WhatsApp Extract Password From Android

This post is only for people who knows and use Yowsup and or its derivatives.Please do not send email/ comment asking how to use it for getting whats app on desktop. Just search it you will find it.

If you find below process too much to take and you have xposed framework installed you could try WhatsPwd as well

I was looking into an interesting  project MissVenom which use classic MITM to sniff the registration traffic to get the whatsapp password. If you wondering why I need a password for whatsapp, you shouldn’t be here. Unfortunately MissVenom will not working with new and future versions of android whatsapp (because  they have implemented server cert validation which makes ssl mitm to fail.). So I de-compiled whatsapp and started analyzing smali. I must say whatsapp devs spent some huge time or money to obfuscate the code Its pretty tough job.I thought I just have to figure out the place where they deserialize the magic ‘pw’ files and reverse the algorithm. When i looked into the actual algorithm its is pretty much complex with multiple encryption, and its very hard to figure out the seeds. Then i figured out a simple way why cant i just output the decrypted password and live with it. For this you need a rooted device to install the modified apk in case you  want to switch back to the original whatsapp.

So I used a very useful smali library IGLogger to simplify my life.so i edited the whatsapp smali, added a logcat out with password bytes.Then I recompiled apk and installed on to my device  and watch logcat . When you start whatsapp you will get a log cat entry like

 

in the new version I have changed logcat TAG to WhatsPwd so the logcat will be like

 

the ‘xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx’ you are seeing is your password in hex bytes, in order to use in yowsup u will need to encode it in base64 you could use Online Tool . provide it to your client you are good to go.

Notes

  • Whats app wont allow multiple session so you will have to kill whatsapp running in you phone to use your other client.
  • Use any backup tool to backup your data before you do anything. I highly recommend titanium backup.

Steps to install modified apk without loosing data

  1. Backup your app and data using titanium backup
  2. uninstall whatsapp
  3. install modified apk
  4. do not open the whatsapp. go to titanium backup and restore whatsapp backup we created on step 1 . Make sure you “Restore Data”  and DO NOT RESTORE APP
  5. start app and watch logcat
  6. once you got the password you can restore the app if you don’t want your password in your log cat whenever you start whats app.

  • ikab

    Excellent!
    But I have another doubt, How I can get my Identity?

    • kii

      My android is 2.3.5,but i cannot get the password,what’s your version?

      • maxters

        probably this wont work on some older version, they might have diffrent apk

        • T

          You just need to change the lines in iGLogger.java which contain android.util.Log.wtf to android.util.Log.d/e/…
          This is the problem for Android 2.x

          I would really like that!

    • maxters

      your id is your mobile number with country code

  • Joel

    very helpful. worked wonderfully. thanks a lot!
    Im just hoping your “disqus” thing in the comments doesnt sends spam….

  • Jokerulez

    I was tryin to connect from pidgin using the pass extracted but it doesn’t work. Any suggestion?

    • maxters

      hmmm… which plugin are you using for whatsapp. I was able to get it partially working with plugin from http://davidgf.net/page/39/whatsapp-on-your-computer:-pidgin-plugin .
      peer to peer messaging is fine but group messaging is having issue.
      Which version of whatsapp you are using?

      • Jokerulez

        well, I download the davidgf nightly few hours ago from http://davidgf.net/nightly/whatsapp-purple/x64/last-whatsapp.so
        I’m on a fedora 20 x64 and it say “server closed connection”.
        Is there any way I can check the password is the right one? I don’t know, some test script to check log from server or something similar?
        Is it also possible there is something wrong using at the same time PC and Smtarphone? I never had a connection established.
        .

        • maxters

          could you tell me which method are you using ? using the apk in the above post or WhatsPwd app? whatsapp pwd is very specific to whats app version

          • Jokerulez

            I’m using strictly the instructions into the post above including the backup part and the app you provided.

            EDIT: It works now, there was an error in my base64 password.

            Thank you to help.

