Making complex data simple and compelling
From digital device to digital evidence
Unlock your vehicle's digital evidence potential
Forensic Analysis and Enhancement
Investigating and analyzing financial records
Gain access to the online accounts of deceased loved ones
Clear, precise evidence for a messy world
Expert reports to suit your specific needs
We can locate people anywhere
Stop worrying and learn the truth
Prevent, Detect, Respond To Cyberattacks
First response is crucial. Every minute counts.
The first response is critical to reduce liability
Detection & Removing Spyware Services
Reduce your electronic risk from digital transmittals
Find out who you are really talking to
Experienced, Confidential Services
Swift, professional incident response
Complicated cases require compelling digital facts
Find, recover and document digital evidence
Bring solid evidence before a judge
Cases can be investigated using Social Media
Divorce, custody battles, and other
Win the most important battle of your life
Everything you need
Effective Expert Witness in Court
Evidence shows who is telling the truth
Subpoena power yields strong evidence
Digital evidence can build a strong defense
Go to court with compelling digital evidence
Every month our lab receives lots of requests to decrypt encrypted WhatsApp databases without the crypt key. In this article we’ll speak about available methods of the key extraction or recovery and the perspectives of decryption of encrypted WhatsApp databases without the crypt key.
WhatsApp crypt key location
So, what is the crypt key? It is a file with “key” name stored in userdata/data/сom.whatsapp/files/.
Figure 1. The “key” file
The crypt key extraction and recovery
The main problem of decryption encrypted WhatsApp databases is that the key is always stored on the device, but encrypted databases can be also stored on it’s SD card, for example.
Figure 2. Encrypted WhatsApp databases
Usually to extract the crypt key a digital forensic examiner must perform a physical extraction from the device. But it’s not always possible due to software and hardware issues of some mobile devices. Of course, there are methods of extraction the crypt key from non-rooted devices, but these techniques can be applied to a limited number of devices.
If your client has the SIM-card used for the crypt key generation on the examined device, we can get a new key via reinstalling WhatsApp. The new key can be used to decrypt old databases.
The crypt key mining: a digital forensic examiner can try to recover the deleted key from the examined mobile device. Of course, you’ll need a physical image of the device. Extract strings and choose those with morphology similar to the crypt keys. Then try to use these keys to decrypt the encrypted databases you got.
The perspectives of decryption of encrypted WhatsApp databases without the crypt key
Nowadays there are no public solutions for decryption of encrypted WhatsApp databases without the crypt key.
Figure 3. Decrypted WhatsApp database (confidential information is not displayed)
In our opinion there are two main ways to solve the problem:
If you have any questions on WhatsApp databases decryption feel free to contact us using this form.
About the authors:
Igor Mikhaylov
Interests: Computer, Cell Phone & Chip-Off Forensics
Oleg Skulkin
Interests: iOS forensics, Android forensics, Mac OS X forensics, Windows forensics, Linux forensics
very usfule
i need more help, can u help me
Ok, i’ve cracked a google account and have downloadedd the crypt12 db file from the google drive but i dos’t have any access to the users phone also i need an other way to crack the database. I’ve a 2 gforce 1080ti graphic cards, can i use thier GPUs to crack the database or it’s impossible because it’s a to long time? I meen when i need to wait mor then one billion years it’s not a practicular way for a atac but what is with rainbow tables?
And other quastion, have someone found any backdoors or exploits for the whatsapp algorytm?
through which application your encrypted that less amount of whatsapp data? i know there isnt showing confidential info but msgs. How did you get that?
I’ve tried to extract WhatsApp Crypt Key from Android 7.0 WhatsApp 2.18.361 and it is not working. Apparently it is an issue with Android 7.
https://github.com/EliteAndroidApps/WhatsApp-Key-DB-Extractor/issues/10
I physically have the phone. Do you know of a method I can used, even if with paid software, to get the key file?
“reverse engineering of WhatsApp code in order to understand the encryption algorithm.” the encryption algorithm used by WA is known (AES based). The only missing part is the access to the key generation algo that looks to be done on their servers. So two possibilities, they generate them in a deterministic way (get the salt and the algo running on their servers) or they are randomly generated… find a hole in their webservices to get keys without the sms/phonecall handshake
Any body help me on decrypting encrypted whatsapp database file without key ?
i need help you for crypt14 whatapp file open without key
did you find any solution???
jhonvillegas@gmail.com Please read me I need help you
I have doubts sir..can you contact me
You can contact us through the “Request help” form
Hi!
Nice atricle and amazing blog by the way… Forensics stuffs are always challengers and very interesting.
I have here both the key and the whatsapp database, because I can access the smartphone phiscally.
My question is: which software I need to use to decrypt the database and read the messages? Any tip on this?
Thanks
WhatsApp viewer
How to get whatsapp key from android 8.0 or above and is same key will work on old whatsapp database like crypt 7 ,8 . How to decrepyt old and new one database ?
Hi, I do access to an icloud account and I managed to download “ChatStorage.sqlite.enc” file. I have icloud username and password, phone IMEI and I know the phone number, but I do not have access to the number.
So, how can I decrypt the database?
Thanks,
have the whatsapp-key of a samsung s7, but it is migrated to a Xiomi 10, the number is the same, I can somehow modify the key to continue reading the messages
I’m using Huawei Y7 2018 and it seems it doesn’t create any key in the andress Android/data/com.whatsapp folder. All I find in there is a file written “cache” and nothing else. Is there anyway I can get the key for crypt 14 WHATSAPP DATABASE?
Please enter the result of the calculation above.
Save my name, email, and website in this browser for the next time I comment.
Δ
Speak to a Specialist Now
Get Help Now