Monday, 25 August 2014

Cracking "WhatsApp Message Database"

No comments:

Cracking Whatsapp  Message Database




Download This
- WhatsApp Backup Messages Extractor for Android and iPhone


Tested with Whatsapp (Android) 2.7.5613
Tested with Whatsapp (iPhone)  2.5.1

Last Update on May 7th, 2012 (v2.1)

------------------------

HOW TO USE:
(see also the thread at xda-dev: http://forum.xda-developers.com/showthread.php?p=24603294 )

1. You need to copy the whatsapp database. 

On Android, either get this file:

/sdcard/WhatsApp/Databases/msgstore.db.crypt
(crypted database on SD card, can be created by starting backup from whatsapp advanced settings: settings - more - Backup Chats)

or these files:
/data/data/com.whatsapp/databases/msgstore.db and wa.db
(for this you need root access. detailed instructions in the bottom of this file. the advantage is that the corresponding contact names of phone numbers will be displayed.)

On IPhone, get this file:

net.whatsapp.WhatsApp/Documents/ChatStorage.sqlite
(You can use an Iphone Backup Tool to get the file, e.g. I-Twin or Iphone Backup Extractor. Make sure to create an unencrypted backup with Itunes, as these tools can't handle encrypted backups. Another possibility are forensic tools like UFED Physical Analyzer.)

2. Extract this archive (Whatsapp_Xtract....zip) to a certain folder on your computer, e.g. C:\WhatsApp.

3. Copy the database(s) to e.g. C:\WhatsApp (on Android, you simply copy the whole folder WhatsApp on SD card to your computer e.g. to C:\WhatsApp and then copy the database file from C:\WhatsApp\Databases to C:\WhatsApp)

4. You need Python and (for Android msgstore.db.crypt decryption) the PyCrypto library

The easiest way is to install ActivePython (on Windows choose 32bit version even if you have 64bit windows): 
http://www.activestate.com/activepython/

and then (for PyCrypto) run install pyCrypto.bat (contained in this archive)
(pyCrypto.bat will execute: pypm install pycrypto)

5. Now run whatsapp_xtract_android.bat or whatsapp_xtract_android_crypted.bat or whatsapp_xtract_iphone.bat 

OR simply drag and drop the database file(s) to whatsapp_xtract_drag'n'drop_database(s)_here.bat

OR run whatsapp_xtract_console.bat and then manually specify the input file with one of these commands:

COMMAND LINE OPTIONS:

For Android DB:
python whatsapp_xtract.py -i msgstore.db -w wa.db
OR (if wa.db is unavailable)
python whatsapp_xtract.py -i msgstore.db
OR (for crypted db)
python whatsapp_xtract.py -i msgstore.db.crypt

For iPhone DB: (-w option is ignored)
python whatsapp_xtract.py -i ChatStorage.sqlite

Once finished, your browser will open and show the chats. 

The resulting file size of the .html file will be slightly bigger than the size of the .db database. 

------------------------

Some Additional Information


SQLITE Editor

You also can open the "msgstore.db" and "wa.db" using SQLite Database Browser ( http://sqlitebrowser.sourceforge.net/ ). 
However it is much more confusing and the messages are ordered by date, not by conversations. Also you won't see the smileys and media files...

~

MEDIA FILES

If you want to watch the videos, audios and images, you can click on the thumbnails and media links. Popups should open displaying the media. 
However, online media files are available only for the last ~ 3 weeks. 
But you still can open the offline media files, they are linked as well. 
For this it is necessary to copy the folder "Media" from /sdcard/Whatsapp (Android) or net.whatsapp.WhatsApp (Iphone) to the certain folder of your computer where this tool is installed.

~

ROOT ACCESS TO UNENCRYPTED WHATSAPP DATABASE (Android version only)

If you want to have the contact names displayed and not only phone numbers, then (Android version only) you need the file wa.db from the internal storage. 

For that you need to get access to the folder 
/data/data/com.whatsapp/databases
For that you need root access.
For rooting, the tool Superoneclick Root might be useful:
http://forum.xda-developers.com/showthread.php?t=803682

Then you can copy the files "msgstore.db" and "wa.db" to your computer by

- using the App RootExplorer (first copy to SD, then mount phone to computer)
- or using adb: open cmd and type "adb pull /data/data/com.whatsapp/databases/msgstore.db C:\Whatsapp" (replace C:\Whatsapp by the location of the certain folder of your computer)
- or using the app Titanium Backup. Use Titanium Backup to backup the full whatsapp application together with its data, copy the backup from the folder "TitaniumBackup" on the SD card to your PC, then extract the files "wa.db" and "msgstore.db" that you will find inside the Titanium Backup archive "com.whatsapp-[Date]-[some digits].tar.gz" to the certain folder.
- or using some app like AirDroid or Webkey to access files over wifi using the PC webbrowser

Sharing Is Caring
Please share if you like it.



