How to Extract Unencrypted Whatsapp Chat Messages

On Android, WhatsApp stores encrypted copies of the chat messages onto the SD card. These encrypted copies are denoted by the .crypt, .crypt5, .crypt6 and .crypt7 file extensions. They are generated from the master database file stored in the following location:

/data/data/com.whatsapp/databases/msgstore.db

The WhatsApp master message store database, msgstore.db, is a SQLite database containing all of the WhatsApp chat messages. This file is not encrypted in any way.

But, without root, accessing any data from the Android /data partition directly except within the application code is not possible. But there’s a loophole – all the application data or files within /data/data/com.whatsapp directory can be extracted using the Android ADB Backup feature.

To use the Android ADB Backup feature, your phone must be on at least Android 4.0. You will also need to install Android ADB installed on your computer and USB Debugging must be enabled on your phone.

Extract WhatsApp Application Data

Connect the phone to your computer’s USB port and perform a backup using ADB.

$ adb backup -f whatsapp.ab -noapk com.whatsapp

This will cause a prompt on your phone as shown below. Click on the “Back up my data” button without providing a password.

adb-backup-prompt

Once the backup has been completed, you will see a file called whatsapp.ab on your computer. The .ab extension stands for Android Backup. To extract files from the file, we will first need to convert it to a tar archive.

$ dd if=whatsapp.ab ibs=24 skip=1 | openssl zlib -d > whatsapp.tar

Determine the msgstore.db file location within the tar archive.

$ tar tvf whatsapp.tar | grep msgstore.db
-rw------- 10188/10188   14960 2014-06-01 14:03 apps/com.whatsapp/db/msgstore.db-journal
-rw------- 10188/10188 14642176 2014-06-01 14:03 apps/com.whatsapp/db/msgstore.db

The file is at “apps/com.whatsapp/db/msgstore.db“. Extract the file to the current working directory.

$ tar xf backup.tar apps/com.whatsapp/db/msgstore.db
$ mv apps/com.whatsapp/db/msgstore.db .

You can now perform queries on the msgstore.db database file using the sqlite3 command.

$ sqlite3 msgstore.db

WhatsApp has gone to great lengths to come up with new encryption algorithms to encrypt the database messages saved on the SD card. But, I guess they have not thought about this loophole yet.

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }