WhatsApp-Key-Database-Extractor
WhatsApp-Key-Database-Extractor copied to clipboard
YuvrajRaghuvanshiS
"key" not found in archive.
Describe the bug A clear and concise description of what the bug is. After successfully unpacked tmp/whatsapp.ab, I get the error: bin\tar.exe: apps/com.whatsapp/f/key: Not found in archive To Reproduce Steps to reproduce the behavior:
- run 'py wa_kdbe.py --allow-reboot'
- See error
Terminal output
[15:25:32.135413] Current release date : 29/06/2021
[15:25:32.137406] Please read above instructions carefully ↑ . Continue? (default y) : y
[15:25:45.590360] If you haven't already, it is adviced to take a WhatsApp chat backup by going to WhatsApp settings → Chat Settings → Chat Backup. Hit Enter key to continue.
[15:25:47.385492] Connected to SM-J710MN
[15:25:51.622885] WhatsApp V2.21.15.20 installed on device
[15:25:51.624659] Found legacy WhatsApp V2.11.431 apk in helpers/ folder
[15:25:52.916548] Backing up WhatsApp 2.21.15.20 apk, the one installed on device to tmp/WhatsAppbackup.apk
/sdcard/WhatsAppbackup.apk: 1 file pulled, 0 skipped. 22.4 MB/s (35278159 bytes in 1.502s)
[15:25:55.255573] Apk backup complete.
[15:25:55.256522] Uninstalling WhatsApp, skipping data.
Success
[15:25:57.116690] Uninstalled.
[15:25:57.122670] Rebooting device, please wait.
[15:25:59.764903] Waiting for device...
[15:26:05.198433] Waiting for device...
[15:26:10.296512] Waiting for device...
[15:26:15.429150] Waiting for device...
[15:26:20.535821] Waiting for device...
[15:26:25.903811] Waiting for device...
[15:26:30.985005] Waiting for device...
[15:26:36.066944] Waiting for device...
[15:26:41.270304] Waiting for device...
[15:26:46.344071] Hit Enter key after unlocking device.
[15:26:48.439956] Installing legacy WhatsApp V2.11.431, hold tight now.
Performing Streamed Install
Success
[15:27:16.583067] Installation Complete.
Starting: Intent { cmp=com.whatsapp/.Main launchParam=MultiScreenLaunchParams { mDisplayId=0 mBaseDisplayId=0 mFlags=0 } }
[15:27:19.841462] Hit Enter key after running Legacy WhatsApp for a while. Ignore invalid date warning.
[15:27:41.079705] Backing up WhatsApp data as tmp/whatsapp.ab. May take time, don't panic.
WARNING: adb backup is deprecated and may be removed in a future release
Now unlock your device and confirm the backup operation...
[15:27:54.850835] Done backing up data. Size : 5325360 bytes.
[15:27:54.851833] Reinstallting original WhatsApp.
Performing Streamed Install
Success
[15:28:24.622327] Our work with device has finished, it is safe to remove it now.
[15:28:24.625315] Found whatsapp.ab in tmp folder. Continuing... Size : 5325360 bytes.
[15:28:24.627310] Enter a name for this user (default "user"). :
[15:28:40.790405] Enter same password which you entered on device when prompted earlier. :
[15:28:44.494607] Successfully unpacked tmp/whatsapp.ab to tmp/whatsapp.tar. Size : 16258560 bytes.
[15:28:44.495607] Folder extracted/ already exists.
[15:28:44.496602] Folder extracted/user already exists.
[15:28:44.496602] Taking out main files in tmp/ folder temporaily.
bin\tar.exe: apps/com.whatsapp/f/key: Not found in archive
bin\tar.exe: Error exit delayed from previous errors
[15:28:44.582810] [WinError 3] El sistema no puede encontrar la ruta especificada: 'tmp/apps/com.whatsapp/f/key' -> 'extracted/user/key'
[15:28:44.582810] Cleaning up tmp folder...
[15:28:44.592172] Exiting...
[15:28:44.701973] Hit 'Enter' key to continue....y
Desktop (please complete the following information):
- OS: Windows 10 Smartphone (please complete the following information):
- Device: Samsung Galaxy J7
- Android 7
- Samsung Experience 8.1
This is weird. Try running it with --tar-only flag that way this script won't try to extract and pull important files and just leave you with tar file. There you should find key and other files.
