have you hired a hacker to spy on spouse quora

Introduction：

2、Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More

Decrypting the WhatsApp Database ♂

　　INTRODUCTION

　　WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc.

　　WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2, crypt5, crypt7, crypt8 to encrypt all the data so that no one could read the messages from the database file. But those very same files can be easily decrypted without a key.

　　Steps to Perform WhatsApp Database Extraction With Android

　　Step 1: To use adb, first we need to enable the USB Debugging feature under Setting -> Developer options on the device.

　　Step 2: From the command prompt, we can initiate the connection with the android device with ‘adb devices’? command.

　　Step 3: Download any WhatApp version between 2.11.4xx range and degrade your preinstalled WhatsApp by installing it using the command as shown below.

　　NOTE: Here you are overwriting your WhatsApp application with older one. Once installation is done you will always receive an error as it is an older version of WhatsApp.

　　Step 4: Using ‘adb backup’ create a backup file named ‘whatsapp.ab’ from the WhatsApp package that is? entitled as “com.whatsapp” on the android devices.

　　The ‘.ab’ file extension which is shown in the below image is associated with the Google’s Android Debug Bridge (adb) command line utility which is circulated as a part of Google Android SDK that allows the developers to communicate with the android phones through cables. A ‘.ab’ file stores the backup of the device comprising of apps, system data, system settings etc.

　　NOTE: If any no backup is generated or any error occurs then, go to whatsapp à select ‘settings’? à select ‘chat’ à select ‘backup option as back up on local device’ à Then select ‘Backup’ and wait for the backup to get completed.

　　Step 5: Select ‘Back Up My Data’ option on your android device and keep password field blank.

　　Step 6: Now, a ‘whatsapp.ab’ file is created as shown below:

　　Step 7: ‘abe.jar’ is a utility used to extract and repack the android backup files? that are created with the ‘adb backup’ command. We will now extract the ‘whatsapp.ab’ file and name the extracted file as ‘whatapp.tar’ where ‘.tar’ is the archived file containing many other files.

　　Step 8: Once ‘whatsapp.tar’ file is created, then extract it with WinRAR (or ‘tar -x’ command in Linux).

　　Step 9: After extraction completes, a folder named ‘whatsapp’ is created and following are contents of that folder shown in image.

　　Step10:? We are only interested in ‘msgstore.db’ and ‘wa.db’ file. Use a utility called ‘Whatsapp Viewer’ and give the path of ‘msgstore.db’ and ‘wa.db’ as shown below.

　　Here ‘msgstore.db’ stores all the messages along with attachments and ‘wa.db’ stores all the information related to the contacts.

　　NOTE: IOS whatsapp database extraction commands are different than that of android. Also after doing the above process, user has to upgrade his WhatsApp from Playstore in order to use it again.

　　Step 11:? Below Screenshot, shows you will see all the chat messages, that were extracted from the database.

Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More ♂

　　Research By: Dikla Barda, Roman Zaikin and Oded Vanunu

　　According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. The average user checks WhatsApp more than 23 times per day. And, the number of WhatsApp users in USA is predicted to grow to 25.6 million by 2021.

　　Given all the chatter, the potential for online scams, rumors and fake news is huge. Threat actors have an additional weapon in their arsenal to leverage the messaging platform for their malicious intentions.

　　Towards the end of 2018, Check Point Research notified WhatsApp about new vulnerabilities in the popular messaging application that would enable threat actors to intercept and manipulate messages sent in both private and group conversations, giving attackers the power to create and spread misinformation from what appear to be trusted sources.

　　The Check Point Research team?observed three possible methods of attack exploiting this vulnerability – all of which involve social engineering tactics to fool end-users. A threat actor may:

　　Use the ‘quote’ feature in a group conversation to change the identity of the sender, even if that person is not a member of the group.

　　Alter the text of someone else’s reply, essentially putting words in their mouth.

　　Send a private message to another group participant that is disguised as a public message for all, so when the targeted individual responds, it is visible to everyone in the conversation.

　　WhatsApp fixed the 3rd vulnerability which enabled threat actors to send a private message to another group participant disguised as a public message for all. But, we found that it is still possible to manipulate quoted messages and spread misinformation from what appear to be trusted sources.

　　Following the process of Responsible Disclosure, Check Point Research informed WhatsApp of its findings. From Check Point Research’s perspective, we believe these vulnerabilities to be of the utmost importance and require attention.

　　To demonstrate the severity of this vulnerability in WhatsApp, we created a tool that allows us to decrypt WhatsApp communication and spoof the messages.

　　As is well-known, WhatsApp encrypts every message, picture, call, video or any other type of content you send so that only the recipient can see it. WhatsApp does not have the ability to view these messages.

