How to Hack WhatsApp Messenger | Build WhatsApp API Client
Smartphones taking large part of our daily life, IM services like Whatsapp, iMessage, BBM, etc have emerged to be exchanging more messages every second. WhatsApp delivers more than 1 billion messages per day, but yet, its the most insecure way of communication.
As per a recent security analysis, WhatsApp is totally insecure way of communicating with friends.
WhatsApp Encryption
You will be surprised to know that until August 2012, messages sent through the WhatsApp service were not encrypted in any way, everything was sent in plaintext. That means if you were using Whatsapp on a public wifi, everything can be captured by anyone else sniffing ont he wireless network. The latest WhatsApp uses encryption but its this new encryption is broken. But still, phone number is sent out in plaintext.The local storage isn’t any different, you can checkout WhatsApp Database Encryption Project Report
WhatsApp API & Reverse Engineering
If you know XMPP, the same protocol used by facebook, GTalk, and several others, you can try your hands-on WhatsAPI, an API for WhatsApp messenger.WhatsApp uses customized XMPP server with proprietary extensions, named internally as FunXMPP.
1. WhatsApp Authentication / Login Mechanism
Just like any other XMPP, WhatsApp uses jabber id and password to login. The password is hashed, stored in servers upon account creation and used transparently everytime the client connects the server.
Its an incredibly horrible implementation. As researcher found out, the username is the user’s phone number – an attacker would probably already knows the victim’s number.
On Android, the password is a md5 hash of the reversed IMEI number:
$imei = "112222223333334"; // example IMEI
$androidWhatsAppPassword = md5(strrev($imei)); // reverse IMEI and calculate md5 hash
On iOS, the password is generated from the devices WLAN MAC address:
$wlanMAC = "AA:BB:CC:DD:EE:FF"; // example WLAN MAC address
$iphoneWhatsAppPassword = md5($wlanMAC.$wlanMAC); // calculate md5 hash using the MAC address twice
Both IMEI and MAC address are easily retrievable from devices if you
have physical access to it. MAC address is much easier to capture as you
can sniff on the wireless network to which iOS device is connected.The JID is a concatenation between your country’s code and mobile number.
Initial login uses Digest Access Authentication. You can try this for yourself:
https://r.whatsapp.net/v1/exist.php?
cc=$countrycode&in=$phonenumber&udid=$password
$countrycode = the country calling code
$phonenumber = the users phone number
(without the country calling code)
$password = see above, for iPhone use md5($wlanMAC.$wlanMAC),
for Android use md5(strrev($imei))
The response you would receive would be in XML, containing messages designated for your phone.2. Text Message communication
Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).
Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.
WhatsApp Privacy Leak
WhatsApp shares your contacts with the server, we all know that. But the way it is done is ridiculously insecure. It basically sends contact information as:https://sro.whatsapp.net/client/iphone/iq.php
?cd=1&cc=$countrycode&me=$yournumber&u[]=$friend1
&u[]=$friend2&u[]=$friend3&u[]=$friend4
The server response looks like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><array><dict><key>P</key><string>1234567890</string><key>T</key><integer>10817</integer><key>S</key><string>Some Status Message</string><key>JID</key><string>23xxxxxxxxx</string><key>NP</key><true/></dict></array></plist>
SHARE THIS POST
Subscribe to:
Post Comments (Atom)
![[FREE] Whatsapp Spy Software 2014](http://4.bp.blogspot.com/-02M8jApxJ-g/Uo-e8_Edz9I/AAAAAAAAABg/eFV6MRBCSrE/s72-c/download_now.png)
![Whatsapp Latest Hack [Release 2014]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uEfeobmDRXJdcjzn11Q1Ry2zC3dUN1sZRW_zToORjnFkXRVlqTolkbJAAh-v-z4L0MbxSU4WPzhOohMhohu63NBjJYVqieIT0Jgd0MlnyTCcQ)
What could be whatsapp password when I am using it from an android tablet
ReplyDeleteLEGIT FULLZ & TOOLS STORE
DeleteHello to All !
We are offering all types of tools & Fullz on discounted price.