Hi! thank you very much for your help and time. I used both methods unsuccesfully.
- with --tar-only It manages to extract the tar file and I unzipped it, but aparently theres no key file anywhere.
- python's inbuilt tarfile. I get these errors:
[18:57:15.764995] Found whatsapp.ab in tmp folder. Continuing... Size : 5239983 bytes. [18:57:15.765994] Enter a name for this user (default "user"). : [18:57:44.023674] Enter same password which you entered on device when prompted earlier. : [18:57:47.405485] Successfully unpacked tmp/whatsapp.ab to tmp/whatsapp.tar. Size : 15712768 bytes. [18:57:47.406480] Folder extracted/ already exists. [18:57:47.409505] Folder extracted/user already exists. [18:57:47.410468] Taking out main files in tmp/ folder temporaily. [18:57:47.442477] key is not present in tarfile, Go and write @ 'https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor/issues/73' [18:57:47.444105] msgstore.db is not present in tarfile, Go and write @ 'https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor/issues/73' [18:57:47.450092] Extracted successfully in tmp/ : wa.db [18:57:47.451089] Copied to extracted/user successfully : wa.db [18:57:47.455080] Extracted successfully in tmp/ : axolotl.db [18:57:47.456077] Copied to extracted/user successfully : axolotl.db [18:57:47.457074] chatsettings.db is not present in tarfile, Go and write @ 'https://github.com/YuvrajRaghuvanshiS/WhatsApp-Key-Database-Extractor/issues/73' [18:57:47.459072] Cleaning up tmp folder... [18:57:47.465086] You should not leave these extracted database and other files hanging in folder, it is very insecure. [18:57:47.465973] Would you like to create a password protected archive? (default y) : n
That is not right. While using tar-only had you gone through all folder in that tar? Usually these files are there.
The thing is I no longer can test this repo as I have deleted my whatsapp long ago otherwise it would have been a lot easier
Copy this code
import tarfile
tar = tarfile.open('whatsapp.tar')
names = tar.getnames()
filesToSearch = ['key', 'msgstore.db',
'wa.db', 'axolotl.db', 'chatsettings.db']
for file in filesToSearch:
for name in names:
if(file in name):
print(name)
tar.close()
input('\n\nPaused... Copy terminal now!')
and put in same directory where whatsapp.tar is saved. Create a flie named search.py paste this code in that file and run it.
Send me output.
Copy this code
import tarfile tar = tarfile.open('whatsapp.tar') names = tar.getnames() filesToSearch = ['key', 'msgstore.db', 'wa.db', 'axolotl.db', 'chatsettings.db'] for file in filesToSearch: for name in names: if(file in name): print(name) tar.close() input('\n\nPaused... Copy terminal now!')and put in same directory where whatsapp.tar is saved. Create a flie named
search.pypaste this code in that file and run it. Send me output.
I got this in terminal
apps/com.whatsapp/sp/keystore.xml apps/com.whatsapp/db/msgstore.db-shm apps/com.whatsapp/db/msgstore.db-wal apps/com.whatsapp/db/msgstore.db apps/com.whatsapp/db/wa.db-shm apps/com.whatsapp/db/wa.db-wal apps/com.whatsapp/db/wa.db apps/com.whatsapp/db/axolotl.db-shm apps/com.whatsapp/db/axolotl.db-wal apps/com.whatsapp/db/axolotl.db apps/com.whatsapp/db/chatsettings.db
I don't see any "path changes" of files. All are present where they need to. Talking of 'key' I can't say why it is not in output in your case. If key was to be in .ab file that has to show here in output. I am keeping this open of a month or so to see if others have same issue.
I have the same problem as both of them. But also i dont have success with --tar-only
For my understanding: The key should be auto-generated after installing the old WA-Version, correct? -> How does this work?
- Is there no need for the Phone-number-activation?
- Is there no need that Whatsapp really opens the Backup?
