As WhatsApp put some effort into improving their encryption system, getting the data is not that easy anymore. With newer versions of WhatsApp it is no longer possible to use adb backup
. Apps can deny backups and the WhatsApp client does that. If you happen to have a rooted phone, you can use a root shell to get the unencrypted database file.
If you do not have root, you can still decrypt the data if you have an old WhatsApp APK. Find a version that still allows backups. Then you can make a backup of the app's data folder, which will contain an encryption key named, well, key
.
Now you'll need the encrypted database. Use a file explorer of your choice or, if you like the command line more, use adb:
adb pull /sdcard/WhatsApp/Databases/msgstore.db.crypt12
Using the two files, you could now use https://gitlab.com/digitalinternals/whatsapp-crypt12 to get the plain text database. It is no longer possible to use Linux board tools like openssl
because WhatsApp seems to use a modified version of the Spongy Castle API for cryptography that openssl does not understand.
As whatsapp is now using the crypt7 format, it is not that easy to get and decrypt the database anymore. There is a working approach using ADB and USB debugging.
You can either get the encryption keys via ADB and decrypt the message database stored on /sdcard, or you just get the plain version of the database via ADB backup, what seems to be the easier option.
To get the database, do the following:
Connect your Android phone to your computer. Now run
adb backup -f whatsapp_backup.ab -noapk com.whatsapp
to backup all files WhatsApp has created in its private folder.
You will get a zlib compressed file using tar format with some ADB headers. We need to get rid of those headers first as they confuse the decompression command:
dd if=whatsapp_backup.ab ibs=1 skip=24 of=whatsapp_backup.ab.nohdr
The file can now be decompressed:
cat whatsapp_backup.ab.nohdr | python -c "import zlib,sys;sys.stdout.write(zlib.decompress(sys.stdin.read()))" 1> whatsapp_backup.tar
This command runs Python and decompresses the file using zlib to whatsapp_backup.tar
Now we can unTAR the file:
tar xf whatsapp_backup.tar
The archive is now extracted to your current working directory and you can find the databases (msgstore.db and wa.db) in apps/com.whatsapp/db/