wa-crypt-tools icon indicating copy to clipboard operation
wa-crypt-tools copied to clipboard
verified publisher icon ElDavoo

Reproducible re-encryption stopped working

Open Esokrates opened this issue 3 months ago • 1 comments

First of all thanks for the great tool! I do regular backups of my Databases, where I decrypt the databases and store the relevant data to re-encrypt the databases again. I built an automatic test, that always checks whether the re-encrypted database has the same hash as the originally exported database. That worked fine until recently.

It seems WhatsApp changed something recently, as I am unable to obtain the exact same file when re-encrypting. My last working database had the following:

Key type: 1
WhatsApp version: 2.25.18.80
Backup version: 1
Features: [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39]
Max feature number: 39

With the following it does not work anymore:

Key type: 1
WhatsApp version: 2.25.21.82
Backup version: 1
Features: [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39]
Max feature number: 39

Decryption works without errors, but the re-encrypted database is no longer the same.

Esokrates avatar Sep 26 '25 05:09 Esokrates

Apart from the hashes, have you checked the file size of the original and re-encrypted crypt files?

From what I gather, it seems as if the WhatsApp application when it creates msgstore.db.crypt14/crypt15 is now using a different compression level and/or also the compression algorithm has diverged.

You can see in the @ElDavoo waencrypt.py code that it uses zlib with compression level 1.

In Python v3.13, for me the re-encrypted msgstore.db.crypt is about 5% larger than the original nowadays. But if I adjust waencrypt.py manually to zlib.compress(data, 9), it actually gets to within 2 bytes of the original file size. But there is still no exact match.

And note that in the recently-released Python v3.14, the implementation of zlib has changed, which results in significantly different file sizes: "It is worth noting that zlib.Z_BEST_SPEED (1) may result in significantly less compression than the previous implementation, whilst also significantly reducing the time taken to compress.". I noticed that waencrypt with the default "1" compression, for me Python 3.14 now results in a ~20% greater file size than the original .db.crypt file.

@Esokrates regardless of the different hash, have you tried to restore your database that had a different hash?

code-consensus avatar Nov 10 '25 09:11 code-consensus