Else: Do you have another Idea how to open my msgstore.db.crypt12 ? Your mentioned https://github.com/Tkd-Alex/WhatsDump/ does not work on my side, but because it has problem with the SDK
And there is also this Repo: https://github.com/EliteAndroidApps/WhatsApp-Key-Generator
But I am not able to find out what he uses as account seed while he writes
Please do not raise any issues concerning what is used as the account seed. Figuratively speaking; you decide!
Thanks!
Old version is installed just to get backup permission. Nothing new is added or removed internally as per my understanding. Whatever is in there is pulled by this script. I really don't have any idea of absence of key. Maybe WA is making that key cloud based and is fetching from servers only when creating backup.
That key generator tool you mentioned "demonstrates" how WA generates the key. Seed on the other hand is unknown to anyone which makes is hard to regenerate/copy.
Stay healthy, Yuvraj Raghuvanshi.
-------- Original Message -------- On 3 Nov 2021, 10:27 pm, Tobias Meindl wrote:
I have the same problem as both of them. But also i dont have success with --tar-only
For my understanding: The key should be auto-generated after installing the old WA-Version, correct? -> How does this work?
- Is there no need for the Phone-number-activation?
- Is there no need that Whatsapp really opens the Backup?
Else: Do you have another Idea how to open my msgstore.db.crypt12 ? Your mentioned https://github.com/Tkd-Alex/WhatsDump/ does not work on my side, but because it has problem with the SDK
And there is also this Repo: https://github.com/EliteAndroidApps/WhatsApp-Key-Generator But I am not able to find out what he uses as account seed while he writes Please do not raise any issues concerning what is used as the account seed. Figuratively speaking; you decide!
Thanks!
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
I've got the same problem. All files are present, only the key is missing. Did you found any solutions @tobilektri, @Lavish883?
@1c3t3a
I've got the same problem. All files are present, only the key is missing. Did you found any solutions?
Nope, I'm sorry. I only have a opinion what the problem was in my case. I did an Android update and after that Whatsapp was not able to read it's own directory. Because of encrypted backups i was not able to restore them after a reinstallation.
Before reinstallation:
/storage/emulated/0/WhatsApp
After Reinstallation:
/storage/emulated/0/Android/media/com.whatsapp/WhatsApp
so in my case I'm sure that the problem was something with the access rights.
WhatsApp is not a secure service. I was the victim of some kind of hack on Whatsapp and my account was subsequently banned. I still do not know to this day what happened. I was in the process of blocking and reporting spammers when I got logged off of Whatsapp and have been unable to get back in. When I email Whatsapp I just get automated responses .
Anyway I thought it would be worth trying to obtain the encryption key as I wanted to decrypt the messages that are on my phone. I used the application WhatsApp-Key-DB-Extractor-master to try and obtain my encryption keys. However the only files I get back are axolotl and wa.
Would I be correct in saying that WhatsApp deletes your encryption key if you get banned from their service, or is it worth my time rooting my phone to get to the encryption key?
I thought it was some device specific issue but now I have a gut feeling that WhatsApp is moving database (and other files) to some different location. In Android /data/data/com.whatsapp is safest directory as per my knowledge. If WhatsApp is moving on from this then I believe they are moving these critical files to their own cloud somewhere, since GDrive is also not that safe to store key.
If that's the case then this entire project will be nothing more than error throwing python. Poor me, this repo is not even in GitHub's Arctic archive program and I'm implementing a GUI for it.
I am not sure about the banning situation but that is possible that they delete key and other data. I would advice against rooting your phone because it will erase everything in that process => No WhatsApp to pull data from. Also as I have mentioned above if key were to be there then my app would pull it. Its just that those files are no longer there for many users.
You may be correct about the key no longer being stored on the phone. Although an alternative and I think more likely explanation is that the key does stay on your phone but Whatsapp revokes or removes the key under certain circumstances. Most of the users on the following forum still appear to be able to gain access to the key: https://forum.xda-developers.com/t/tool-whatsapp-key-db-extractor-crypt6-12-non-root-updated-october-2016.2770982/page-35
I'm surprised Whatsapp can do this. I feel gutted that I no longer have access to my own personal data. Whatsapp should provide a means to access your information even if you are banned.
By rooting my phone would it delete the key in the process? It's an old phone which I don't care about. I'm only interested in obtaining the encryption key so I can read my messages. I would be willing to pay money to get my old messages back.
