WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc.
WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2, crypt5, crypt7, crypt8 to encrypt all the data so that no one could read the messages from the database file. But those very same files can be easily decrypted without a key.
Steps to Perform WhatsApp Database Extraction With Android
Step 1: To use adb, first we need to enable the USB Debugging feature under Setting -> Developer options on the device.
Step 2: From the command prompt, we can initiate the connection with the android device with ‘adb devices’ command.
Step 3: Download any WhatApp version between 2.11.4xx range and degrade your preinstalled WhatsApp by installing it using the command as shown below.
NOTE: Here you are overwriting your WhatsApp application with older one. Once installation is done you will always receive an error as it is an older version of WhatsApp.
Step 4: Using ‘adb backup’ create a backup file named ‘whatsapp.ab’ from the WhatsApp package that is entitled as “com.whatsapp” on the android devices.
The ‘.ab’ file extension which is shown in the below image is associated with the Google’s Android Debug Bridge (adb) command line utility which is circulated as a part of Google Android SDK that allows the developers to communicate with the android phones through cables. A ‘.ab’ file stores the backup of the device comprising of apps, system data, system settings etc.
NOTE: If any no backup is generated or any error occurs then, go to whatsapp à select ‘settings’ à select ‘chat’ à select ‘backup option as back up on local device’ à Then select ‘Backup’ and wait for the backup to get completed.
Step 5: Select ‘Back Up My Data’ option on your android device and keep password field blank.
Step 6: Now, a ‘whatsapp.ab’ file is created as shown below:
Step 7: ‘abe.jar’ is a utility used to extract and repack the android backup files that are created with the ‘adb backup’ command. We will now extract the ‘whatsapp.ab’ file and name the extracted file as ‘whatapp.tar’ where ‘.tar’ is the archived file containing many other files.
Step 8: Once ‘whatsapp.tar’ file is created, then extract it with WinRAR (or ‘tar -x’ command in Linux).
Step 9: After extraction completes, a folder named ‘whatsapp’ is created and following are contents of that folder shown in image.
Step10: We are only interested in ‘msgstore.db’ and ‘wa.db’ file. Use a utility called ‘Whatsapp Viewer’ and give the path of ‘msgstore.db’ and ‘wa.db’ as shown below.
Here ‘msgstore.db’ stores all the messages along with attachments and ‘wa.db’ stores all the information related to the contacts.
NOTE: IOS whatsapp database extraction commands are different than that of android. Also after doing the above process, user has to upgrade his WhatsApp from Playstore in order to use it again.
Step 11: Below Screenshot, shows you will see all the chat messages, that were extracted from the database.
( The post has been translated into Italian with explicit permission of Network Intelligence )
Source: Decrypting the WhatsApp Database