If you are in search of anything regarding fullz, tools, tutorials, Hack Pack, etc
Feel Free to contact
***CONTACT 24/7***
**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wicker me > peeterhacks
"SSN LEADS/FULLZ AVAILABLE"
"TOOLS & TUTORIALS AVAILABLE FOR HACKING, SPAMMING,
CARDING, CASHOUT, CLONING, SCRIPTING ETC"
**************************************
"Fresh Spammed SSN Fullz info included"
>>SSN FULLZ with complete info
>>CC With CVV Fullz USA
>>FULLZ FOR SBA, PUA & TAX RETURN FILLING
>>USA I.D Photos Front & Back
>>High Credit Score fullz (700+ Scores)
>>DL number, Employee Details, Bank Details Included
>>Complete Premium Info with Relative Info
***************************************
COMPLETE GUIDE FOR TUTORIALS & TOOLS
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
"FRAUD BIBLE"
"TOOLS & TUTORIALS LIST"
=>Ethical Hacking Ebooks, Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Fraud Bible
=>RAT
=>Keylogger & Keystroke Logger
=>Whatsapp Hacking & Hacked Version of Whatsapp
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Premium Logs (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc.)
*Serious buyers will always welcome
*Price will be reduce in bulk order
*Discount offers will gives to serious buyers
*Hope we do a great business together
===>Contact 24/7<===
==>Telegram > @leadsupplier
==>ICQ > 752822040
==>Skype > Peeterhacks
==>Wicker me > peeterhacks
Non
ReplyDelete
ReplyDeleteI got access to my husband’s mobile phone through the help of Mr James (Worldcyberhackers) on Gmail or WhatsApp:+12678773020 . He helped me in Hacking my husband’s iPhone and I got all his text messages. I’m so sad he is cheating on me. I’m sending all evidence to my lawyer. Thank you Mr James.
This comment has been removed by the author.
ReplyDeleteHello Everyone !
ReplyDeleteUSA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
If you think your spouse is cheating, and you need to hire a real hacker to remotely monitor / hack their phone, recover your stolen bitcoin / any other cryptocurrency, or hack a database and clear bad records with guaranteed privacy, contact easybinarysolutions@gmail.com or whatsapp: +1 3478577580, they are efficient and confidential.
ReplyDelete**SELLING SSN+DOB FULLZ**
ReplyDeleteCONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)
*Will reduce price if buying in bulk
*Hope for a long term business
FORMAT OF LEADS/FULLZ/PROS
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
>Fresh Leads for tax returns & w-2 form filling
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY
''OTHER GADGETS PROVIDING''
>SSN+DOB Fullz
>CC with CVV
>Photo ID's
>Dead Fullz
>Spamming Tutorials
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
THANK YOU
WhatsApp API
ReplyDeleteWe provide best WhatsApp API services across India. Send promotional Bulk SMS Marketing or buy WhatsApp Bulk Marketing Software to grow your business with Mart2global.
LEGIT FULLZ & TOOLS STORE
ReplyDeleteHello to All !
We are offering all types of tools & Fullz on discounted price.
If you are in search of anything regarding fullz, tools, tutorials, Hack Pack, etc
Feel Free to contact
***CONTACT 24/7***
**Telegram > @leadsupplier
**ICQ > 752822040
**Skype > Peeterhacks
**Wicker me > peeterhacks
"SSN LEADS/FULLZ AVAILABLE"
"TOOLS & TUTORIALS AVAILABLE FOR HACKING, SPAMMING,
CARDING, CASHOUT, CLONING, SCRIPTING ETC"
**************************************
"Fresh Spammed SSN Fullz info included"
>>SSN FULLZ with complete info
>>CC With CVV Fullz USA
>>FULLZ FOR SBA, PUA & TAX RETURN FILLING
>>USA I.D Photos Front & Back
>>High Credit Score fullz (700+ Scores)
>>DL number, Employee Details, Bank Details Included
>>Complete Premium Info with Relative Info
***************************************
COMPLETE GUIDE FOR TUTORIALS & TOOLS
"SPAMMING" "HACKING" "CARDING" "CASH OUT"
"KALI LINUX" "BLOCKCHAIN BLUE PRINTS" "SCRIPTING"
"FRAUD BIBLE"
"TOOLS & TUTORIALS LIST"
=>Ethical Hacking Ebooks, Tools & Tutorials
=>Bitcoin Hacking
=>Kali Linux
=>Fraud Bible
=>RAT
=>Keylogger & Keystroke Logger
=>Whatsapp Hacking & Hacked Version of Whatsapp
=>Facebook & Google Hacking
=>Bitcoin Flasher
=>SQL Injector
=>Premium Logs (PayPal/Amazon/Coinbase/Netflix/FedEx/Banks)
=>Bitcoin Cracker
=>SMTP Linux Root
=>Shell Scripting
=>DUMPS with pins track 1 and 2 with & without pin
=>SMTP's, Safe Socks, Rdp's brute
=>PHP mailer
=>SMS Sender & Email Blaster
=>Cpanel
=>Server I.P's & Proxies
=>Viruses & VPN's
=>HQ Email Combo (Gmail, Yahoo, Hotmail, MSN, AOL, etc.)