My app is based on the link you have shared.
These tech giants roll out updated to a small group then to a bigger one and since they have no limit on how much data constantly fetch from the users it is very easy for them to track what is going wrong with some feature for example.
WhatsApp shouldn't do this, I am also a strong believer that chats are the property of user and not the service providers'.
I am not sure about specific rooting process of every device but in almost all the cases rooting requires you to do a "format data" otherwise it would not even let to boot your phone. It has something to do with data encryption which is default on every Android.
What I can suggest is (though it is also risky) that if the bootloader is unlocked you install a custom recovery OS then you can access the data from within recovery. Though I am not sure if this also requires format data or not.
Stay healthy, Yuvraj Raghuvanshi.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, December 21st, 2021 at 12:13 AM, simonhough @.***> wrote:
You may be correct about the key no longer being stored on the phone. Although an alternative and I think more likely explanation is that the key does stay on your phone but Whatsapp revokes or removes the key under certain circumstances. Most of the users on the following forum still appear to be able to gain access to the key: https://forum.xda-developers.com/t/tool-whatsapp-key-db-extractor-crypt6-12-non-root-updated-october-2016.2770982/page-35
I'm surprised Whatsapp can do this. I feel gutted that I no longer have access to my own personal data. Whatsapp should provide a means to access your information even if you are banned.
By rooting my phone would it delete the key in the process? It's an old phone which I don't care about. I'm only interested in obtaining the encryption key so I can read my messages.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.***>
So you think there's still hope that I can obtain the encryption key? I think you said earlier the app would fetch all files that are in the directory where the encryption key should be, so that doesn't give me much hope.
I did try rooting my phone but found it too complicated and I'm worried I'll end up wiping the encryption key in the process. I think I'll just wait until a smart person such as yourself develops an app that can successfully fetch the encryption key, assuming the key is still on the phone.
I really have no idea what's going on with WhatsApp and until some developers on xda find it interesting enough to dig up new location of key I really can not do much as I do not have much expertise in such advanced analysis.
Yes. You can try with --tar-only flag to pull everything out not just those 5 files and search for key in that archive but others didn't have any luck with that also. Key is not there to begin with.
Rooting is complicated and I am sure that it will ask for data wipe, that should be last option. But if you root then you can search other directories that WhatsApp might be using other than /data/data/com.whatsapp.
The thing is that I have just re-written this project in python (originally it was in powershell, cmd, bash script). I did not invent this method, I have a general idea of why this works but I really do not have any other tricks up in my hat as a workaround.
Stay healthy, Yuvraj Raghuvanshi.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, December 21st, 2021 at 12:59 AM, simonhough @.***> wrote:
Thanks for your reply. So you think there's still hope that I can obtain the encryption key? I did try rooting my phone but found it too complicated. I think I'll just wait until a smart person such as yourself develops an app that can successfully fetch the encryption key, assuming the key is still on the phone.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.***>
On newer versions of Android media files are stored in Android/media/<package_name>. So saving app specific files in Android/data/<package_name> is also an option for apps. You can access that folder with adb command (for now at least). Connect phone get into shell by typing in 'adb shell' in cmd and navigate to folder using 'cd /sdcard/Android/data/com.whatsapp' and check there. Do let me know how it goes.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, December 21st, 2021 at 10:54 AM, Yuvraj Raghuvanshi @.***> wrote:
I really have no idea what's going on with WhatsApp and until some developers on xda find it interesting enough to dig up new location of key I really can not do much as I do not have much expertise in such advanced analysis.
Yes. You can try with
--tar-onlyflag to pull everything out not just those 5 files and search for key in that archive but others didn't have any luck with that also. Key is not there to begin with.Rooting is complicated and I am sure that it will ask for data wipe, that should be last option. But if you root then you can search other directories that WhatsApp might be using other than /data/data/com.whatsapp.
The thing is that I have just re-written this project in python (originally it was in powershell, cmd, bash script). I did not invent this method, I have a general idea of why this works but I really do not have any other tricks up in my hat as a workaround.
Stay healthy, Yuvraj Raghuvanshi.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, December 21st, 2021 at 12:59 AM, simonhough @.***> wrote:
Thanks for your reply. So you think there's still hope that I can obtain the encryption key? I did try rooting my phone but found it too complicated. I think I'll just wait until a smart person such as yourself develops an app that can successfully fetch the encryption key, assuming the key is still on the phone.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.***>
The old phone which I want to retrieve my WhatsApp messages is using Android 7 so there probably isn't any point using adb shell. I'm not familiar with the command prompt and I think the method you just described would involve rooting the phone and i'm not willing to do that yet as I may delete the key in the process, assuming its on the phone to begin with
It seems to me that when transferring whatsapp to another phone, the key on the old phone does not remain.
Hi guys, today I used a tool that extracted whatsapp messages. So it looks like the key is there, but with another name. It's not "key" file anymore, but obscured by name. I will let you know. The program that is able to retrieve messages is called "ULTDATA"
What if these people had the E2E backup activated? In that case key is encrypted_backup.key
I had the same problem that was solved when I found this link: . I guess the main step to resolve the problem is the 7 to 11. I will reproduce the comment bellow if the link not exists anymore:
- launch whatsappkeydbextract.bat file
- input y to reboot the device
- once rebooted, unlock it (you should not find your wa app anymore) and press any key in cw
- wait until the streamed install is done
- unlock again your phone
- prompted "wa has been updated" should be prompted in your phone, press continue
- search for wa in your phone and open it
- (a new prompt in your phone will say it's an outdated version of wa press ok, if it doesnt appear don't worry)
- press the adjust date and you will be sent to a date & time page, keep it open
- press any key in cw
- select the option you prefer at the command window
- select fullback up in your phone (without entering any password)
- restore wa press any key
- you made it as well
Can anyone help? Could not install WhatsApp... [INSTAL FAILED INVALID URI ]
install by running "restore_whatsapp.py" or manually installing from Play Store. However if it crashes then you have to clear storage/clear data from "Settings → App Settings → WhatsApp" -
-
If I clear the data, delete it and download the application again - I will lose all the data that I want to restore. Is that so?
-
but it extracts all files except the key. ??? Can't extract the key because of this crashing? Can the key simply not be there anymore due to the block of the account?
Any guesses? I will be grateful for your help)
I opened ! Who can not find the key - so you do not need it). Yes exactly ! If there is no key, then chats can simply be opened)
I did with "--tar-only" and got 4 folders ( db/f/r/sp )
Than open WhatsApp Viewer
Do not decrypt the file, just open the file > com.whatsapp\db\msgstore.db and below in "wa.db (optional)"> com.whatsapp\db\wa.db
if you have an error "It seems like you tried to open an older WhatsApp database. Please try to use an older version of WhatsApp Viewer." - follow these instructions: https://github.com/andreas-mausch/whatsapp-viewer/issues/151#issuecomment-1306391834
Good luck to all chat miners)
addition:
I don't know how I opened this database but I opened it without a key. On another computer, the WhatsApp viewer says that the database is encrypted... I don't know how I was able to open it...
- If I clear the data, delete it and download the application again - I will lose all the data that I want to restore. Is that so?
- but it extracts all files except the key. ??? Can't extract the key because of this crashing? Can the key simply not be there anymore due to the block of the account?
Any guesses? I will be grateful for your help)
Hello there u can contact me I can help u out but in private!
- If I clear the data, delete it and download the application again - I will lose all the data that I want to restore. Is that so?
- but it extracts all files except the key. ??? Can't extract the key because of this crashing? Can the key simply not be there anymore due to the block of the account?
Any guesses? I will be grateful for your help)
Hello there u can contact me I can help u out but in private!
If you have the files it shows in the logs "msgstore.db" and "wa.db" than you do not need any key at all. because these files are already decrypted! You just have to open them in the whatsappviewer. If they where encrypted the would have an other file extension like msgstore.db.crypt14 or msgstore.db.crypt15.
I get the same errors. I ran with the --tar-only argument to keep the tar file, but the script is correct, the files are indeed missing. I also noticed the script doesn't wait for the backup to end, seems like a funny racing condition. I wait a bit and then hit the "Backup" button. When it picks up on the backup correctly, it reflects in the backup size (much larger).
