On Android, WhatsApp stores encrypted copies of the chat messages onto the SD card. These encrypted copies are denoted by the .crypt
, .crypt5
, .crypt6
and .crypt7
file extensions. They are generated from the master database file stored in the following location:
1 |
/data/data/com.whatsapp/databases/msgstore.db |
The WhatsApp master message store database, msgstore.db
, is a SQLite database containing all of the WhatsApp chat messages. This file is not encrypted in any way.
But, without root, accessing any data from the Android /data
partition directly except within the application code is not possible. But there’s a loophole – all the application data or files within /data/data/com.whatsapp
directory can be extracted using the Android ADB Backup feature.
To use the Android ADB Backup feature, your phone must be on at least Android 4.0. You will also need to install Android ADB installed on your computer and USB Debugging
must be enabled on your phone.
Extract WhatsApp Application Data
Connect the phone to your computer’s USB port and perform a backup using ADB.
1 |
$ adb backup -f whatsapp.ab -noapk com.whatsapp |
This will cause a prompt on your phone as shown below. Click on the “Back up my data
” button without providing a password.
Once the backup has been completed, you will see a file called whatsapp.ab
on your computer. The .ab
extension stands for Android Backup
. To extract files from the file, we will first need to convert it to a tar archive.
1 |
$ dd if=whatsapp.ab ibs=24 skip=1 | openssl zlib -d > whatsapp.tar |
Determine the msgstore.db
file location within the tar archive.
1 2 3 |
$ tar tvf whatsapp.tar | grep msgstore.db -rw------- 10188/10188 14960 2014-06-01 14:03 apps/com.whatsapp/db/msgstore.db-journal -rw------- 10188/10188 14642176 2014-06-01 14:03 apps/com.whatsapp/db/msgstore.db |
The file is at “apps/com.whatsapp/db/msgstore.db
“. Extract the file to the current working directory.
1 2 |
$ tar xf backup.tar apps/com.whatsapp/db/msgstore.db $ mv apps/com.whatsapp/db/msgstore.db . |
You can now perform queries on the msgstore.db
database file using the sqlite3
command.
1 |
$ sqlite3 msgstore.db |
WhatsApp has gone to great lengths to come up with new encryption algorithms to encrypt the database messages saved on the SD card. But, I guess they have not thought about this loophole yet.