The 2nd video of the « DON’T USE WHATSAPP » series is out. This video is showing how you can get the deleted WhatsApp messages with only 10 lines of codehttps://youtu.be/m9WKtL8KLSQ
-
Show this thread
-
This proof of concept is able to get: - The content of the message - The sender phone number - The message ID The app is coded in Kotlin, I will probably release the code in a few days
11 replies 14 retweets 128 likesShow this thread -
Replying to @fs0c131y
Does the app not require root? Your previous exploit in video 1 required root, which can be flagged by Android SafetyNet. Just asking out of curiosity, as if I were a whatsapp developer, that would be the first thing I would do to address your exploit. However, it sucks that as
2 replies 0 retweets 1 like -
Replying to @_bha1
Yes, this is video is the POC of the 1st video. By the way, you can bypass SafetyNet
1 reply 0 retweets 4 likes -
so you're parsing the /data/data/com.whatsapp/files/Logs/whatsapp.log file? Only those with root access will be affected, they are exposing themselves to these kind of attacks. WhatsApp also logs the Name + Receiver phone # in Logcat: https://bpaste.net/show/093373bfe68d …
1 reply 0 retweets 0 likes -
Replying to @konrad_it @_bha1
No, in this POC I’m parsing the msgstore.db-wal file
1 reply 0 retweets 0 likes -
that still requires root, right?
1 reply 0 retweets 0 likes
I answered to this question in this discussion...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.