1

I'd like to write an Android Application which automatically decrypts my Whatsapp Database, so I followed this tutorial and translated it into Java. But then I noticed that there is no openssl binary on Android so I asked google how to decrypt aes manually but I could not find something useful.

So basically I got this shell command 

openssl enc -aes-256-cbc -d -nosalt -nopad  -bufsize 16384 -in msgstore.db.crypt7.nohdr -K $k -iv $iv > msgstore.db

with $k being a 64 digit hex-string. But when I tried to use it as the key for the aes decryption I get an InvalidKeyException with the message "Unsupported key size: 64 bytes". When I execute this command at my computer I works perfectly.

I am currently using this java code to decrypt the database and it fails at cipher.init:

public void decryptDatabase(String k, String iv)

throws InvalidKeyException, InvalidAlgorithmParameterException,
        NoSuchAlgorithmException, NoSuchPaddingException, IOException {

    File extStore = Environment.getExternalStorageDirectory();
    FileInputStream fis = new FileInputStream(extStore
            + "/WhatsApp/Databases/msgstore.db.crypt7.nohdr");
    FileOutputStream fos = new FileOutputStream(extStore + "/Decrypted.db");

    SecretKeySpec sks = new SecretKeySpec(k.getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
    cipher.init(Cipher.DECRYPT_MODE, sks,
            new IvParameterSpec(iv.getBytes()));
    CipherInputStream cis = new CipherInputStream(fis, cipher);
    int b;
    byte[] d = new byte[8];
    while ((b = cis.read(d)) != -1) {
        fos.write(d, 0, b);
    }
    fos.flush();
    fos.close();
    cis.close();
}

Please help me if you can :)

Thanks in advance, Citron

Citron
  • 21
  • 1
  • 6

1 Answers1

7

You need to convert the hex strings to byte arrays properly:

private static byte[] hexStringToByteArray(String s) {
    int len = s.length();
    byte[] data = new byte[len / 2];
    for (int i = 0; i < len; i += 2) {
        data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                             + Character.digit(s.charAt(i+1), 16));
    }
    return data;
}

public void decryptDatabase(String k, String iv) throws InvalidKeyException, InvalidAlgorithmParameterException,
        NoSuchAlgorithmException, NoSuchPaddingException, IOException {

    File extStore = Environment.getExternalStorageDirectory();
    FileInputStream fis = new FileInputStream(extStore
            + "/WhatsApp/Databases/msgstore.db.crypt7.nohdr");
    FileOutputStream fos = new FileOutputStream(extStore + "/Decrypted.db");

    SecretKeySpec sks = new SecretKeySpec(hexStringToByteArray(k), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
    cipher.init(Cipher.DECRYPT_MODE, sks,
            new IvParameterSpec(hexStringToByteArray(iv)));
    CipherInputStream cis = new CipherInputStream(fis, cipher);
    int b;
    byte[] d = new byte[8];
    while ((b = cis.read(d)) != -1) {
        fos.write(d, 0, b);
    }
    fos.flush();
    fos.close();
    cis.close();
}
HHK
  • 4,852
  • 1
  • 23
  • 40
  • thank you very much, that did it :) unfortunatelly I don't have enough reputation to vote up your answer :/ – Citron Jul 01 '14 at 15:08
  • Hi, can we fetch all contact Status from that database ? contact status means : people have set there status like : i m busy, available. etc, Cant Talk Whatsapp only – Sandy Angel Mar 13 '15 at 15:38
  • decryptDatabase(k, iv); what the 'k' and 'iv' in above call.can you please explain. – Ravi Bhandari May 04 '15 at 12:38