  • Question

    Hello maxters.
    How can I make a Kernel with external wifi compatibility for lg g2?

  • Silvestre

    Thanks!
    This help me a lot!

  • Moisés

    with the new release this modified apk does not work anymore, any chance to make with the new one?

    Or even better, a tutorial of how to do it, cause i really tried, but the app crashes when i add
    invoke-static {}, Liglogger;->d()I
    to the code

    • Justin

      is there any compiled version of logger? not sure how / where to compile it from…

  • bazzer

    Thanks!
    This work, also with latest verson!

    Good Job, Man…

    • Question

      can you please upload our sent apk to me?
      that would be realy nice.
      Thanks

      • cruzer

        link is already there… yes the app will crash with the new release but catlog info is still good.

      • Shail

        orignal APK Link has signed-mo file which is no longer supported and as soon as i start whatsapp server rejects the application stating that this version has expired in Mar, 2014, is there any new signed-mo / modified file there after??

  • andihandih

    good way to come to the password. i have the problem that i have big problems rooting my old s1 … so i cant use this tutorial in that way… iam working now on a solution doing this steps on a android emulator. i think should be possible to get the pw easier with a emulator which allows you to define a phonenumber and the IMEI. what you think about this idea?

    • vinay

      Hi, have you succeded ? I’m trying the same. Please share your progress

  • Bluebrain

    Thanks a lot for your hard work! Looks like this did cost you some hours.
    Followed your instructions and I was able to fetch the password via logcat.
    WhatsApp crashes instantly after starting but the password is still shown in logcat. (and this is all I was interested in)

    • Hiram Jerónimo Pérez Guzmán

      can you share your apk pls?

      • Julio

        Still working?

    • mahson

      Hi dear, Please share it….

  • Waving Yapper

    Thanks a lot it worked for me
    Just 1 last Question
    Will by Whatsapp account get blocked if I switched too frequently between Pidgin and my phone

  • Abhinavreddy

    Can you recompile the new version of apk with password logger , if it doesn’t take time from your previous experience, old apk doesn’t work anymore, it stops with ‘unable to connect to internet’. Where should i start looking for in the smali code any pointers is really appreciated.

    • maxters

      I have updated with latest whats app version 2.11.261, can you check

      • Abhinavreddy

        Awesome !!, worked like a charm , kudos to your work and your reply . I used an emulator instead of a rooted device , using adb backup and adb restore ( needed to match signatures). However yowsup is not working i suppose , though it worked with pidgin plugin you mentioned in earlier comment , no issues we could use c++ too : ) , thanks again .

        • maxters

          🙂

  • Pingback: WhatsApp PasswordLogger Apk Updated to Latest Version 2.11.261 | Maxters Inc()

  • xvilo

    It is not working anymore… How to change the newest .APK?

  • i can see my password in hex bytes. but i can’t decode it, how can i know my password in plain text ?

    • ok.. it’s work using yowsup-cli.. still figuring out how to login use pidgin.

    • ok.. just copy paste password in base64 format to pidgin… and it’s workssssss…
      awesome 😀

  • yazeed44

    Hi , thank you verrrry much for this tool

    i just register to thank you

    thank youuu

    • John

      Hi, How do you watch the Logcat, Im not getting it

  • Vaibhav

    hey now its not working. pls update whatspwd

  • ongair_

    Really nice tutorial. Unfortunately I get the message that This version of WhatsApp tied to this apk expired on October 9th 2014 (on the 15th September 2014).

  • Tazman

    Hi Everyone, Im a newbie in Logcat things, where do I watch the logcat, i managed to install the WhatsApp after having backep up my data, upon starting WhatsApp I was looking for the Logcat, pls help. Thanks

    • Guilherme

      Hello Tazman, u’had success trying that? My whatsapp saying this apps it to old and asking me to update

  • Ftovalle

    Hi! Anybody knows if the password method has changed? I was able to get the password 3 months ago, but I can’t do it today… 🙁

  • asdf