martes, 6 de noviembre de 2012

Know your WhatsApp password on Windows Phone

Everybody knows WhatsApi and derivatives thereof to use WhatsApp without a smartphone. The password which is used for Android is based on the device IMEI and the WiFi MAC address for iPhone. I wondered how it works on Windows Phone and here I expose my results.

The first was obtain the libraries WhatsApp.dll and WhatsAppCommon.dll from the phone just as I did with the database in my previous post (in spanish). 

With the DLLs in the PC I launched a .Net decompiler to take a look at the code. There are several such applications as ILSpyCCI Explorer.Net Reflector...

Inside WhatsApp.dll we find a method called CheckCode(string) of the EnterCode class in the WhatsApp.verify namespace.

We can watch that one of the WebRequest parameters (text) is the password we're looking for. We see that it's made by obtaining the DeviceUniqueId to send it later to the ToPassword method found in WhatsAppCommon.dll.

From ToPassword it calls the GetHashString method of the MD5Core class based on Silverlight MD5Core.

To go faster I decided to make an application to generate the password through importing the libraries. To use these DLLs in Visual Studio you must unblock them before. How to: Use an Assembly from the Web in Visual Studio. How to: Use an Assembly from the Web in Visual Studio.

The following code was enough to get the password and try:

txtPass.Text = ((byte[])Microsoft.Phone.Info.DeviceExtendedProperties.GetValue("DeviceUniqueId")).ToPassword();

Also I added a button that would allow me to copy the key for further testing.

And now we make a request to the Whatsapp server to verify if it's correct or not ...

¡Jackpot! status="ok"

Let's try from WhatsApi but before we must modify the encryptPassword function of the whatsprot.class.php file to avoid a password change after introduce ours in whatsapp.php.


I hope it will be helpful.

1 comentario:

arathael dijo...

Éste método sigue funcionando para WP8 y la versión 2.11.x ?

Leí que para los protocolos de generación de password en Android y iOS únicamente se generaba un hash MD5 del MAC address o IMEI del dispositivo, pero una vez que esto fue divulgado, los protocolos cambiaron.