignature.length];
i = 0;
int j = arrayOfSignature.length;
for (k = 0;; k++)
{
paramContext = arrayOfString;
if (k >= j) {
break;
}
arrayOfString[i] = HashUtil.getSHA256(arrayOfSignature[k].toCharsString());
LogUtil.getInstance().logD(param_packageName + ", sha2Arr[i]:" + arrayOfString[i]);
i++;
}
}
LogUtil.getInstance().logI("AccountResponse", "sigs is empty");
paramContext = arrayOfString;
boolean bool = false;
if (paramContext != null) {
bool = isSHA2Matched(paramArrayList, param_appID, paramContext, param_packageName, paramBoolean);
}
if (!bool)
{
LogUtil.getInstance().logI("AccountResponse", "hash value or app id of this apk is not registered. plz register!!!!!!!");
LogUtil.getInstance().logD("AccountResponse", "appID : " + param_appID);
if (paramContext != null)
{
i = paramContext.length;
for (k = 0; k < i; k++)
{
paramArrayList = paramContext[k];
LogUtil.getInstance().logI("AccountResponse", "wrong hashcode : " + RestrictionStringRemovalUtil.getInstance().getAvailableKeyString(param_packageName) + "/" + hashCodeToLog(paramArrayList));
}
}
}
return bool;
}
Can i somehow retrieve value of paramContext.getPackageManager().getPackageInfo(param_packageName, 64).signatures; with ADB to confirm my guess?

update.zip without update-binary or updater-script?

I've finally gotten up to speed with OTA and manual updates using a zip file.
They all had META-INF/com/google/android/update-binary and updater-script.
And yes, I know a bit about the Edify (and previous Aroma) script languages.
So, imagine my surprise when I got some questions from people about "update.zip" that has a payload.bin and signing but none of this updater stuff I've come to rely on.
Has anybody seen this? Where did it come from?
Ok, I'm not up to speed and living in the past.
The new OTA update format has everything packed into a payload.bin
It does not use any scripts.
There appears to be no formal documentation of the format, although there is source code.
https://cs.android.com/android/plat...er:system/update_engine/update_metadata.proto
See also: https://source.android.com/docs/core/ota
TLDR: The embedded manifest (as protobuf) lists the operations to be performed using embedded compressed files.
Code:
REPLACE = 0; // Replace destination extents w/ attached data.
REPLACE_BZ = 1; // Replace destination extents w/ attached bzipped data.
MOVE = 2; // Move source extents to target extents.
BSDIFF = 3; // The data is a bsdiff binary diff.
SOURCE_COPY = 4; // Copy from source to target partition
SOURCE_BSDIFF = 5; // Like BSDIFF, but read from source partition
ZERO = 6; // Write zeros in the destination.
DISCARD = 7; // Discard the destination blocks, reading as undefined.
REPLACE_XZ = 8; // Replace destination extents w/ attached xz data.
PUFFDIFF = 9; // The data is in puffdiff format.
BROTLI_BSDIFF = 10; // Like SOURCE_BSDIFF, but compressed with brotli.
ZUCCHINI = 11;
LZ4DIFF_BSDIFF = 12;
LZ4DIFF_PUFFDIFF = 13;

Categories

Resources