The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:https://github.com/ddz/whatsapp-media-decrypt …
-
-
What I found corresponds to the excerpt in the security design whitepaper Ivan screenshotted and posted below. The SHA256 of the .enc file as well as the key are stored in the sqlite file after being received from an encrypted message. My tool retrieves them and decrypts file.
- Još 2 druga odgovora
Novi razgovor -
-
-
It looks like the encryption media key is in the second argument of that tool cmdline that is not in the filename.
-
Yep, it is. Sorry, I could have made the documentation a little clearer about that.
Kraj razgovora
Novi razgovor -
-
-
he extracts encryption key from ChatStorage.sqlite db on the device.
-
Ah, indeed. I expected this would be the case, but ended up misreading. Thanks.
@marver - Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.