*Serious buyers will always welcome
*Price will be reduce in bulk order
*Discount offers will gives to serious buyers
*Hope we do a great business together
===>Contact 24/7<===
==>Telegram > @leadsupplier
==>ICQ > 752822040
==>Skype > Peeterhacks
==>Wicker me > peeterhacks
Balıkesir
ReplyDeleteBursa
Mersin
Konya
Van
GTGXM
van
ReplyDeleteerzincan
sivas
ağrı
manisa
7İPC1T
elazığ
ReplyDeleteerzincan
bayburt
tunceli
sakarya
PYQ0K
whatsapp görüntülü show
ReplyDeleteücretli.show
TQQ
görüntülü.show
ReplyDeletewhatsapp ücretli show
PLR
ankara parça eşya taşıma
ReplyDeletetakipçi satın al
antalya rent a car
antalya rent a car
ankara parça eşya taşıma
İV8EH
0AE75
ReplyDeletedeca durabolin for sale
buy sustanon
buy clenbuterol
winstrol stanozolol for sale
buy peptides
order testosterone propionat
trenbolone enanthate for sale
testosterone propionat
sarms
F5904
ReplyDeleteBingöl Şehir İçi Nakliyat
Kilis Parça Eşya Taşıma
Gümüşhane Şehir İçi Nakliyat
Ankara Şehirler Arası Nakliyat
Hatay Şehir İçi Nakliyat
Kırklareli Şehirler Arası Nakliyat
Çorum Parça Eşya Taşıma
Çankaya Fayans Ustası
Iğdır Şehirler Arası Nakliyat
28B08
ReplyDeleteBatman Ücretsiz Sohbet
Antalya Sesli Sohbet Mobil
muğla sesli sohbet
kayseri rastgele görüntülü sohbet ücretsiz
Erzurum Ucretsiz Sohbet
konya mobil sohbet odaları
ücretsiz sohbet siteleri
Diyarbakır Ucretsiz Sohbet
kars rastgele sohbet
994AF
ReplyDeletehatay rastgele sohbet
Çanakkale Ücretsiz Görüntülü Sohbet
parasız görüntülü sohbet
hatay canlı sohbet et
şırnak canlı sohbet
balıkesir sesli sohbet uygulamaları
balıkesir sesli sohbet odası
Çankırı Sohbet
parasız sohbet siteleri
22DDE
ReplyDeleteElazığ Ücretsiz Sohbet
bingöl sesli mobil sohbet
sohbet
Osmaniye Sohbet Uygulamaları
yalova sesli sohbet
Siirt Kadınlarla Sohbet Et
parasız sohbet siteleri
Çanakkale Ücretsiz Sohbet Sitesi
tunceli canlı sohbet ücretsiz
82848
ReplyDeleteordu bedava görüntülü sohbet sitesi
sakarya nanytoo sohbet
Antalya Sohbet Uygulamaları
konya sesli sohbet odası
Hakkari Sesli Sohbet Uygulamaları
Hakkari Parasız Görüntülü Sohbet
Amasya Kızlarla Rastgele Sohbet
Kastamonu Görüntülü Sohbet Uygulamaları Ücretsiz
ısparta en iyi sesli sohbet uygulamaları
B6570
ReplyDeleteBinance Referans Kodu
Btcturk Borsası Güvenilir mi
Pi Network Coin Hangi Borsada
Binance Referans Kodu
Binance Hesap Açma
Pitbull Coin Hangi Borsada
Coin Madenciliği Siteleri
Parasız Görüntülü Sohbet
Kripto Para Nasıl Üretilir
120FB
ReplyDeletetrust
wallet ledger
ledger live
ledger live app
bitbox
ellipal web
dcent wallet
wallet avax
desktop ledger live