Read More

Friday, 15 August 2014

Independence Day Gift.....

No comments:

Independence Day Gift


Hey guys it's Independence day so here's a small token of gift...

25,000  SQL DORKS

                     25k SQL dorks


Download Here


A special Thanx To Lucky Bhai & Indishell For It..... 
Read More

Facebook Auto Logout Feature

No comments:

Facebook AutoLogoutFeature/Fun/Bug


Just while surfing around found this interesting and thought of sharing it.

  1. Make any note with any name & with any text in it, make the privacy to public
  2. Then copy note URL:-https://www.facebook.com/dialog/sha...RL&locale=en_GB&next=https://www.facebook.com
  3.  (replace your note link with the above links YOUR_NOTE_URL)
  4. Open the new link in a new tab, it will ask you for share the note in your time-line, Click share.
  5. Now edit your note & delete everything in it and paste the below snippet.
  1. <img src="https://www.facebook.com/n/?logout.php&medium=email&mid=a4986bbG5af4d7fd6e6dG0G114G12e9d8e3"/></img> 

 Now save & done...


Now whoever will visit your profile will get logged out . Mostly, your friends who are subscribed to you or can see your posts in news feeds will get logged out too.

Happy log-outing till they fix it :] 


Read More

Happy Independence Day

No comments:
Happy Independence Day





[+] To all my Indians Happy Independence Day.
[+] Jai Jawan Jai Kisan
[+] Jai Hind 
[+]    _/\_

Read More

Tuesday, 12 August 2014

Project Zero - A Team of Star-Hackers Hired by Google to Protect the Internet

No comments:

Project Zero - A Team of Star-Hackers Hired by "Google" to Protect the Internet





Today Google has publicly revealed its new initiative called “Project Zero,” a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet.

A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise Project Zero is a dedicated team of top security researchers, who have been hired by Google to finding the most severe security flaws in software around the world and fixing them.

PROTECT ZERO vs ZERO-DAY
Project Zero gets its name from the term "zero-day," and team will make sure that zero-day vulnerabilities don't let fall into the wrong hands of Criminals, State-sponsored hackers and Intelligence Agencies.
"Yet in sophisticated attacks, we see the use of "zero-day" vulnerabilities to target, for example, human rights activists or to conduct industrial espionage." Chris Evans said, who was leading Google’s Chrome security team and now will lead Project Zero.
Zero-day vulnerabilities could give bad actors the power to completely control target users’ computers, and in such scenario - no encryption can protect them.

RECRUITMENT OF STAR HACKERS
Google has already recruited some hackers at Project Zero:
  • Ben Hawkes - an independent researcher from New Zealand, and well known for discovering dozens of bugs in software like Adobe Flash and Microsoft Office.
  • George Hotz - best known for hacking Sony PlayStation 3, cracking iPhone and Google's Chrome browser.
  • Tavis Ormandy - working as an Information Security Engineer at Google and known for discovering lots of critical zero-day vulnerabilities in various softwares.
  • and many more..
Main objective of the Project Zero is to significantly reduce the number of people harmed by targeted attacks.
"We're hiring the best practically-minded security researchers and contributing 100% of their time toward improving security across the Internet." Chris added.
TEAM WORK
However, they are not restricted to finding bugs in Google's products only, rather they can choose targets by themselves strategically, but possibly team would majorly focus on the softwares that relied upon by a significant number of people. Flaw hunting and reporting process will be as mentioned below:
  1. Google will report flaws to vendors
  2. The Project Zero team will hunt for zero-day vulnerabilities in Popular Software's.
  3. Google will release full vulnerability disclosure only when the vendor issues a patch for it.
  4. Every bug will be filed transparently in an external database.
"We'll use standard approaches such as locating and reporting large numbers of vulnerabilities. In addition, we'll be conducting new research into mitigations, exploitation, program analysis—and anything else that our researchers decide is a worthwhile investment." Chris said.
Google is looking forward to grow their team of security experts and is making every effort to dedicatedly contribute to the Info sec Community.
Read More