How to Decrypt WhatsApp crypt5 Database Messages

A couple of weeks back, WhatsApp introduced a new way of encrypting the backup messages saved on the SD card. The article that I wrote last month on decrypting the WhatsApp messages will no longer work on the new crypt5 files.

This time round, more work needs to be done to decrypt the msgstore.db.crypt5 file. If you do not have a copy of the new encrypted file, pull a copy from your Android mobile at the below mentioned location.

/sdcard/WhatsApp/Databases/msgstore.db.crypt5

First, we need the primary Google e-mail account used in the mobile phone. We will then need to generate a MD5 hash of the e-mail account. For example, if the primary e-mail account is abcd@gmail.com, the MD5 value will be 46040c38d1cbe8ffcd3df6c8ba787951.

$ echo -n abcd@gmail.com | md5sum
46040c38d1cbe8ffcd3df6c8ba787951 *-

The MD5 hash will be a 32-digit hexadecimal value and we will need to convert it to a 48-digit value by appending the first 16 digits to the end of the original hash. So, 46040c38d1cbe8ffcd3df6c8ba787951 will become 46040c38d1cbe8ffcd3df6c8ba78795146040c38d1cbe8ff.

Next, we will need to perform an XOR operation on the 48-digit hash with a 48-digit key: 8d4b155cc9ff81e5cbf6fa7819366a3ec621a656416cd793. The end result will provide us with the decryption key. Note that a 32-digit IV (initialisation vector) value is also required together with the key for decryption. The IV value is 1e39f369e90db33aa73b442bbbb6b0b9.

We now have all the required parameters to decrypt the files using openssl. Open a terminal window and run openssl as shown below to decrypt the file.

$ openssl enc -aes-192-cbc -d -nosalt -in msgstore.db.crypt5 -out msgstore.db -K [key] -iv [iv]

Replace the [key] and [iv] accordingly with the actual values.

To make it a little easier, I have written a small shell script to automate the whole process.

Save the script as wacrypt5.sh and run the script like this:

wacrypt5.sh abcd@gmail.com msgstore.db.crypt5 > msgstore.db

Update (27-Apr-2014): Modified openssl command to include -nopad -bufsize 16384 options

Related: How to Decrypt WhatsApp crypt7 Database Messages

Related: How to Decrypt WhatsApp crypt8 Database Messages

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, perl, php, python, java, javascript, nodejs, angular, react); plays_on(xbox, ps4); linux_desktop_user(true); }