　　Figure 1:?WhatsApp Encrypted Chat

　　These encryption processes caught our attention, and we decided to try to reverse the WhatsApp’s algorithm to decrypt the data. Indeed, after decrypting the WhatsApp communication, we found that WhatsApp is using the “protobuf2 protocol” to do so.

　　By converting this protobuf2 data to Json we were able to see the actual parameters that are sent and manipulate them in order to check WhatsApp’s security.

　　The outcome of our research is a?Burp Suit Extension?and?3 Manipulation methods (the 3rd one was fixed our we disclosure the vulnerability to WhatsApp)

　　To start the manipulation, though, we first have to get the private and public key of our session and fill it in our burpsuit extension.

　　If you are interested in a detailed explanation about how the encryption actually works behind the scenes, please read the technical details from our blog at 2018:

　　https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

　　Accessing the Keys

　　The keys can be obtained from the key generation phase from WhatsApp Web before the QR code is generated:

　　Figure 2:?Public and Private Key of the Communication

　　After we take these keys, we need to take the “secret” parameter which is sent by the mobile phone to WhatsApp Web while the user scans the QR code:

　　Figure 3:?The Secret Key from the WebSocket

　　As a result of this, our extension will look like the below:

　　Figure 4:?WhatsApp Decoder Burp Extension

　　After clicking on “Connect”, the extension connects to the extension’s local server, which performs all the tasks required for the extension.

　　Manipulating WhatsApp

　　By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This enabled us to then manipulate them and start looking for security issues.

　　This resulted in us to carry out a variety of attack types described below:

　　Attack 1:?Change the Identity of a Sender in a Group Chat, Even If They Are Not a Member of the Group

　　In this attack, it is possible to spoof a reply message to impersonate another group member and even a non-existing group member, for example, ‘Mickey Mouse’.

　　To impersonate someone from the group, all the attacker need do is catch the encrypted traffic:

　　Figure 5:?Encrypted WhatsApp Communication

　　Once the traffic is captured, he can simply send it to an extension which will then decrypt the traffic:

　　Figure 6:?Decrypting the WhatsApp Message

　　By Using Our Extension

　　The interesting parameters to note here are:

　　conversation?– This is the actual content which is sent.

　　participant?– This is the participant that actually sent the content.

　　fromMe?– This parameter indicates if I sent the data or someone else in the group did.

　　remoteJid?– This parameter indicates to which group/contact the data is sent.

　　id?– The id of the data. The same id will appear in phone databases.

　　And this is the point where interesting things begin to happen…

　　For example, we can change the conversation to something else. The message with the content “Great!” sent by a member of a group, for instance, could be changed to something else like: “I’m going to die in a hospital right now” and the participant parameter could also be changed to someone else from the group:

　　Figure 7:?A?Spoofed Reply Message

　　Note that we have to change the?id?to something else because it is already sent and appears in the database.

　　In order to make everyone see the new spoofed message the attacker needs to reply to the message he spoofed, quoting and changing that message (“Great”) in order for it be sent to everyone in the group.

　　As you can see in the below screenshot, we created a new group where no previous messages were sent, and by using the method from above we were able to create a fake reply.

　　Figure 8:?The Original Conversation

　　The?‘participant’?parameter can also be a text or a phone number of someone that is not in the group, which would cause everyone in the group to believe that it is actually sent from this participant.

　　For example:

　　Figure 9:?Changing The Content Of The Message

　　By Using Our Debugging Tool

　　…and the result will look like this:

　　This would again be sent to everyone in the group as before.

　　Figure 10:?Reply To a Message That Sent From

　　Someone Outside of the Group

　　Attack 2: Changing a Correspondent’s Reply To?Put Words in Their Mouth

　　In this attack, the attacker is able to manipulate the chat by sending a message back to himself on behalf of the other person, as if it had come from them. By doing so, it would be possible to incriminate a person, or close a fraudulent deal, for example.

　　In order to spoof the messages, we have to manipulate the ‘fromMe’?parameter in the message, which indicates who sent the message in the personal chat.

　　This time we will capture the outgoing message from WhatsApp Web before it is even sent to our Burp Suite. In order to do that, we can put a break point on the?aesCbcEncrypt?function and take the data from the ‘a’ parameter:

　　Figure 11:?OutGoing Message Manipulation

　　We will then copy this data to our Burp extension and select the outgoing direction. By pressing on “Decrypt”, our extension will decrypt the data:

　　Figure 12:?Decryption of Outgoing Message

　　After changing it to false and encrypting it back we then get the below result:

　　Figure 13:?Encryption of Outgoing Message

　　We have to then modify the ‘a’ parameter in our browser, and the result will be a push notification with the content. In this way, it is even possible to spoof the entire chat.

　　Figure 14:?Sending Messages To Myself

　　on Behalf of Someone Else.

　　The whole conversation will then look like this: