Decrypt and extract your whatsapp database

Instructions on how to extract your WhatsApp data from the stored encrypted backup.

February 11, 2017 - 2 minute read -
#data #social #hack

Whatsapp

Steps to get your whatsapp data in decrypted form-

  1. Download the Crypt Key Extractor  from WhatCrypt homepage or you can download it from their github repository directly.
    Prerequisites-
    1. O/S: Windows Vista, Windows 7, Windows 8, Windows 10, Mac OS X or Linux
    2. Java - If not installed: https://www.java.com/en/download/
    3. ADB (Android Debug Bridge) Drivers: Check out my post
    4. Android device with Android 4.0 or higher.
    5. USB Debugging must be enabled on the target device.
      Settings -> Developer Options -> (Debugging) USB debugging
      If you cannot find Developer Options then please go to:
      Settings -> About phone/device and tap the Build number multiple times until you’re finally declared a developer.
  2. Extract WhatsApp-Key-DB-Extractor-master.zip maintaining the directory structure.
  3. Click on WhatsAppKeyDBExtract.bat (Windows) or WhatsAppKeyDBExtract.sh (Mac OS X / Linux).
    Or go to the extracted folder via terminal and run the file as
    sh WhatsAppKeyDBExtract.sh
    Some things to keep in mind for this step-
    • This step uses the internet to download a legacy version of WhatsApp (2.11) to install on your phone. So make sure your PC is connected to the internet before running it.
    • Make sure there is no overlay active on your phone like Twilight or Blue Light Filter, as these will not allow you to click on Back up my data.
  4. Connect your device via USB, change the mode from charging to media, unlock your screen and wait for Full backup to appear.
  5. Enter your backup password or leave blank (if none set) and tap on Back up my data. This step takes some time depending on the size of your data. So be patient.
  6. Confirm backup password in your command console and then check your extracted folder. You will find many files there- axolotl.db, chatsettings.db, msgstore.db, wa.db, whatsapp.cryptkey.
  7. All these .db files are Sqlite databases in unencrypted form. Use a database viewer like DB Browser for SQLite to see the data.


References

WhatCrypt
EliteAndroidApps/WhatsApp-Key-DB-Extractor - Github
DB Browser for SQLite