How to Decrypt WhatsApp Database Messages

WhatsApp does a backup of the messages at 4am (local time) every day to the SD card. On Android, this backup is an encrypted copy of the SQLite database containing all of the WhatsApp messages. If you want to read the messages on a computer, you will need to decrypt the file.

There are several tools available to decrypt the WhatsApp chats, but what we need is just the openssl utility.

On Android, pull the encrypted file from your phone at the below location:

/sdcard/WhatsApp/Databases/msgstore.db.crypt

We will now need to decrypt the file using AES using a 192-bit key that is:

346a23652a46392b4d73257c67317e352e3372482177652c

Open a shell or command prompt window and run openssl as shown.

openssl enc -d -aes-192-ecb -in msgstore.db.crypt -out msgstore.db -K 346a23652a46392b4d73257c67317e352e3372482177652c

The command will take the msgstore.db.crypt file as an input (specified with the -in option), perform AES decryption and write the output file to msgstore.db (specified with the -out option). Now, the output file can be read using the sqlite3 program or any other SQLite utility.

[ibrahim@anfield ~] $ sqlite3 msgstore.db
SQLite version 3.8.3 2014-02-03 13:52:03
Enter ".help" for instructions
Enter SQL statements terminated with a ";"

sqlite> .tables
chat_list  messages

sqlite> .schema chat_list
CREATE TABLE chat_list (_id INTEGER PRIMARY KEY AUTOINCREMENT, key_remote_jid TEXT UNIQUE, message_table_id INTEGER, subject TEXT, creation INTEGER);

sqlite> .schema messages
CREATE TABLE messages (_id INTEGER PRIMARY KEY AUTOINCREMENT, key_remote_jid TEXT NOT NULL, key_from_me INTEGER, key_id TEXT NOT NULL, status INTEGER, needs_push INTEGER, data TEXT, timestamp INTEGER, media_url TEXT, media_mime_type TEXT, media_wa_type TEXT, media_size INTEGER, media_name TEXT, latitude REAL, longitude REAL, thumb_image TEXT, remote_resource TEXT, received_timestamp INTEGER, send_timestamp INTEGER, receipt_server_timestamp INTEGER, receipt_device_timestamp INTEGER, raw_data BLOB, media_hash TEXT, recipient_count INTEGER, media_duration INTEGER, origin INTEGER);
CREATE UNIQUE INDEX messages_key_index on messages (key_remote_jid, key_from_me, key_id);

sqlite> .exit

To encrypt the file back, we will need to run openssl with the same key.

openssl enc -e -aes-192-ecb -in msgstore.db -out msgstore.db.crypt2 -K 346a23652a46392b4d73257c67317e352e3372482177652c

The openssl utility would have created an encrypted file called msgstore.db.crypt2 and if you perform a binary comparison between the original encrypted file, msgstore.db.crypt and this file, they should be exactly the same.

Update (22-Mar-2014): The WhatsApp database encryption method has recently been changed. Therefore this method will not work on the new crypt5 files.

Related: How to Decrypt WhatsApp crypt5 Database Messages

Related: How to Decrypt WhatsApp crypt7 Database Messages

Related: How to Decrypt WhatsApp crypt8 Database Messages

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }